恶意广告攻击检测技术研究及验证

发布时间：2018-04-30 20:13

本文选题：恶意广告 + URL提取　；参考：《北京邮电大学》2014年硕士论文

【摘要】：互联网的发展促进了网络广告的兴起,在人们每天浏览的网页中,随处可见的是网络广告。广告不仅仅是很多公司的主要收入来源,也成为黑客攻击的载体,典型的广告攻击包括广告钓鱼攻击、广告跨站攻击、恶意代码注入类攻击等。恶意广告攻击不但给上网用户带来很大的经济损失,同时也给网站和广告联盟带来了很多负面影响。随着这个问题越来越严重,找到一种高效的恶意广告检测方案变得非常迫切。目前国内外对恶意广告的检测问题做了很多工作,其中最典型的方案是从广告网络的角度进行研究,通过识别广告网络中的恶意节点实现源头上检测的目的。其他的方案主要是从跨站广告、钓鱼广告、代码注入类广告等具体的攻击形式进行展开。恶意广告的来源有很多种,来源不同使得攻击具有多样性,例如恶意广告攻击具有时间短、变化快、种类多等特点。检测广告节点可以有效地从源头上找到恶意广告,但对于从网站站点或者第三方发起的恶意广‘告攻击却无法达到很好的检测效果,同样从钓鱼广告和跨站广告的角度也只能检测到其中一种攻击形式。这些方案无论是从网络节点还是从单一攻击类型,其检测效果都不是很理想。本文首先分析了广告网络及广告联盟的特点,然后总结了目前主流的恶意广告检测方法,通过对比这些方式的优缺点,在此基础上提出了一种基于客户端的恶意广告检测方案。该方案主要由URL提取过滤模块、请求发起模块、组合检测模块、日志分析模块等构成。其中URL提取模块是在Nutch框架的基础上改进实现的,主要用于提取待测网站中与广告有关的URL链接。请求发起模块主要是模拟客户端的请求,将提取的待测URL请求服务器并获得响应信息。组合过滤模块主要由钓鱼网站检测库和HTTP响应检测引擎组成,它包含了匹配恶意广告的特征规则,该模块是检测方案的核心。日志分析模块主要是对检测日志进行分析,然后统计识别的攻击类型并以图形的形式展示出来。文章最后一部分是对检测方案进行验证,经验证该方案可以有效的检测到了网站中的恶意广告信息。
[Abstract]:The development of the Internet has promoted the rise of online advertising, which can be seen everywhere in the web pages that people browse every day. Advertising is not only the main revenue source of many companies, but also a carrier of hacker attacks. Typical advertising attacks include advertising phishing attacks, ad cross-site attacks, malicious code injection attacks and so on. Malicious advertising attacks not only bring great economic losses to Internet users, but also bring a lot of negative effects to websites and advertising alliances. As this problem becomes more and more serious, it is very urgent to find an efficient malicious advertising detection scheme. At present, a lot of work has been done on the detection of malicious advertising at home and abroad, among which the most typical scheme is to study the problem from the perspective of advertising network, and realize the purpose of source detection by identifying the malicious nodes in the advertising network. Other schemes are mainly from cross-station advertising, phishing advertising, code injection advertising and other specific attack forms. There are many kinds of malicious advertising sources. Different sources make attacks have diversity. For example, malicious advertising attacks have the characteristics of short time, fast change, variety and so on. The detection advertisement node can find the malicious advertisement from the source effectively, but for the malicious wide complaint attack launched from the website site or the third party, it can not achieve the very good detection effect. It also detects only one form of attack from the point of view of phishing and cross-site advertising. The detection effect of these schemes is not ideal either from network nodes or from a single attack type. This paper first analyzes the characteristics of advertising network and advertising alliance, then summarizes the current mainstream malicious advertising detection methods. By comparing the advantages and disadvantages of these methods, a client based malicious advertising detection scheme is proposed. The scheme is mainly composed of URL extraction and filtering module, request initiation module, combination detection module, log analysis module and so on. The URL extraction module is improved on the basis of the Nutch framework and is mainly used to extract the URL links related to advertisements in the website under test. The request initiation module mainly simulates the request of the client, which will extract the URL request server to be tested and obtain the response information. The combined filtering module is mainly composed of the fishing site detection library and the HTTP response detection engine. It contains the feature rules for matching malicious advertisements. This module is the core of the detection scheme. Log analysis module mainly analyzes the detection log, and then statistics the type of attack and shows it in the form of graph. The last part of the paper is to verify the detection scheme, which can effectively detect the malicious advertising information in the website.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】