基于特征匹配的WEB应用防火墙的研究与实现
发布时间:2019-03-19 20:16
【摘要】:互联网的快速发展给我们的生活带来很大的便利,Web的快速发展尤其是Web2.0时代的到来更是能够很好的说明这个问题。与此对应的是,Web的快速发展是依靠硬件、应用软件等互联网基础设施以及相关协议的不断发展。硬件(路由器、交换机、服务器和存储设备等)越来越庞大,应用软件(门户网站、Web应用系统以及其使用的脚本语言)越来越复杂,相关协议(HTTP、POP3、ARP等)越来越显得安全性的不足,在Web快速发展的同时,Web安全问题接踵而来。在早期互联网中,黑客的主要攻击目标是网络、操作系统以及系统软件和应用软件。当Web安全威胁越来越严重时,传统的网络防护设备、软件等比如入侵检测系统(IDS)、入侵防御系统(IPS)、传统防火墙等只能针对数据流的安全进行识别和防御,并不具备针对应用层Web攻击的防护能力。 在互联网的基础设施比较完备的今天,互联网的核心已经转变。互联网公司追求的是使用用户数,用户产生业务,业务产生数据,那么互联网公司最核心的价值就是用户的数据。互联网安全的核心问题,已经转变为数据安全的问题。而针对Web的攻击能够更直接和容易的获取攻击者想要获取的数据。在众多的Web攻击方式中,SQL注入攻击和XSS跨站攻击能够更直接获取到用户数据,从这两种攻击方式出现一直到今天,都是一直高居OWASP TOP10,而未来攻击的发展趋势,XSS跨站脚本攻击会一直名列前茅,SQL注入攻击也不会随着防御意识的提高而消失。 Web应用防火墙(也称:网站应用级入侵防御系统。英文:Web Application Firewall,简称: WAF)的出现很好的解决了这个问题,但是仍有很多Web应用防火墙无法高效率识别出黑客构造的变幻莫测的攻击数据。目前针对Web的攻击有很多种,但最主流的攻击方式包括SQL注入和XSS跨站脚本。Web攻击的防御方式是通过正则匹配表达式来匹配并拦截可疑数据。 本文的研究工作主要包括以下几个方面: (1)根据黑客在进行SQL注入攻击时所提交的不同数据格式,找出对应的正则匹配算法,最大可能做到广谱匹配性,且尽可能减少误判的可能性; (2)根据黑客在进行XSS跨站脚本攻击时所提交的不同数据格式,找出对应的正则匹配算法,最大可能做到广谱匹配性,且尽可能减少误判的可能性; (3)获取客户端与Web服务器交互的数据,根据已有的正则匹配算法进行攻击数据的判断和拦截。 (4)以远程任意命令执行漏洞为例,来分析近年来出现的众多Web应用框架漏洞,最大可能做到广谱匹配性,且尽可能减少误判的可能性; 最后通过Python语言,结合搜集整理的正则匹配表达式,通过抓取Web服务端的HTTP报文,实现对多种数据提交方式比如GET、POST和COOKIE等进行过滤,达到阻断攻击的目的,实现高效的Web应用防火墙功能。
[Abstract]:The rapid development of the Internet has brought great convenience to our life, and the rapid development of Web, especially the arrival of the Web2.0 era, can explain this problem very well. Accordingly, the rapid development of Web depends on the continuous development of Internet infrastructure such as hardware, application software and related protocols. Hardware (routers, switches, servers, storage devices, etc.) is becoming larger and larger, applications (portals, Web applications and the scripting language they use) are becoming more and more complex, and related protocols (HTTP,POP3,) are becoming more and more complex With the rapid development of Web, Web security problems follow one after another. ARP, etc., is more and more deficient in security. In early Internet, the main targets of hackers were network, operating system, system software and application software. When the Web security threat becomes more and more serious, traditional network protection equipment, software and so on, such as intrusion detection system (IDS), intrusion prevention system, (IPS), traditional firewall and other traditional firewalls, can only identify and defend against the security of data flow. Does not have the ability to protect against application layer Web attacks. In the Internet infrastructure is relatively complete today, the core of the Internet has changed. Internet companies pursue the use of the number of users, users generate business, business generated data, then the core value of Internet companies is user data. The core issue of Internet security, has been transformed into the issue of data security. And Web attacks can more directly and easily access the data the attacker wants to acquire. Among the many Web attacks, SQL injection attacks and XSS cross-station attacks can obtain user data more directly. From the appearance of these two attacks to today, they are always high in the development trend of OWASP TOP10, attacks in the future. XSS cross-site scripting attacks will always be among the top, and SQL injection attacks will not disappear with increased defense awareness. Web application firewall (also known as: Web application-level intrusion prevention system. The emergence of: Web Application Firewall, (: WAF) has solved this problem well, but there are still many Web application firewalls that can not efficiently identify the unpredictable attack data constructed by hackers. At present, there are many kinds of attacks against Web, but the most popular attacks include SQL injection and XSS cross-site scripting. The defense of web attacks is to match and intercept suspicious data by regular matching expressions. The research work of this paper mainly includes the following aspects: (1) according to the different data formats submitted by hackers during the SQL injection attack, the corresponding regular matching algorithm is found, and the maximum likelihood of broad-spectrum matching is achieved. And minimize the possibility of miscarriage of justice; (2) according to the different data formats submitted by hackers during the XSS cross-station script attack, the corresponding regular matching algorithm is found, which can achieve broad-spectrum matching and minimize the possibility of misjudgment as much as possible. (3) get the data that the client interacts with the Web server, and judge and intercept the attack data according to the existing regular matching algorithm. (4) taking the remote arbitrary command execution vulnerability as an example, this paper analyzes many vulnerabilities in Web application framework in recent years, which is likely to achieve broad-spectrum matching and reduce the possibility of misjudgment as much as possible. Finally, through the Python language, combined with the regular matching expressions collected and collated, by grabbing the HTTP message of the Web server, we can filter a variety of data submission methods, such as GET,POST and COOKIE, to achieve the purpose of blocking the attack. Realize efficient Web application firewall function.
