The recent evolutional development of dynamic HTML techniques empowers attackers a new and powerful tool to compromise machines. A malicious DHTML code disguises itself as a normal webpage. The malicious webpage infects the victim when a user browses it. Furthermore, such DHTML code can disguise easily through obfuscation or transformation, which makes detection even harder. Anti-virus software packages commonly use signature-based approaches which might not be able to efficiently identify camouflage malicious HTML code. In this paper, we propose a novel semantics-aware reasoning detection algorithm (SeAR) using the techniques of semantic modeling and memory-based reasoning for malicious webpage detection. SeAR is resilient to code obfuscations and is able to detect malicious webpage correctly. The experiments demonstrate that our detection algorithm can effectively detect variants of malicious HTML code with a low false rate.
展开▼
