多层次网站安全防护系统研究

发布时间：2018-05-30 04:17

本文选题：网站安全 + 注入式攻击　；参考：《郑州大学》2011年硕士论文

【摘要】：网络的飞速发展、网民数量的剧增以及日常生活的日益信息化,使得网站成为了网络生活中的重要角色,担当了信息化的重要载体,网站在发挥重要作用和丰富人们生活的同时,针对网站的攻击亦开始活跃起来,这给网站带来了极大的安全隐患。网站安全问题的产生催生了各种防护措施和产品,其在保护网站安全方面发挥了重要作用；然而各种常见的安全防护措施和产品往往只关注一个层次的问题,而网站安全是一个多层次的问题,任何一个层次的防护缺失都将造成网站被成功攻陷。本文针对单一的网站安全防护系统不能有效解决当前网站安全的问题,研究了一种多层次的网站安全防护系统。本文首先对当前网站安全的形势及网站安全的研究现状进行了介绍,分析了一些常见安全防护的优点和缺点,进而引出了本文的研究内容：多层次网站安全防护系统研究。然后对本文中涉及到的网站安全相关知识进行了阐述,包括注入攻击(Injection Attack),跨站脚本攻击(XSS Attack),防篡改技术,WebShell介绍等。第三部分重点对本文研究的多层次网站安全防护系统进行介绍并设计实现,首先对多层次的网站安全防护系统总体上进行设计,包括了防注入/防XSS攻击系统,网站防篡改系统,WebShell和特殊文件夹(特殊文件)检测系统,然后对各个部分进行详细介绍：(1)防注入/防XSS攻击系统主要针对网站的SQL注入、跨站脚本攻击等问题,防止攻击者利用此类攻击获取管理员甚至系统权限,阻止其对客户端用户进行攻击,同时针对比较隐蔽和灵活的cookie注入攻击,系统及时检测分析cookie中数据,保证恶意代码无法传递到Web服务器,从而保护网站正常运行；(2)防篡改系统的功能主要是保证网站目录中文件不被非法篡改,采用基于文件过滤驱动技术实现,在指定监控目录、指定监控文件类型、指定操作权限的情况下,在内核态对文件读写操作请求进行拦截分析,不符合策略则立即对请求的IRP (I/O Request Package)流进行拒绝,从而实现防篡改的目的,同时本文防篡改系统实现了对写入文件内容的主动分析拦截功能,防止恶意文件写入网站目录中；(3)网站后台木马WebShell文件及特殊文件夹(特殊文件)检测系统主要对网站的WebShell文件进行检测,防止网站后台木马对网站及系统的控制,同时对一些特殊文件夹、特殊文件(以windows设备等命名)进行检测,清除WebShell木马和广告链接的藏身之处,两种检测结合起来可以保证网站目录文件的无木马化。论文第四部分通过实验对本文研究实现的多层次防护系统进行验证,实验结果表明,本文实现的系统可以对常见的网站攻击起到良好的防护作用,多个层次相互作用,可以对网站安全起到综合的防护效果。
[Abstract]:With the rapid development of the network, the rapid increase of the number of Internet users and the increasing informatization of daily life, the website has become an important role in the network life, and has played an important role in the informatization. Website plays an important role and enriches people's life at the same time, the attack against website also begins to be active, which brings great security hidden danger to website. The emergence of the security problems of the website has given birth to a variety of protective measures and products, which play an important role in protecting the security of the website. However, various common security measures and products tend to focus on only one level of problems. Website security is a multi-level problem, any level of lack of protection will result in the success of the site. In view of the fact that a single website security protection system can not effectively solve the problem of current website security, a multi-level website security protection system is studied in this paper. This paper first introduces the current situation of website security and the research status of website security, analyzes the advantages and disadvantages of some common security protection, and then leads to the research content of this paper: the research of multi-level website security protection system. Then, the related knowledge of website security involved in this paper is expounded, including injection attack, cross-site script attack XSS attack, tamper-proof technology and Web shell. The third part focuses on the introduction and implementation of the multi-level website security protection system studied in this paper. Firstly, the multi-level website security protection system is designed as a whole, including the anti-injection / anti-XSS attack system. Web shell and special folder (special file) detection system are introduced in detail. Then, the system of preventing injection / XSS attack is mainly aimed at SQL injection, cross-site script attack and so on. To prevent attackers from taking advantage of such attacks to gain administrator or even system privileges, to prevent them from attacking client users, and at the same time to detect and analyze the data in cookie in time for the more covert and flexible cookie injection attacks. The main function of the tamper-proof system is to ensure that the files in the website directory are not tampered with illegally. When the file type is specified and the operation permission is specified, the file read-write request is intercepted and analyzed in kernel mode, and the requested IRP / I / O Request package stream is rejected immediately if the policy does not conform to the policy, so as to achieve the purpose of anti-tampering. At the same time, the tamper-proof system realizes the active analysis and interception function of writing the contents of the file. To prevent malicious files from writing to the directory of the website, the WebShell file and special folder (special file) detection system mainly detects the WebShell files of the website, and prevents the background Trojan horse from controlling the website and the system. At the same time, some special folders, special files (named after windows devices) are detected to clear the hiding place of WebShell Trojans and advertising links. The combination of the two kinds of detection can ensure the website directory files without Trojans. The fourth part of the thesis verifies the multi-level protection system studied in this paper through experiments. The experimental results show that the system implemented in this paper can play a good role in protecting common website attacks and interact with each other at many levels. Can play the comprehensive protective effect to the website security.
【学位授予单位】：郑州大学
【学位级别】：硕士
【学位授予年份】：2011
【分类号】：TP393.08

【参考文献】