In computer software, malicious software aimed at undermining computer systems security, or steal data. Transmission is also designed for different purposes and therefore a different attack or spread. In particular, transmission in recent years has been a simple file download spread into the act by Internet browsing. Web surfing web page containing malicious files or malicious hyperlink source. Most of the JavaScript commonly used malicious links. Because that is a common web development languages and enough to hide the link. JavaScript to use the network of malicious attacks, the last truly malicious file is downloaded to the end-host. Under the surveillance of the operating system disguised as a normal file .Finally reached a variety of malicious purposes. Web browser security is normally provided by the operating system and browser with maintenance. In order to provide users with safe browsing environment , as each browser providers to enhance their own security and performance. But the real security vulnerabilities often exist in operating systems and browsers. , such as buffer/Heap overflow . This vulnerability is anti-virus software is difficult to predict and control behavior, must be detected by other means. General anti-virus software detection technology is the stage of downloading the file, using the known sample of the virus signature database to determine whether it is malware, and they had no ability to detect malicious network attacks. Only in the file download to be able to detect when the local side , and finally the resistance and defense. This paper presents a framework for detecting Internet browsing malicious behavior and malicious files, such as providing users a secure Web browsing security. Technically, this architecture provides monitor to browse the contents of the Javascript and suspicious files. When the browser is infected with malicious attacks on web pages, web pages can effectively detect hidden malicious behavior or obscure the malicious file.