Netinfo Security ›› 2015, Vol. 15 ›› Issue (10): 1-7.doi: 10.3969/j.issn.1671-1122.2015.10.001

    Next Articles

Research and Implementation of Webpage Trojan Detection Model Based on Obfuscation Mechanisms

DU Chun-lai, SUN Hui-zhong(), WANG Jing-zhong, WANG Bao-cheng   

  1. Information Security Lab, North China University of Technology, Beijing 100144, China
  • Received:2015-07-25 Online:2015-10-01 Published:2015-11-04

Abstract:

Webpage trojan is a malicious program that uses the Webpage to carry out the destruction. When the user visits the Website that contains some Webpage trojans, the trojan program will be silently downloaded through the link embedded in the Webpage. Once the trojans are downloaded and activated, they will use resources in the system to destroy the computer system. Currently, Webpage trojan detection includes static detection based on feature codes and dynamic detection based on honeypot client, but the two detection schemes can’t well solved the problems of growing number of Webpage trojans, confusion and avoiding detection means. This paper combines the advantages of the two detection schemes, putting forward an anti-obfuscation technology based on Webpage content analysis and shellcode location and recognition, which can solve the omission problem caused by interaction conditions not existing while verifying dynamically embedded links. On this basis, combined with the static and dynamic detection mechanisms, the paper establishes a Webpage trojan detection model. The experimental results show that the model can accurately detect various types of shell, encryption, deformation Webpage trojans, improving the detection efficiency of trojans.

Key words: Webpage trojan, content analysis, Shellcode orientation, anti-obfuscation, encryption

CLC Number: