@inproceedings{3d52beef6590440493dbe13cd7736b84,
title = "A web page malicious code detect approach based on script execution",
abstract = "Web page malicious code detection is a crucial aspect of Internet security. Current web page malicious codes detection work by checking for {"}signatures{"}, which attempt to capture (syntactic) characteristics of the known malicious codes. This reliance on a syntactic approach makes such detectors vulnerable to code obfuscations, increasingly used by malicious code writers, which alter syntactic prosperities of the malicious code without affecting their execution behavior significantly. This paper takes the position that the key to web page malicious code lies in their execution behavior. It proposes a script execution behavior feature based framework for analyzing propose of malicious codes and proving properties such as soundness and completeness of these malicious codes. Our approach analyses the script and confirms the script which contains malicious code by finding shellcode, overflow behavior and hidden hyper link. As a concrete application of our approach, we show that the script execution behavior based web page malicious code detector can detect many known malicious code but also the newest malicious code.",
keywords = "Execution behavior, Malicious code, Script",
author = "Li, {Zhi Yong} and Ran Tao and Cai, {Zhen He} and Hao Zhang",
year = "2009",
doi = "10.1109/ICNC.2009.363",
language = "English",
isbn = "9780769537368",
series = "5th International Conference on Natural Computation, ICNC 2009",
pages = "308--312",
booktitle = "5th International Conference on Natural Computation, ICNC 2009",
note = "5th International Conference on Natural Computation, ICNC 2009 ; Conference date: 14-08-2009 Through 16-08-2009",
}