本文關(guān)鍵詞： 防篡改 核心內(nèi)嵌 時間輪詢 跨平臺 安全性　出處：《西安工業(yè)大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著互聯(lián)網(wǎng)的高速發(fā)展,網(wǎng)站已成為政府、企業(yè)、高校等部門進(jìn)行信息發(fā)布的主要平臺。但是互聯(lián)網(wǎng)暴露在一個相對開放的環(huán)境當(dāng)中,它在為人們提供便利服務(wù)的同時,也極易成為黑客攻擊和破壞的目標(biāo)。由于Web應(yīng)用系統(tǒng)的固有開發(fā)特點(diǎn),導(dǎo)致Web應(yīng)用出現(xiàn)了很多漏洞,病毒、木馬和惡意代碼泛濫。黑客利用網(wǎng)站的漏洞肆意的對網(wǎng)站上的信息進(jìn)行篡改,造成了極大的社會影響及經(jīng)濟(jì)損失。為了保護(hù)web網(wǎng)站不發(fā)送被篡改內(nèi)容并及時進(jìn)行自動恢復(fù),提高網(wǎng)站信息安全性、完整性,以解決網(wǎng)頁篡改所帶來的損失和影響,本文提出了一套網(wǎng)頁實時防篡改系統(tǒng)的解決方案。 本文首先研究了多種網(wǎng)頁防篡改軟件的原理,以及網(wǎng)頁防篡改相關(guān)技術(shù),其中包括時間輪詢技術(shù),核心內(nèi)嵌技術(shù),文件過濾驅(qū)動技術(shù)和事件觸發(fā)技術(shù)等。然后從性能、效率、安全性等方面比較了各種技術(shù)的優(yōu)缺點(diǎn)。最終本文選擇了時間輪詢技術(shù)結(jié)合核心內(nèi)嵌技術(shù)作為本論文的研究和實現(xiàn)方向。 本文提出的網(wǎng)頁實時防篡改解決方案包括輪詢掃描模塊與實時檢測模塊兩部分。系統(tǒng)分為監(jiān)測端和管理端,首先管理端對每個網(wǎng)頁文件生成數(shù)字水印,將生成的數(shù)字水印存儲在管理端的Web服務(wù)器上,監(jiān)測端通過文件同步復(fù)制系統(tǒng)把網(wǎng)頁文件以及水印文件同步到指定位置,系統(tǒng)啟動后輪詢掃描模塊對網(wǎng)頁文件進(jìn)行定時掃描比對,核心內(nèi)嵌模塊對每次訪問請求進(jìn)行驗證。當(dāng)發(fā)現(xiàn)數(shù)字水印與原水印值不匹配,則驗證不通過,同時向后臺發(fā)出警報并對被篡改的網(wǎng)頁進(jìn)行自動恢復(fù),以達(dá)到網(wǎng)頁實時防篡改的目的。 本文對系統(tǒng)的技術(shù)平臺、用例、系統(tǒng)流程和系統(tǒng)的架構(gòu)進(jìn)行了詳細(xì)的闡述。系統(tǒng)采用了跨平臺的技術(shù)實現(xiàn),使得在Windows和Linux平臺下都可運(yùn)行。并通過了對系統(tǒng)的功能和性能的測試,從而達(dá)到了設(shè)計要求。最終使得系統(tǒng)能夠及時的發(fā)現(xiàn)篡改行為并進(jìn)行自動恢復(fù),使得應(yīng)用的網(wǎng)站得到安全的保障。
[Abstract]:With the rapid development of the Internet, websites have become the main platform for the government, enterprises, universities and other departments to publish information. But the Internet is exposed to a relatively open environment. At the same time, it is easy to be the target of hacker attack and destruction. Because of the inherent development characteristics of Web application system, there are many vulnerabilities and viruses in Web application. Trojan horse and malicious code flooding. Hackers take advantage of the site vulnerability wantonly tampering with the information on the site. In order to protect the web website from sending tampered content and carry on the automatic recovery in time, improve the information security and integrity of the website. In order to solve the loss and influence caused by web page tampering, this paper presents a solution of real time tamper-proof system for web pages. First of all, this paper studies the principles of various anti-tamper software, as well as the relevant technologies of anti-tampering, including time polling technology, core embedded technology. File filter driver technology and event trigger technology etc. Then from the performance, efficiency. The advantages and disadvantages of various technologies are compared in terms of security. Finally, this paper chooses time polling technology combined with core embedded technology as the research and implementation direction of this paper. The proposed real-time tamper-proof solution includes polling scanning module and real-time detection module. The system is divided into two parts: monitor end and management end. Firstly, the management end generates digital watermark for each web page file. The generated digital watermark is stored on the Web server of the management terminal, and the monitoring end synchronizes the web page file and the watermark file to the specified location through the file synchronization replication system. After the system started, the system polling scanning module to the page file timing scanning comparison, the core embedded module to verify each access request. When it is found that the digital watermark and the original watermark value does not match, the verification does not pass. At the same time, alarm is issued to the background and the tampered pages are automatically restored to achieve the purpose of real-time tamper-proof. In this paper, the system technology platform, use cases, system flow and system architecture are described in detail. The system uses cross-platform technology implementation. It can be run on both Windows and Linux platform, and has passed the test of the function and performance of the system. Finally, the system can detect the tampering behavior in time and recover automatically, so that the application website can be safeguarded.
【學(xué)位授予單位】：西安工業(yè)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.092;TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉大勇;校園網(wǎng)站網(wǎng)頁防篡改技術(shù)研究與應(yīng)用[J];電腦知識與技術(shù);2005年20期

2 李楓;劉志永;馬麗;;網(wǎng)頁防篡改技術(shù)研究及應(yīng)用[J];電力信息化;2008年07期

3 吳煜煌;;基于數(shù)字水印技術(shù)的網(wǎng)頁保護(hù)系統(tǒng)設(shè)計[J];計算機(jī)安全;2008年09期

4 楊飛;;網(wǎng)頁防篡改技術(shù)[J];計算機(jī)安全;2008年09期

5 姚瀅;;網(wǎng)頁防篡改系統(tǒng)的研究與設(shè)計方案[J];計算機(jī)安全;2010年06期

6 申建明;;網(wǎng)頁防篡改技術(shù)探討[J];山西電力;2008年05期

7 羅利民;黃漢永;;網(wǎng)頁防篡改技術(shù)的一種實現(xiàn)[J];福建電腦;2008年11期

8 于艷杰;;網(wǎng)站安全防范淺析[J];科技創(chuàng)新與應(yīng)用;2013年16期

9 胡麗琴;郭紅俊;;WEB服務(wù)器的網(wǎng)頁防篡改設(shè)計[J];北京城市學(xué)院學(xué)報;2005年04期

10 張鑫;閃永強(qiáng);;一種新型網(wǎng)頁防篡改策略的研究與部署[J];河南師范大學(xué)學(xué)報(自然科學(xué)版);2011年05期

，

本文編號：1493508