网址嫁接攻击的检测及防范研究

发布时间：2018-11-27 10:22

【摘要】：伴随着互联网的迅猛扩张,电子商务、网络企业在互联网上得到了急速发展,同时也给网络攻击者提供了极大的犯罪空间。近年来,各种网络攻击事件频繁发生,尤其是网络钓鱼和网络嫁接攻击。网络钓鱼主要通过发送声称来自银行或其他知名机构的欺骗性垃圾邮件,意图引诱收信人泄露敏感信息以实施攻击。网址嫁接攻击是在网络钓鱼攻击的基础上发展起来的一种新的更高级的攻击方式。主要通过在用户电脑上植入木马、安装恶意软件或者破坏域名服务器的解析过程等手段,将用户重定向到虚假的网页,并伺机窃取用户的重要信息。网址嫁接攻击采用的技术手段不同于传统的网络钓鱼攻击,传统的检测与防范技术无法直接应用于网址嫁接攻击。目前,针对网址嫁接攻击的研究还处于初步阶段,深入研究网址嫁接攻击采用的技术手段以及检测与防范方法,具有十分重要的理论与现实意义。本文在研究网址嫁接攻击原理基础上,提出一种基于IP地址过滤与PSO-SVM混合算法的网址嫁接攻击检测模型,用于客户端检测网址嫁接攻击,并进一步提出一种基于主机hosts文件保护的网址嫁接攻击防范方法。仿真实验表明,本文提出的检测模型对网址嫁接攻击的识别准确率可达到99%以上。具体工作包括： 1.研究了网址嫁接的攻击原理和攻击类别,并在分析域名服务工作过程和hosts文件脆弱性的基础上,提出了基于主机hosts文件保护的网址嫁接攻击防范方法。 2.通过分析网址嫁接攻击对IP地址解析过程的影响以及虚假网页与合法网页特征的差异性,提出一种基于IP地址过滤与PSO-SVM混合算法的网址嫁接攻击检测模型。 3.从互联网爬取合法网页,并从PishTank库中随机抽取一定数量的虚假网页,提取12个网页敏感特征,对本文提出的检测模型进行了大量的实验,验证了本模型用于网址嫁接攻击检测的有效性。 4.基于Netbeans软件开发平台,利用Java编程语言实现了C/S结构的网址嫁接攻击检测及防范系统。
[Abstract]:With the rapid expansion of the Internet, e-commerce, network enterprises in the Internet has been rapid development, but also to network attackers to provide a great space for crime. In recent years, a variety of network attacks occur frequently, especially phishing and grafted attacks. Phishing involves sending fraudulent spam purporting to come from banks or other well-known institutions in an attempt to entice recipients to reveal sensitive information to carry out attacks. Web site grafting attack is a new and more advanced attack method based on phishing attack. By inserting Trojan horse into user's computer, installing malware or destroying the parsing process of domain name server, the user is redirected to a false web page, and the important information of the user is stolen. Web site grafting attack is different from the traditional phishing attack, and the traditional detection and prevention technology can not be directly applied to the site grafting attack. At present, the research on web site grafting attack is still in its initial stage. It is of great theoretical and practical significance to study the technical means, detection and prevention methods of web site grafting attack. On the basis of studying the principle of web address grafting attack, this paper proposes a detection model of web address grafting attack based on IP address filtering and PSO-SVM hybrid algorithm, which can be used to detect web site grafting attack by client. Furthermore, this paper proposes a method of preventing the attack of web address grafting based on host hosts file protection. The simulation results show that the detection model proposed in this paper can identify the URL grafting attacks with a accuracy rate of more than 99%. Specific work includes: 1. On the basis of analyzing the working process of domain name service and the vulnerability of hosts file, this paper puts forward a method of preventing the attack based on the protection of host hosts file. 2. By analyzing the influence of address grafting attack on the process of IP address resolution and the differences between false web pages and legitimate web pages, a new detection model of URL grafting attack based on IP address filtering and PSO-SVM hybrid algorithm is proposed. 3. After crawling legal web pages from the Internet and randomly extracting a certain number of false web pages from the PishTank library, 12 sensitive features of web pages are extracted, and a large number of experiments are carried out on the detection model proposed in this paper. The validity of this model for detecting web site grafting attacks is verified. 4. Based on Netbeans software development platform, the detection and prevention system of Web site grafting attack based on C / S structure is realized by using Java programming language.
【学位授予单位】：华北电力大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP18

【参考文献】