网页实时防篡改系统的研究

发布时间：2018-02-06 03:51

本文关键词： 防篡改核心内嵌时间轮询跨平台安全性　出处：《西安工业大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着互联网的高速发展,网站已成为政府、企业、高校等部门进行信息发布的主要平台。但是互联网暴露在一个相对开放的环境当中,它在为人们提供便利服务的同时,也极易成为黑客攻击和破坏的目标。由于Web应用系统的固有开发特点,导致Web应用出现了很多漏洞,病毒、木马和恶意代码泛滥。黑客利用网站的漏洞肆意的对网站上的信息进行篡改,造成了极大的社会影响及经济损失。为了保护web网站不发送被篡改内容并及时进行自动恢复,提高网站信息安全性、完整性,以解决网页篡改所带来的损失和影响,本文提出了一套网页实时防篡改系统的解决方案。本文首先研究了多种网页防篡改软件的原理,以及网页防篡改相关技术,其中包括时间轮询技术,核心内嵌技术,文件过滤驱动技术和事件触发技术等。然后从性能、效率、安全性等方面比较了各种技术的优缺点。最终本文选择了时间轮询技术结合核心内嵌技术作为本论文的研究和实现方向。本文提出的网页实时防篡改解决方案包括轮询扫描模块与实时检测模块两部分。系统分为监测端和管理端,首先管理端对每个网页文件生成数字水印,将生成的数字水印存储在管理端的Web服务器上,监测端通过文件同步复制系统把网页文件以及水印文件同步到指定位置,系统启动后轮询扫描模块对网页文件进行定时扫描比对,核心内嵌模块对每次访问请求进行验证。当发现数字水印与原水印值不匹配,则验证不通过,同时向后台发出警报并对被篡改的网页进行自动恢复,以达到网页实时防篡改的目的。本文对系统的技术平台、用例、系统流程和系统的架构进行了详细的阐述。系统采用了跨平台的技术实现,使得在Windows和Linux平台下都可运行。并通过了对系统的功能和性能的测试,从而达到了设计要求。最终使得系统能够及时的发现篡改行为并进行自动恢复,使得应用的网站得到安全的保障。
[Abstract]:With the rapid development of the Internet, websites have become the main platform for the government, enterprises, universities and other departments to publish information. But the Internet is exposed to a relatively open environment. At the same time, it is easy to be the target of hacker attack and destruction. Because of the inherent development characteristics of Web application system, there are many vulnerabilities and viruses in Web application. Trojan horse and malicious code flooding. Hackers take advantage of the site vulnerability wantonly tampering with the information on the site. In order to protect the web website from sending tampered content and carry on the automatic recovery in time, improve the information security and integrity of the website. In order to solve the loss and influence caused by web page tampering, this paper presents a solution of real time tamper-proof system for web pages. First of all, this paper studies the principles of various anti-tamper software, as well as the relevant technologies of anti-tampering, including time polling technology, core embedded technology. File filter driver technology and event trigger technology etc. Then from the performance, efficiency. The advantages and disadvantages of various technologies are compared in terms of security. Finally, this paper chooses time polling technology combined with core embedded technology as the research and implementation direction of this paper. The proposed real-time tamper-proof solution includes polling scanning module and real-time detection module. The system is divided into two parts: monitor end and management end. Firstly, the management end generates digital watermark for each web page file. The generated digital watermark is stored on the Web server of the management terminal, and the monitoring end synchronizes the web page file and the watermark file to the specified location through the file synchronization replication system. After the system started, the system polling scanning module to the page file timing scanning comparison, the core embedded module to verify each access request. When it is found that the digital watermark and the original watermark value does not match, the verification does not pass. At the same time, alarm is issued to the background and the tampered pages are automatically restored to achieve the purpose of real-time tamper-proof. In this paper, the system technology platform, use cases, system flow and system architecture are described in detail. The system uses cross-platform technology implementation. It can be run on both Windows and Linux platform, and has passed the test of the function and performance of the system. Finally, the system can detect the tampering behavior in time and recover automatically, so that the application website can be safeguarded.
【学位授予单位】：西安工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.092;TP393.08

【参考文献】