网站信息安全防护系统的设计与实现

发布时间：2018-03-09 05:29

本文选题：网站信息安全　切入点：体系结构　出处：《电子科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着网络的不断普及和应用，，网站的数量和规模急剧增加，给人们的工作和生活带来了诸多便利。但是，网站遭受攻击和网页被篡改的事件日益频繁，网络不良信息泛滥，必须采取有效措施和技术手段来防范此类问题。本文针对当前网站安全的现状，设计并构建了一个基于网页防篡改和内容过滤的网站信息安全防护系统，该系统在不影响网站可用性的前提下提高了网站的安全性，能够防止各种不当信息被发布和浏览，改善了网站和Web应用系统的服务质量。首先，对当前网站信息安全防护技术的研究发展现状进行了较为全面的概括和分析。根据网站建设中对信息安全管理和防护的需求，在研究现有网站信息安全防护技术的基础上提出了基于C/S和B/S模式的网站信息安全防护系统体系框架，采用分布式的设计思想将系统划分为控制服务器、防护系统终端和用户管理控制台三个子系统，提供了一套完整的网站安全管理解决方案。然后，通过对现有网页防篡改技术的比较和分析，综合采用文件过滤驱动和事件触发技术，设计并实现了网页防篡改子系统，并对系统工作流程进行了说明。继而，归纳分析了当前常用的Web文本信息过滤技术，针对中文网页信息过滤的特点，设计了引入用户反馈的进行增量SVM学习的Web中文文本过滤子系统，该系统使用增量SVM学习的原理，将用户反馈作为SVM的增量训练样本，使得系统在使用过程中能够不断地充实自己的知识库，从而提高过滤的精确性。在以上工作的基础上，论文对实现的原型进行了测试，包括性能测试和功能测试，测试结果表明：系统运行稳定，功能良好，达到了预期的设计目标。最后，总结了论文工作并指出今后工作方向。
[Abstract]:With the continuous popularization and application of the network, the number and scale of the website increases dramatically, which brings a lot of convenience to people's work and life. However, the attacks on the website and the tampering of the web page become more and more frequent, and the bad information of the network is flooding. It is necessary to take effective measures and technical measures to prevent this kind of problems. According to the current situation of website security, this paper designs and builds a website information security protection system based on anti-tampering and content filtering. This system can improve the security of the website without affecting the usability of the website, prevent all kinds of improper information from being published and browse, and improve the quality of service of the website and Web application system. First of all, the current research and development of information security protection technology is summarized and analyzed. According to the requirements of information security management and protection in website construction, On the basis of studying the existing information security protection technology of website, this paper puts forward the system framework of website information security protection system based on C / S and B / S mode, and divides the system into control server by using distributed design idea. The protection system terminal and the user management console three subsystems, has provided a complete website security management solution. Then, through the comparison and analysis of the existing anti-tampering technology, the paper designs and implements the anti-tampering subsystem of the web page by adopting the file filter driver and the event trigger technology, and explains the workflow of the system. This paper summarizes and analyzes the current common Web text information filtering technology. According to the characteristics of Chinese web page information filtering, a Web text filtering subsystem based on user feedback for incremental SVM learning is designed. The system uses the principle of incremental SVM learning. Taking user feedback as an incremental training sample of SVM, the system can constantly enrich its knowledge base in the process of use, thus improving the accuracy of filtering. On the basis of the above work, the prototype is tested, including performance test and function test. The test results show that the system runs stably, has good function, and achieves the expected design goal. The paper summarizes the work and points out the future work direction.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP311.52

【参考文献】