网页木马特征扫描技术的研究与实现
发布时间:2018-10-11 09:01
【摘要】:伴随着中国互联网络信息建设的不断积累,网页技术的愈发完善,网页交互平台已经在电子政务、电子商务等领域得到广泛的应用,以统合终端工作环境、服务社会公共业务以及商用程序托管为代表的网页技术,在很大程度上已经改变人们沟通交流的方式和方法。但这些技术在商业活动中带来便利的同时,也带来了前所未见的安全风险。在过去,互联网上的网页都是静态页面。管理员管理网站上的内容时,能够轻松区分“可信”站点和“不可信”站点。但是到了当下,随着网页内容逐渐丰富,且趋于动态化,使得最终访问者可以不间断的更新现有内容并且分享应用程序,然后通过各种渠道进行发布。就算采用严格的策略制定,一些不良信息或者恶意软件也会随时弹出,即使在可信站点也同样存在。使发布者的重要信息和内部网络暴露在极为危险的环境之下。根据一项国外的调查,75%的信息安全攻击都是发生在应用层而非网络层。与此同时,超过2/3的网页站点的安全防护都相当脆弱,非常容易受到恶意攻击。有一个说法是指,大多数企业花费了大量的资金投资在自身的网络和服务器的安全上,但是却没有从真正意义上保护网页业务本身的安全,从而才给了黑客可乘之机。根据权威的世界网页安全研究组织提供的报告,有两种对网页业务系统威胁最严重的攻击方式分别是注入漏洞和跨站脚本漏洞。从以往发生的安全事件统计,针对网页的恶意攻击导致的后果极为严重,通过上述手段可以将一个合法的、正常的网站攻陷,恶意攻击者利用获取到的相应权限在网页中肆无忌惮地嵌入恶意代码,或者将恶意程序下载到存在终端漏洞的计算机上,从而实现攻击的目的。
[Abstract]:With the continuous accumulation of Internet information in China and the improvement of web technology, the web interactive platform has been widely used in E-government, e-commerce and other fields to integrate the terminal working environment. The web technology represented by the service of social public business and commercial program hosting has to a great extent changed the way and method of communication and communication. But while these technologies are convenient for business, they also pose unprecedented security risks. In the past, web pages on the Internet were static pages. Administrators can easily distinguish trusted and untrusted sites when managing content on a Web site. But now, as the content of the page becomes richer and more dynamic, the final visitor can continuously update the existing content and share the application, and then publish it through various channels. Even with strict strategy, bad information or malware pops up at any time, even on trusted sites. Expose the publisher's vital information and internal network to an extremely dangerous environment. According to a foreign survey, 75% of information security attacks occur in the application layer rather than the network layer. At the same time, more than two-thirds of web sites are vulnerable to malicious attacks. One argument is that most companies spend a lot of money on the security of their networks and servers, but they don't really protect the web business itself, giving hackers a chance. According to a report provided by the authoritative World Organization for Web Security Research, there are two most serious threats to web business systems, namely, injection vulnerabilities and cross-site scripting vulnerabilities. From the statistics of past security incidents, the consequences of malicious attacks on web pages are extremely serious. Through the above-mentioned means, a legitimate and normal website can be captured. Malicious attackers take advantage of the corresponding privileges to embed malicious code in web pages or download malicious programs to computers with terminal vulnerabilities to achieve the purpose of the attack.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.092
本文编号:2263614
[Abstract]:With the continuous accumulation of Internet information in China and the improvement of web technology, the web interactive platform has been widely used in E-government, e-commerce and other fields to integrate the terminal working environment. The web technology represented by the service of social public business and commercial program hosting has to a great extent changed the way and method of communication and communication. But while these technologies are convenient for business, they also pose unprecedented security risks. In the past, web pages on the Internet were static pages. Administrators can easily distinguish trusted and untrusted sites when managing content on a Web site. But now, as the content of the page becomes richer and more dynamic, the final visitor can continuously update the existing content and share the application, and then publish it through various channels. Even with strict strategy, bad information or malware pops up at any time, even on trusted sites. Expose the publisher's vital information and internal network to an extremely dangerous environment. According to a foreign survey, 75% of information security attacks occur in the application layer rather than the network layer. At the same time, more than two-thirds of web sites are vulnerable to malicious attacks. One argument is that most companies spend a lot of money on the security of their networks and servers, but they don't really protect the web business itself, giving hackers a chance. According to a report provided by the authoritative World Organization for Web Security Research, there are two most serious threats to web business systems, namely, injection vulnerabilities and cross-site scripting vulnerabilities. From the statistics of past security incidents, the consequences of malicious attacks on web pages are extremely serious. Through the above-mentioned means, a legitimate and normal website can be captured. Malicious attackers take advantage of the corresponding privileges to embed malicious code in web pages or download malicious programs to computers with terminal vulnerabilities to achieve the purpose of the attack.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.092
【参考文献】
相关期刊论文 前2条
1 侯明明;;浅析“木马”病毒及其防治措施[J];广西轻工业;2009年03期
2 王继成,高珍;软件需求分析的研究[J];计算机工程与设计;2002年08期
,本文编号:2263614
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2263614.html
