网络渗透的HTTP通信分析研究

发布时间：2018-11-29 07:26

【摘要】：互联网和计算机技术的高速发展给人们的生活带来了许多便利,同时也为网络犯罪分子提供了更多的犯罪手段,信息安全问题日益突出。网络渗透可以作为评估网络系统安全性的一种方法,也可以作为公安机关侦察犯罪活动、收集证据的手段。木马是一种常见的以控制用户主机和盗取用户隐私为目的的病毒,完善木马检测技术和提高木马识别率对保障用户的财产和隐私安全具有现实意义。本文对网络渗透的HTTP通信进行了分析研究,研究内容包括： (1)研究网络渗透的HTTP通信方法。通过对防火墙等网络安全设备的原理进行分析,研究了基于HTTP通信的防火墙穿透技术；通过对网络嗅探器、网络连接查看器和网络流量查看器三种类型的网络安全检测软件进行分析,研究了网络渗透中网络活动的隐藏方法；基于对HTTP数据传输方式的研究,构建了网络渗透的HTTP通信规则；基于上述研究的方法完成了基于HTTP通信的网络渗透系统。 (2)研究HTTP木马的网络通信分析检测模型。对基于HTTP进行通信的木马和普通程序产生的HTTP网络通信数据进行了分析,并在此基础上提取出HTTP木马的六个网络通信行为特征；综合利用层次聚类、Davies-Bouldin指数和k-means算法建立了一个HTTP木马检测模型,该模型仅用于检测基于HTTP进行通信的木马。 (3)设计实验对本文提出的网络渗透的HTTP通信方法和HTTP木马检测模型的可行性进行验证。实验结果表明,本文的HTTP通信方法能够穿透网络防火墙的防护,成功隐藏了自身的网络活动,并能够提供可靠的数据传输;HTTP术马的网络通信分析检测模型能够有效的检测出HTTP木马,准确率较高,误报率较低。本文通过研究网络渗透的HTTP通信,提出了一种网络渗透的HTTP通信方法,它能够提高网络渗透中通信的穿透性和隐蔽性。同时,本文构建的HTTP木马检测模型对典型的HTTP木马具有较高的识别率,它可以作为对现有木马检测方法的补充。
[Abstract]:The rapid development of Internet and computer technology has brought a lot of convenience to people's life, at the same time, it also provides more criminal means for network criminals. The problem of information security is becoming more and more prominent. Network penetration can be used as a method to evaluate the security of network system, as well as a means for public security organs to detect criminal activities and collect evidence. Trojan horse is a kind of common virus which is aimed at controlling the user's host computer and stealing user's privacy. It is of practical significance to improve the Trojan horse detection technology and improve the Trojan horse identification rate to ensure the user's property and privacy security. In this paper, the HTTP communication of network penetration is analyzed and studied. The main contents are as follows: (1) the HTTP communication method of network penetration is studied. By analyzing the principle of network security equipment such as firewall, the firewall penetration technology based on HTTP communication is studied. Through the analysis of three types of network security detection software, network sniffer, network connection viewer and network traffic viewer, the hiding method of network activity in network penetration is studied. Based on the research of HTTP data transmission mode, the HTTP communication rules of network penetration are constructed, and the network penetration system based on HTTP communication is completed based on the above research methods. (2) the network communication analysis and detection model of HTTP Trojan horse is studied. This paper analyzes the HTTP network communication data generated by the Trojan horse and the ordinary program based on HTTP, and extracts the six network communication behavior characteristics of the HTTP Trojan horse. Based on hierarchical clustering, Davies-Bouldin index and k-means algorithm, a detection model of HTTP Trojan horse is established, which is only used to detect Trojan horse based on HTTP. (3) the experiment is designed to verify the feasibility of the HTTP communication method and the detection model of HTTP Trojan horse proposed in this paper. The experimental results show that the HTTP communication method in this paper can penetrate the protection of network firewall, hide its network activities successfully, and provide reliable data transmission. The network communication analysis and detection model of HTTP can effectively detect HTTP Trojan horse with high accuracy and low false alarm rate. In this paper, by studying the HTTP communication of network penetration, a HTTP communication method of network penetration is proposed, which can improve the penetration and concealment of network penetration. At the same time, the HTTP Trojan detection model constructed in this paper has a high recognition rate for typical HTTP Trojan horses, which can be used as a supplement to the existing Trojan detection methods.
【学位授予单位】：北京化工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】