By Topic

A Web Page Malicious Code Detect Approach Based on Script Execution

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Zhi-Yong Li ; Sch. of Inf. Sci. & Technol., Beijing Inst. of Technol., Beijing, China ; Ran Tao ; Zhen-He Cai ; Hao Zhang

Web page malicious code detection is a crucial aspect of Internet security. Current Web page malicious codes detection work by checking for ¿signatures¿, which attempt to capture (syntactic) characteristics of the known malicious codes. This reliance on a syntactic approach makes such detectors vulnerable to code obfuscations, increasingly used by malicious codewriters, which alter syntactic prosperities of the malicious code without affecting their execution behavior significantly. This paper takes the position that the key to Webpage malicious code lies in their execution behavior. It proposes a script execution behavior feature based framework for analyzing propose of malicious codes and proving properties such as soundness and completeness of these malicious codes. Our approach analyses the script and confirms the script which contains malicious code by finding shell code, overflow behavior and hidden hyper link. As a concrete application of our approach,we show that the script execution behavior based Webpage malicious code detector can detect many known malicious code but also the newest malicious code.

Published in:

Natural Computation, 2009. ICNC '09. Fifth International Conference on  (Volume:6 )

Date of Conference:

14-16 Aug. 2009