| 基于频繁子树挖掘算法的网页木马检测技术 |
| |
| 引用本文: | 韩心慧,龚晓锐,诸葛建伟,邹磊,邹维.基于频繁子树挖掘算法的网页木马检测技术[J].清华大学学报(自然科学版),2011(10):1312-1317. |
| |
| 作者姓名: | 韩心慧 龚晓锐 诸葛建伟 邹磊 邹维 |
| |
| 作者单位: | 北京大学计算机科学技术研究所;北京大学互联网安全技术北京市重点实验室;清华大学信息网络工程研究中心; |
| |
| 基金项目: | 国家发展和改革委员会2009年信息安全专项(发改高技[2009]1717号); 国家自然科学基金资助项目(61003217); 高等学校博士学科点专项科研基金资助项目(200800011019) |
| |
| 摘 要: | 针对目前互联网安全的主要威胁之一网页木马,基于网页木马的树状链接结构特征,引入频繁子树挖掘算法,对前期积累的4万多个恶意网页木马场景进行子树模式挖掘,提取了35个网页木马场景共同子树结构特征,利用这些特征在网页木马动态分析过程中辅助检测。实验表明:在加入基于子树特征的检测方法判定的网页木马中,动态检测方法有近20%的漏报。因此,基于子树特征的检测方法有效地提高了动态检测的检测能力和效率,同时挖掘出的典型子树模式提供了网页木马分类和溯源的依据。
|
| 关 键 词: | 网页木马 频繁子树 动态分析 数据挖掘 |
Detection of drive-by downloads based on the frequent embedded subtree pattern-mining algorithm |
| |
| HAN Xinhui,GONG Xiaorui,ZHUGE Jianwei,ZOU Lei,ZOU Wei.Detection of drive-by downloads based on the frequent embedded subtree pattern-mining algorithm[J].Journal of Tsinghua University(Science and Technology),2011(10):1312-1317. |
| |
| Authors: | HAN Xinhui GONG Xiaorui ZHUGE Jianwei ZOU Lei ZOU Wei |
| |
| Institution: | HAN Xinhui1,2,GONG Xiaorui1,ZHUGE Jianwei3,ZOU Lei1,ZOU Wei1,2(1.Institute of Computer Science and Technology,Peking University,Beijing 100871,China,2.Beijing Key Laboratory of Internet Security Technology,3.Network Research Center,Tsinghua University,Beijing 100084,China) |
| |
| Abstract: | A frequent embedded subtree pattern-mining algorithm was developed based on observations of the URL link tree structure of drive-by-download attack scenarios to extract typical frequent embedded subtree patterns from a large library of scenarios collected in the wild.35 extracted patterns were used to change a subtree matching algorithm into a behavior-based dynamic detection method for drive-by-downloads.Tests show that the purely dynamic detection method missed about 20% of the drive-by-downloads identifi... |
| |
| Keywords: | drive-by downloads frequent embedded subtree dynamic anlaysis data mining |
| 本文献已被 CNKI 等数据库收录! |
|