【学位授予单位】:安徽大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2443862
[Abstract]:The rapid development of the Internet has brought great convenience to our life, and the rapid development of Web, especially the arrival of the Web2.0 era, can explain this problem very well. Accordingly, the rapid development of Web depends on the continuous development of Internet infrastructure such as hardware, application software and related protocols. Hardware (routers, switches, servers, storage devices, etc.) is becoming larger and larger, applications (portals, Web applications and the scripting language they use) are becoming more and more complex, and related protocols (HTTP,POP3,) are becoming more and more complex With the rapid development of Web, Web security problems follow one after another. ARP, etc., is more and more deficient in security. In early Internet, the main targets of hackers were network, operating system, system software and application software. When the Web security threat becomes more and more serious, traditional network protection equipment, software and so on, such as intrusion detection system (IDS), intrusion prevention system, (IPS), traditional firewall and other traditional firewalls, can only identify and defend against the security of data flow. Does not have the ability to protect against application layer Web attacks. In the Internet infrastructure is relatively complete today, the core of the Internet has changed. Internet companies pursue the use of the number of users, users generate business, business generated data, then the core value of Internet companies is user data. The core issue of Internet security, has been transformed into the issue of data security. And Web attacks can more directly and easily access the data the attacker wants to acquire. Among the many Web attacks, SQL injection attacks and XSS cross-station attacks can obtain user data more directly. From the appearance of these two attacks to today, they are always high in the development trend of OWASP TOP10, attacks in the future. XSS cross-site scripting attacks will always be among the top, and SQL injection attacks will not disappear with increased defense awareness. Web application firewall (also known as: Web application-level intrusion prevention system. The emergence of: Web Application Firewall, (: WAF) has solved this problem well, but there are still many Web application firewalls that can not efficiently identify the unpredictable attack data constructed by hackers. At present, there are many kinds of attacks against Web, but the most popular attacks include SQL injection and XSS cross-site scripting. The defense of web attacks is to match and intercept suspicious data by regular matching expressions. The research work of this paper mainly includes the following aspects: (1) according to the different data formats submitted by hackers during the SQL injection attack, the corresponding regular matching algorithm is found, and the maximum likelihood of broad-spectrum matching is achieved. And minimize the possibility of miscarriage of justice; (2) according to the different data formats submitted by hackers during the XSS cross-station script attack, the corresponding regular matching algorithm is found, which can achieve broad-spectrum matching and minimize the possibility of misjudgment as much as possible. (3) get the data that the client interacts with the Web server, and judge and intercept the attack data according to the existing regular matching algorithm. (4) taking the remote arbitrary command execution vulnerability as an example, this paper analyzes many vulnerabilities in Web application framework in recent years, which is likely to achieve broad-spectrum matching and reduce the possibility of misjudgment as much as possible. Finally, through the Python language, combined with the regular matching expressions collected and collated, by grabbing the HTTP message of the Web server, we can filter a variety of data submission methods, such as GET,POST and COOKIE, to achieve the purpose of blocking the attack. Realize efficient Web application firewall function.
【学位授予单位】:安徽大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 于爱君,焦芳梅;电子邮件在图书馆参考咨询中的应用[J];图书与情报;2001年02期
2 姚振军;黄德根;纪翔宇;;正则表达式在汉英对照中国文化术语抽取中应用[J];大连理工大学学报;2010年02期
3 张开便;;C语言与汇编混合编程机理探析与应用[J];电脑开发与应用;2010年04期
4 杨成科;;基于正则表达式的模糊查询和数据匹配验证[J];电脑知识与技术;2008年29期
5 范渊;;Web应用风险扫描的研究与应用[J];电信网技术;2012年03期
6 刘琳;;浅谈防火墙技术在网络安全中的应用[J];华南金融电脑;2009年12期
7 ;互联网网络安全热点问题分析[J];互联网天地;2013年05期
8 白会肖;;Web应用程序下XSS漏洞攻击与防御研究[J];石家庄职业技术学院学报;2012年06期
9 张荣;中国互联网发展现状分析[J];西北电力技术;2004年06期
10 郭淑红;;入侵防御系统(IPS)[J];信阳农业高等专科学校学报;2007年02期
,本文编号:2443862
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2443862.html
