中文摘要：

目前,很多恶意网页仅利用常规的Web编程技术使得浏览器自动下载木马等恶意软件并诱骗用户执行。这种恶意行为被称为自动下载。浏览器中现有的防御机制并不能有效地识别这种攻击。针对此类恶意行为,提出了一种防御方法。该方法通过监控网页中能导致自动下载的操作,并在下载实际发生时判断是否由用户触发,来识别自动下载行为并加以阻断。此防御方法已经在Web Kit Gtk＋2.8.0和Chromium 38.0.2113.1两个浏览器中实现,并进行了评估：两个检测防御系统针对现存的攻击样本均无误报和漏报,额外的性能开销分别为1.26%和7.79%。实验结果表明,该方法能够有效地监测并阻断自动下载攻击且性能开销较小。

英文摘要：

Nowadays, many malicious Web pages can launch the downloading of malware without any user interaction only by leveraging normal Web programming techniques and deceive victims into executing the downloaded malware. This type of attack is called auto-download. The existing defense mechanisms equipped with browsers can not effectively identify the attack. In order to solve the problem, an approach was presented to mitigate the attack. The downloading operations were monitored. When a download was performing, it would be checked to see whether it was triggered by the user interaction or not. Consequently, potential auto-download behaviors would be detected and terminated. The approach had been implemented in two browsers Web Kit Gtk ＋ 2. 8. 0 and Chromium 38. 0. 2113. 1. Both of the two detection and defense systems were evaluated. The false negatives and false positives were 0, and performance overload was 1. 26% and 7. 79%. The experimental results show that the proposed approach can effectively detect and terminate the auto-download attack with less performance overload.