基于反向代理服务器和黑白名单的WAF架构优化与实现

发布时间：2018-04-25 22:32

本文选题：网络安全 + 应用层攻击　；参考：《北京邮电大学》2014年硕士论文

【摘要】：随着互联网的发展,网络应用服务为人们的生活提供了各种各样的便利,除了传统的获取信息和学习知识外,互联网还发展出了网上购物、网上银行、社交互动等等服务。可以说,网络已经成为了人们生活中必不可少的工具之一。然而,人们在享受网络带来的便利的同时,网络安全也渐渐成为了一个被广泛提起和关注的话题。同时,随着网络防火墙的发展,网络攻击得到了一定的防护,而攻击者也开始转变自己的攻击方式,针对网络应用层展开攻击。现在网络应用防护已经成为了网络安全领域一个饱受关注的热点话题。本文结合当前网络应用层攻击现状,分析了网络中应用攻击手段,以及国内外在应用层防御技术层面做出的努力,重点针对应用防火墙技术进行研究。针对当前网络应用防火墙仍然存在的防御不全面,误判率较高和执行效率低的缺点,本文提出了一种基于反向代理的,融合了黑名单和白名单防御技术的网络应用防火墙,并将之实现。本文重点研究了Modsecurity黑名单规则,在该黑名单规则的基础上加入了白名单检测技术。通过手动和自动生成白名单的方式完善应用防火墙的防御过程,提高了应用防火墙的防御效果和执行效率,对现在网络应用防火墙的结构进行了完善和优化。本文提出的应用防火墙架构是对经典应用防火墙架构的诠释,完整的实现了应用防火墙架构模块,为网络应用防火墙的布局提供了新思路。
[Abstract]:With the development of the Internet, Internet application services provide a variety of convenience for people's life. In addition to the traditional access to information and learning knowledge, the Internet has also developed online shopping, online banking, social interaction and other services. It can be said that the network has become one of the essential tools in people's lives. However, while people enjoy the convenience brought by the network, network security has gradually become a widely raised and concerned topic. At the same time, with the development of the network firewall, the network attack has been protected to a certain extent, and the attacker has begun to change his attack mode and launch the attack against the network application layer. Network application protection has become a hot topic in the field of network security. According to the current situation of network application layer attack, this paper analyzes the means of network application attack, and the domestic and foreign efforts in the application layer defense technology, focusing on the application of firewall technology. Aiming at the shortcomings of the current network application firewall, such as incomplete defense, high error rate and low execution efficiency, this paper proposes a network application firewall based on reverse proxy, which combines blacklist and whitelist defense technology. And realize it. This paper focuses on the Modsecurity blacklist rule and adds the whitelist detection technology to the blacklist rule. By manually and automatically generating whitelist, the defense process of the applied firewall is improved, the defense effect and execution efficiency of the applied firewall are improved, and the structure of the network application firewall is improved and optimized. The application firewall architecture proposed in this paper is the interpretation of the classical application firewall architecture. It implements the application firewall architecture module completely and provides a new idea for the layout of the network application firewall.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】