[ 摘要 ]
[ 英文摘要 ]
With the information technology and the Internet the rapid development and widespread mode of communication has changed the people dependence on the Internet increased, security issues will follow. In recent years the rapid development of Web applications, the application level became more widely and the functions became more complex, people dependence on web applications is increasing. Once the user''s PC resistance is poor, such as the identification of a lack of protective software, or operating system vulnerabilities such as not updated, it may be infected by malicious code. In this networked age, each person may enter at any time minefields of high risk of infection, but no alert. In recent years a new kind of network attacks occur when a malicious client access to remote server, the server response to client requests, while a majority of malicious attacks has also sent to the client program, the Drive-by-download attacks. If infected, the malicious server to comment client that will be able to execute any program. Malicious Web page often confused with Signature-base mechanism to evade detection systems, increasingly complex web of confusion and even extended to the level of multimedia files (JPG, Flash, PDF, etc.).In this situation, if the website is really a result of certain malicious behavior caused, but only on the content analysis is very difficult to distinguish a malicious act. However, many Web data and methods of attack repeatedly renovated. This study is based on client honeypot system, this research can take the initiative to determine whether a malicious Web page model and a detection method to improve the malicious Web page to judge the accuracy and content analysis to speed up the first static analysis speed, and then with the client honeypot system actually visit the website for more in-depth probe allows users to browse the web, can ensure their own safety.