Glastopf蜜罐在Web安全中的应用研究
发布时间:2018-08-18 16:59
【摘要】:Internet发展到今天,基于浏览器/服务器结构的Web应用程序已经广泛应用于互联网的各个角落。随着Web业务的迅速发展,Web安全威胁也接踵而来。根据高德纳公司最新的报告,大部分基于Web环境的互联网应用都存在着可能被攻击者利用的漏洞。Web应用系统的盛行让这个网络社会更非富,随之而来的安全问题也很大程度上决定了Web应用能否更长远的发展。 面临着多种网络攻击手段的威胁,Web安全方面的研究不断深入,各种新技术也不断涌现,Web应用蜜罐技术正是针对Web威胁所设计的一种全新思想的解决方案。本文研究的是一种开源的,低交互型Web应用蜜罐——Glastopf蜜罐。 本文基于SQL注入攻击与文件包含攻击,对Glastopf蜜罐的基本工作原理、工作流程和使用过程进行了研究。Glastopf蜜罐的原理是用攻击者试图从被攻击的Web应用程序中获得的信息来回应攻击者,,它能够模拟成千上万的漏洞,然后从黑客对目标Web应用程序的攻击过程中收集数据。作者重点分析研究了以下技术: 1.漏洞相关的Dork与Attack Surface技术。Dork就是吸引攻击者的诱饵,AttackSurface则是含有大量Dorks的HTML页面; 2.请求预处理阶段的模糊化技术。在预处理步骤,Glastopf蜜罐对请求进行模糊化处理,以便词法分析器能够对它进行分析; 3.预处理阶段的词法分析器与语法分析器技术。Glastopf蜜罐处理可以识别的SQL注入攻击的解析是基于词法分析器技术和语法分析器技术; 4.响应阶段的分类规则与响应规则。对于不可识别的攻击,Glastopf蜜罐在预分类步骤寻找哪些是不可解析的请求,然后使用已有模板来对这些请求进行比较;对于可以识别的攻击,分类过程为一个词法记号比较步骤和一个请求比较步骤。根据分类方式的不同,对SQL注入有两种不同的响应路径。 最后结合作者的实例配置,验证了Glastopf蜜罐能有效地防御Web攻击,完成Web应用蜜罐的功能。
[Abstract]:With the development of Internet, Web applications based on browser / server structure have been widely used in every corner of the Internet. With the rapid development of Web business, the threat of web security is coming. According to Gartner's latest report, most Internet applications based on the Web environment have vulnerabilities that could be exploited by attackers. The prevalence of web applications makes the web society less affluent. The following security problems also largely determine whether the Web application can develop in the long-term. Facing the threat of many kinds of network attack means, the research on web security is deepening, and various new technologies are emerging. The honeypot technology of web application is just a new idea solution to the threat of Web. In this paper, an open source, low-interactive honeypot for Web application-Glastopf honeypot is studied. Based on the SQL injection attack and file inclusion attack, the basic working principle of Glastopf honeypot is discussed in this paper. The workflow and usage process has studied the principle of .Glastopf honeypot, which can simulate thousands of vulnerabilities by responding to attackers with information they try to obtain from the attacked Web application. Data is then collected from hackers attacking the target Web application. The author focuses on the following techniques: 1. Vulnerability related Dork and Attack Surface technology. Dork is the bait to attract attackers, AttackSurface is a large number of Dorks HTML pages; 2. The fuzzification technique in the request preprocessing stage. In the preprocessing step Glastopf honeypot blurs the request so that the lexical analyzer can analyze it; 3. In the preprocessing stage, the lexical analyzer and parser technology. Glastopf honeypot processing the recognizable SQL injection attack parsing is based on lexical analyzer technology and parser technology; 4. Response stage classification rules and response rules. For an unrecognized attack, the Glastopf honeypot looks for unparsed requests in the pre-classification step, and then compares these requests using an existing template; for identifiable attacks, the The classification process consists of a lexical notation comparison step and a request comparison step. There are two different response paths to SQL injection according to the classification methods. Finally, combined with the author's example configuration, it is proved that Glastopf honeypot can effectively defend against Web attack and accomplish the function of Web application honeypot.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2190107
[Abstract]:With the development of Internet, Web applications based on browser / server structure have been widely used in every corner of the Internet. With the rapid development of Web business, the threat of web security is coming. According to Gartner's latest report, most Internet applications based on the Web environment have vulnerabilities that could be exploited by attackers. The prevalence of web applications makes the web society less affluent. The following security problems also largely determine whether the Web application can develop in the long-term. Facing the threat of many kinds of network attack means, the research on web security is deepening, and various new technologies are emerging. The honeypot technology of web application is just a new idea solution to the threat of Web. In this paper, an open source, low-interactive honeypot for Web application-Glastopf honeypot is studied. Based on the SQL injection attack and file inclusion attack, the basic working principle of Glastopf honeypot is discussed in this paper. The workflow and usage process has studied the principle of .Glastopf honeypot, which can simulate thousands of vulnerabilities by responding to attackers with information they try to obtain from the attacked Web application. Data is then collected from hackers attacking the target Web application. The author focuses on the following techniques: 1. Vulnerability related Dork and Attack Surface technology. Dork is the bait to attract attackers, AttackSurface is a large number of Dorks HTML pages; 2. The fuzzification technique in the request preprocessing stage. In the preprocessing step Glastopf honeypot blurs the request so that the lexical analyzer can analyze it; 3. In the preprocessing stage, the lexical analyzer and parser technology. Glastopf honeypot processing the recognizable SQL injection attack parsing is based on lexical analyzer technology and parser technology; 4. Response stage classification rules and response rules. For an unrecognized attack, the Glastopf honeypot looks for unparsed requests in the pre-classification step, and then compares these requests using an existing template; for identifiable attacks, the The classification process consists of a lexical notation comparison step and a request comparison step. There are two different response paths to SQL injection according to the classification methods. Finally, combined with the author's example configuration, it is proved that Glastopf honeypot can effectively defend against Web attack and accomplish the function of Web application honeypot.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前2条
1 陈向东;谢华成;;蜜罐技术在网络安全中的应用研究[J];制造业自动化;2012年05期
2 诸葛建伟;唐勇;韩心慧;段海新;;蜜罐技术研究与应用进展[J];软件学报;2013年04期
本文编号:2190107
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2190107.html
