Because of the convenience of the Internet, we rely closely on the Internet to do information searching, sharing, forum discussion, and online services. However, most of the websites we visit are developed with limited security knowledge, and it results in vulnerabilities in web applications. Unfortunately, hackers have successfully taken advantage of these vulnerabilities to inject malicious JavaScript into compromised web pages to trigger drive-by download attacks. Based on our observation of malicious web pages, malicious web pages have unusual behavior for evading detection which makes malicious web pages different from normal ones. Therefore, we propose a client-side malicious web page detection mechanism, Web Page Checker, which is based on anomaly behavior tracing and analyzing to identify malicious web pages. We also use model-base reasoning method to describe and detect malicious semantics of scripts in malicious web pages. The experimental results show that our method can identify malicious web pag es correctly and alarm the website visitors efficiently.