Anomaly Behavior Analysis for Web Page Inspection

As the Internet prevails, people access web services directly via web browsers over the network. However, most websites are not developed with sufficient security consideration. Hackers have taken the advantage of web application vulnerabilities to inject malicious codes into web pages. A victim who visits such a malicious web page will be compromised. Therefore, an efficient malicious web detection method is needed to prevent users from being compromised. Based on our observation, malicious web pages have uncommon behavior in order to evade from detection of Antivirus software. The anomaly behavior such as code encoding makes malicious web pages different from normal benign web pages. Current researches have noticed pattern-matching approach is not suitable to detect malicious web pages anymore, and then proposes a new detection method. The proposed method, a client-side malicious web page detection method, is based on anomaly behavior analysis. It focuses on distinguishing the behavior difference between malicious and benign web pages. The experimental results show that the proposed method can identify malicious web pages and alarm the website visitors efficiently.