Netinfo Security ›› 2021, Vol. 21 ›› Issue (7): 87-94.doi: 10.3969/j.issn.1671-1122.2021.07.011

Previous Articles     Next Articles

Malicious Mining Web Page Detection and Forensics Based on Multi-feature Recognition

HUANG Ziyi, QIN Yuhai()   

  1. College of Public Security Information Technology and Information, Criminal Investigation Police University of China, Shenyang 110035, China
  • Received:2021-01-16 Online:2021-07-10 Published:2021-07-23
  • Contact: QIN Yuhai E-mail:13840392578@163.com

Abstract:

In view of the current domestic and foreign malicious mining Web detection technology has a high failure rate, low timeliness, inaccurate prediction, too dependent on rules and other problems, this paper designed a malicious mining web detection model based on multi-feature recognition and multi-level evidence preservation of malicious mining web forensic method. Through analyzing the implementation methods and code characteristics of Coinhive, Jsecoin, Webmine and Crypto-loot mining Web pages, and summarizing their characteristics, the detection model constructed the multi-feature sequence of mining Web pages to realize the automatic detection of malicious mining Web pages. The research shows that the detection model can automatically detect the URLs submitted by users, distinguish malicious mining Web pages and determine their types, and the overall detection accuracy reaches 97.83%. The multi-level forensics method can fix the malicious mining Web page data from the three dimensions of plane layer, code layer and network data layer, obtain complete, legal and credible evidence, generate the forensics report, and meet the public security organs' requirements for malicious mining Web page detection and forensics.

Key words: malicious mining, Web mining, detection, forensics

CLC Number: