A Method of Malicious Code Detection in WordPress Theme Based on Similarity Analysis

doi:10.3969/j.issn.1671-1122.2017.12.009

Netinfo Security ›› 2017, Vol. 17 ›› Issue (12): 47-53.doi: 10.3969/j.issn.1671-1122.2017.12.009

• Orginal Article • Previous Articles Next Articles

A Method of Malicious Code Detection in WordPress Theme Based on Similarity Analysis

Zhenfei ZHOU^1,², Binxing FANG^1,⁴, Xiang CUI^2,³, Qixu LIU^2,³()

1.School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100049, China
2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
3. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
4.Institute of Electronic and Information Engineering of UESTC in Guangdong, Dongguan Guangdong 523808, China

Received:2017-08-15 Online:2017-12-20 Published:2020-05-12

Abstract

Abstract:

Existing detection methods mainly rely on characteristic of known malicious code. This paper concludes repackaging and reusing phenomena and propose a detection method based on similarity analysis. Firstly, it analyzes homologous relationship of themes based on page style similarity. Secondly, it finds different code in same-origin themes and similar code in different-origin themes. Finally, it filters code by threshold and white list, the remaining are considered as highly suspicious malicious code. This paper analyzes 252 non-official themes and finds 17 themes containing malicious code. Result shows that this method can find malicious code without knowledge of their characteristic, which is better than existing methods in some extent.

Key words: WordPress theme, malicious code, similarity, homologous relationship

CLC Number:

TP309.1

Zhenfei ZHOU, Binxing FANG, Xiang CUI, Qixu LIU. A Method of Malicious Code Detection in WordPress Theme Based on Similarity Analysis[J]. Netinfo Security, 2017, 17(12): 47-53.

Figures/Tables 7

References 19

[1]	BuildWith. WordPress Usage Statistics [EB/OL]. ,2017-8-10.
[2]	DigitalMunition. Thousands of WordPress Websites Used as a Platform to Launch DDOS [EB/OL]./,2017-8-10.
[3]	404 Team from Knownsec. Wordpress functions.php 主题文件后门分析 [EB/OL]. .
[4]	Fox-IT Security. CryptoPHP-Analysis of a hidden threat inside popular content management systems[EB/OL]. ,2017-8-10.
[5]	HUANG Y W.Securing Web Application Code by Static Analysis and Runtime Protection[C]//ACM. WWW '04 Proceedings of the 13th international conference on World Wide Web, May 17 - 20, 2004 ,New York, USA.New York:ACM,2004:40-52.
[6]	SEIFERT C, WELCH I, KOMISARCZUK P. HoneyC - The Low-Interaction Client Honeypot[EB/OL]. ,2017-8-10.
[7]	Word Press. Theme Authenticity Checker (TAC) [EB/OL].,2017-8-10.
[8]	Word Press. Exploit Scanner[EB/OL].,2017-8-10.
[9]	Word Press. Wordfence Security[EB/OL].,2017-8-10.
[10]	刘文生,乐德广,刘伟. SQL注入攻击与防御技术研究[J]. 信息网络安全,2015(9):129-134.
[11]	BlogVault. Common Attacks on WordPress Sites 101: Backdoors [EB/OL].,2017-8-10.
[12]	阿里云安全. WordPress主题后门严重威胁网站安全[EB/OL]. ,2017-8-10.
[13]	林佳萍,李晖. 安卓恶意软件检测研究综述[J]. 信息网络安全,2016(10):80-88.
[14]	CHEN K, WANG P, LEE Y, et al.Finding Unknown Malice in 10 seconds: Mass Vetting for New Threats at the Google-play Scale[C]// USENIX. SEC'15 Proceedings of the 24th USENIX Conference on Security Symposium. August 12 - 14, 2015 ,Washington. Berkeley:USENIX Association, 2015:659-674.
[15]	WordPress. Theme Development [EB/OL]. ,2017-8-10.
[16]	Yoast. The anatomy of a WordPress theme[EB/OL]. .
[17]	薛丽敏,吴琦,李骏. 面向专用信息获取的用户定制主题网络爬虫技术研究[J]. 信息网络安全,2017(2):12-21.
[18]	Sebastian bergmann . Copy/PasteDetector(CPD) for PHP code [EB/OL]. ,2017-8-10.
[19]	Wpbeginner. 32 Extremely Useful Tricks for the WordPress Functions File[EB/OL]. .

A Method of Malicious Code Detection in WordPress Theme Based on Similarity Analysis

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 19

Related Articles 12

Recommended Articles

Metrics

Comments

[1]	Hong CHEN, Yue XIAO, Chenglong XIAO, Jianhu CHEN. The Intrusion Detection Method of SMOTE Algorithm with Maximum Dissimilarity Coefficient Density [J]. Netinfo Security, 2019, 19(3): 61-71.
[2]	LIU Hao, CHEN Zhigang, ZHANG Lianming. A Secure Routing Algorithm of Mobile Social Network Based on Community [J]. 信息网络安全, 2017, 17(7): 25-31.
[3]	PEI Yang, QU Xuexin, GUO Xiaobo, DUAN Dingyang. User Attribute Completion Attack in Social Networks Based on Node2vec [J]. 信息网络安全, 2017, 17(12): 67-72.
[4]	ZHANG Jiawang, LI Yanwei. Research and Design on Malware Detection System Based on N-gram Algorithm [J]. 信息网络安全, 2016, 16(8): 74-80.
[5]	ZHONG Dunhao, ZHANG Dongmei, ZHANG Yu. A Method of Intrusion Detection in Wireless Sensor Network Based on Similarity Algorithm [J]. 信息网络安全, 2016, 16(2): 22-27.
[6]	LIANG Hong, ZHANG Hui-yun, XIAO Xin-guang. Analysis of E-mail Sample Correlation Based on Social Engineering [J]. 信息网络安全, 2015, 15(9): 180-185.
[7]	XU Wei, LIN Bo-gang, LIN Si-juan, YANG Yang. Research on Community Detection Method for Social Networks Based on User Interaction and Similarity [J]. 信息网络安全, 2015, 15(7): 77-83.
[8]	WU Xu, GUO Fang-yu, XIE Xia-qing, XU Jin. A Text Similarity Evaluation Algorithm for Structured Data of Institutional Repository [J]. 信息网络安全, 2015, 15(5): 16-20.
[9]	CHAI Hua, LIU Jian-yi. Research on Improved Slope One Recommendation Algorithm [J]. 信息网络安全, 2015, 15(2): 77-81.
[10]	LIN Si-juan, LIN Bo-gang, XU Wei, YANG Yang. Research on Microblog Hot Topic Detection Method Based on Term Energy Change [J]. 信息网络安全, 2015, 15(10): 46-52.
[11]	LU Tian-liang, ZHOU Yun-wei, CAO Wei. Analysis of Attack Techniques and Crime Methods of the Mobile Internet [J]. 信息网络安全, 2014, 14(9): 176-179.
[12]	REN Wei, LIU Kun, ZHOU Jin. AnDa: a Dynamic Analysis System for Malicious Code [J]. 信息网络安全, 2014, 14(8): 28-33.