基于客户端恶意网页收集与分析系统的安全技术研究

发布时间：2018-06-11 11:33

本文选题：HoneyClient + DeepWeb　；参考：《武汉理工大学》2014年硕士论文

【摘要】：当今世界互联网已经成为了人们生活中不可缺少的一部分，这些年来网络技术蓬勃发展，在很大程度上改变了人们的生活方式，但随之而来的新的网络安全问题也不断涌现。现今的网络攻击越来越多地以客户端作为攻击对象，而充斥互联网的大量恶意网页则是一种常见的入侵手法，且随着HTML5规范的提出和应用，在带来了大量新功能的同时，不可避免地也带来了新的安全漏洞。本文将基于对现有客户端蜜罐和恶意网页收集系统的分析，重点研究HoneyClient蜜罐系统的安全改进、基于DeepWeb动态网页数据捕获技术的深度网页爬虫以及恶意网页数据分析技术，设计出一种基于客户端蜜罐的恶意网页收集和分析系统原型，能够同时对HTML4以及HTML5制作的网页以及其数据库中的数据进行分析，捕获可能含有的恶意攻击代码。本文的主要工作如下： 1.客户端攻击研究，本文对现今流行的各种针对客户端的攻击进行了充分研究，从攻击原理，客户端软件漏洞和攻击途径三个方面分析了针对客户端的攻击的常见情况。 2.高交互客户端蜜罐HoneyClient的安全改进。本系统的恶意URL收集功能将使用HoneyClient来完成，由于高交互客户端蜜罐自身存在着一定的风险，因此本文将对HoenyClient的安全保障系统做一定的研究和配置，减少使用其收集恶意URL时被攻陷的可能性。 3.深度网页爬虫设计。本文在传统爬虫的基础上加入了DeepWeb技术，设计了一种具有获取网站完整数据功能的新型深度网页爬虫，使得无论是攻击者建立的纯粹以攻击为目的的网站，还是被攻击者攻陷后放入恶意数据的普通网站，都能够对其中的恶意内容有高效率的发现能力。 4.网页代码安全性分析，，本文对当前最新的HTML5安全漏洞进行了分析，研究了其基本原理和攻击方式，同时在此基础上对现有网页上可能存在的以HTML和JS编写的攻击代码的一般性特征进行了分析和获取。 5.恶意代码检测，本文根据提取到的攻击特征，使用HtmlAgility Pack和传统正则表达式两种方法对于获取的网站数据进行检索和分析，发现了大量符合特征的攻击内容，且其中相当一部分攻击代码是处于在网页数据库中抽取到的信息之中。
[Abstract]:Nowadays, the Internet has become an indispensable part of people's life. With the rapid development of network technology in recent years, it has changed people's way of life to a great extent, but the new network security problems have been emerging constantly. Nowadays, more and more network attacks take the client as the object of attack, and a large number of malicious web pages filled with the Internet are a common intrusion technique, and with the development and application of HTML5 specification, it brings a lot of new functions at the same time. Based on the analysis of the existing client honeypot and malicious web page collection system, this paper will focus on the HoneyClient honeypot system security improvement. Based on DeepWeb dynamic web page data capture technology, a web crawler and malicious web page data analysis technology are proposed to design a client honeypot based malicious web page collection and analysis system prototype. It can analyze the web pages made by HTML4 and HTML5 and the data in its database at the same time, and capture the malicious attack code that may contain. The main work of this paper is as follows: 1. In this paper, the current popular attacks against clients are fully studied, and the common situations of attacks against clients are analyzed from three aspects: attack principle, client software vulnerabilities and attack ways. 2. High interactive client honeypot HoneyClient security improvement. The malicious URL collection function of this system will be completed by HoneyClient. Because there are some risks in honeypot itself, this paper will do some research and configuration on Hoeny client's security system. Reduces the possibility of being compromised when using it to collect malicious URLs. 3. Deep web crawler design. In this paper, DeepWeb technology is added to the traditional crawler, and a new kind of deep web crawler is designed, which has the function of obtaining the complete data of the website. Or after being attacked by the attacker into malicious data into the ordinary site, which can have a high efficiency in the detection of malicious content. 4. 4. In this paper, the latest HTML5 security vulnerabilities are analyzed, and its basic principle and attack methods are studied. At the same time, the general features of the attack code written in HTML and JS on the existing web pages are analyzed and acquired. Malicious code detection, according to the extracted attack features, using HtmlAgility Pack and traditional regular expression to retrieve and analyze the obtained website data, found a large number of attacks that accord with the characteristics. And a considerable part of the attack code is in the web database extracted from the information.
【学位授予单位】：武汉理工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP393.092

【参考文献】