【作者】 张金玲；

【导师】 温巧燕；

【作者基本信息】 北京邮电大学 ， 计算机技术， 2018， 硕士

【摘要】 目前已经有一些针对JavaScript恶意脚本的检测方法被提出,但是随着混淆技术和ECMAScript6新标准的逐渐应用,JavaScript恶意脚本的形式更加多样化,其隐蔽性也越来越高,这给相关的研究和检测工作带来了新的挑战,导致当前已有检测方法的检测效果都不尽人意,因此针对JavaScript恶意脚本的检测极具研究价值。本文从多个方面对JavaScript恶意脚本进行检测,提出了静态和动态两套JavaScript恶意脚本检测方法。具体研究成果如下:1.基于否定选择算法V-detector提出了一种可用于过滤JavaScript脚本的算法LMV-detector,并使用该算法对JavaScript脚本进行过滤。实验结果表明该算法可以快速区分正常样本和广告、插件、恶意等非正常样本,有助于对样本的标记工作。此外,实现了一个JavaScript脚本抓取工具,可以从指定网站抓取JavaScript脚本用于本文的研究工作。2.分析了针对JavaScript的混淆技术以及浏览器端JavaScript的相关特性,在此基础上总结了四类静态检测特征,并使用主成分分析法对原始特征向量进行降维。采用机器学习技术对降维后的特征进行了验证,实验结果表明本文提出的四类静态检测特征对JavaScript恶意脚本具有较高的识别能力。3.基于互信息提出了一个行为特征危害系数计算公式,并结合动态行为特征建立了 JavaScript恶意脚本评估指标。论文在模拟环境中解析执行JavaScript脚本并提取其动态行为特征,并使用评估指标对提取到的动态行为特征进行处理。采用SVM算法对处理后的特征进行了验证,实验结果表明检测准确率为99.6%。更多还原

【Abstract】 At present,some detection methods for malicious JavaScript have been proposed.However,with the gradual application of obfuscation techniques and ECMAScript6 standard,malicious JavaScript in more diversified forms,its concealment is also higher and higher,which poses new challenges for related research and detection work,and leads to the performance of existing detection methods is unsatisfactory.So,the research on detection methods for malicious JavaScript is of great value.In this thesis,we detect malicious JavaScript in many aspects and propose two detection methods for malicious JavaScript.The main contributions of this thesis are summarized as follows:1.Based on the negative selection algorithm V-detector,we proposed a JavaScript filtering algorithm LMV-detector and used it to filter JavaScript.The experimental results show that the LMV-detector can quickly distinguish between normal samples and other abnormal samples such as ads,plug-ins and so on,and accelerate the marking of samples.In addition,we implemented a JavaScript crawler that can fetch JavaScript from some given websites.2.We analyzed the obfuscation techniques for JavaScript and the related features of browser-side JavaScript.On this basis,four kinds of static detection features were extracted,and the principal component analysis was used to reduce the dimensionality of the original eigenvector.We used the machine learning technique to verify the features.The experimental results show that four kinds of static detection features proposed in this thesis have a high recognition rate for malicious JavaScript.3.We proposed a formula to calculate the harmfulness coefficient of the behavioral features based on mutual information,and established an evaluation indicator system for malicious JavaScript combined with the dynamic behavior features.We parsed and executed JavaScript in a simulation environment and extracted its dynamic behavior features,and used the evaluation indicator to process them.The processed features were verified by SVM algorithm.The experimental results show that the detection accuracy is 99.6%.更多还原