發(fā)布時間：2018-02-24 17:08

  本文關(guān)鍵詞： 惡意網(wǎng)頁檢測 蜜罐技術(shù) Capture-HPC 數(shù)據(jù)挖掘　出處：《上海交通大學》2012年碩士論文　論文類型：學位論文

【摘要】：隨著計算機互聯(lián)網(wǎng)的發(fā)展，人們通過網(wǎng)絡進行著娛樂、購物、工作、電子商務等一系列的活動。其中，網(wǎng)頁瀏覽在這些活動當中占據(jù)著非常多的一部分比重，正因為如此，許多不法分子和黑客瞄準了人們對于網(wǎng)絡安全意識薄弱的漏洞，肆意地進行惡意攻擊、侵入用戶的系統(tǒng)，其中惡意網(wǎng)頁是最為嚴重的一個網(wǎng)絡安全問題，極大地危害了用戶使用互聯(lián)網(wǎng)的數(shù)據(jù)安全，甚至造成嚴重的經(jīng)濟損失。 惡意網(wǎng)頁檢測技術(shù)也隨著網(wǎng)絡安全問題不斷擴大而深入，靜態(tài)網(wǎng)頁檢測分析和客戶端蜜罐技術(shù)成為了惡意網(wǎng)頁檢測研究的重要領(lǐng)域。蜜罐是一種欺騙入侵者以達到采集黑客攻擊方法和保護真實主機目標的誘騙技術(shù)。本文所使用的Capture-HPC是一種高交互度客戶端蜜罐，它建立了一個虛擬的環(huán)境，模擬真實的操作系統(tǒng)和應用系統(tǒng)，故意暴露出各種弱點或漏洞，，引誘入侵者來攻擊，攻擊者對虛擬系統(tǒng)所做的任何改變和行為都會被記錄在蜜罐日志中。 本文設計并實現(xiàn)了一種惡意網(wǎng)頁動態(tài)檢測模型，模型通過對Capture-HPC蜜罐日志進行數(shù)據(jù)挖掘的方法，解決了Capture-HPC檢測效率低，以及在實際應用過程中誤警率過高的問題。該檢測模型通過將蜜罐日志轉(zhuǎn)換成操作序列和挖掘序列，可以有效地運用數(shù)據(jù)挖掘算法對海量日志文件進行挖掘與分析，從而優(yōu)化本文的惡意網(wǎng)頁檢測系統(tǒng)，以尋找出攻擊者的攻擊方式和行為特征。 本文主要闡述了三種常見的數(shù)據(jù)挖掘技術(shù)：聚類分析、關(guān)聯(lián)規(guī)則挖掘、決策樹分類，如何有效而合理地應用在本文的惡意網(wǎng)頁動態(tài)檢測模型當中。本文對于檢測模型的模塊構(gòu)成和具體設計和實現(xiàn)的方法給予了詳細地介紹，并通過真實地具體實驗進一步驗證了本文提出的惡意網(wǎng)頁動態(tài)檢測模型設計是合理的，數(shù)據(jù)挖掘的算法選取是正確的，挖掘技術(shù)應用在惡意網(wǎng)頁檢測中有效的，以及隨之對于優(yōu)化檢測模型的效果是明顯的。在實際的應用過程中，本文所提出的模型有著非常穩(wěn)定和良好的惡意網(wǎng)頁檢測效果。
[Abstract]:With the development of the computer Internet, people are engaged in a series of activities such as entertainment, shopping, work, electronic commerce and so on through the network. Many lawless elements and hackers have aimed at the vulnerability of people's weak awareness of network security, carried out wanton malicious attacks and intruded into users' systems. Among them, malicious web pages are the most serious network security problems. It greatly endangers the data security of users using the Internet, and even causes serious economic losses. Malicious web page detection technology has also deepened with the expansion of network security issues. Static web page detection and analysis and client honeypot technology have become an important area of malicious web page detection. Honeypot is a deceptive technology to deceive intruders to collect hacker attack methods and protect real host target. The Capture-HPC used in this paper is a high degree of interaction client honeypot, It creates a virtual environment, simulates real operating systems and applications, deliberately exposes vulnerabilities or vulnerabilities, seduces intruders to attack, Any changes and behaviors made by an attacker to the virtual system are recorded in the honeypot log. This paper designs and implements a dynamic detection model for malicious web pages. The model solves the low efficiency of Capture-HPC detection by mining the honeypot log data. By converting honeypot log into operation sequence and mining sequence, the model can effectively use data mining algorithm to mine and analyze massive log files. In order to find out the attack mode and behavior characteristics of the attacker, the malicious web page detection system is optimized in this paper. This paper mainly describes three common data mining techniques: cluster analysis, association rule mining, decision tree classification, How to effectively and reasonably apply to the dynamic detection model of malicious web pages in this paper. This paper gives a detailed introduction to the module structure and the specific design and implementation of the detection model. Furthermore, the design of the dynamic detection model of malicious web pages proposed in this paper is proved to be reasonable, the algorithm selection of data mining is correct, and the application of mining technology is effective in the detection of malicious web pages. In the practical application process, the model presented in this paper has a very stable and good malicious web page detection effect.
【學位授予單位】：上海交通大學
【學位級別】：碩士
【學位授予年份】：2012
【分類號】：TP311.13

【參考文獻】

相關(guān)期刊論文 前3條

1 吳際,黃傳河,王麗娜,吳小兵;基于數(shù)據(jù)挖掘的入侵檢測系統(tǒng)研究[J];計算機工程與應用;2003年04期

2 翟光群;陳向東;胡貴江;;蜜罐與入侵檢測技術(shù)聯(lián)動系統(tǒng)的研究與設計[J];計算機工程與設計;2009年21期

3 孫印杰;王敏;陳智芳;;解析蜜罐技術(shù)在網(wǎng)絡安全中的應用[J];計算機技術(shù)與發(fā)展;2008年07期

相關(guān)碩士學位論文 前5條

1 魏為;基于內(nèi)容的網(wǎng)頁惡意代碼檢測的研究與實現(xiàn)[D];華中科技大學;2011年

2 李世勇;基于混合式客戶端蜜罐的惡意網(wǎng)址收集系統(tǒng)的設計與實現(xiàn)[D];武漢科技大學;2008年

3 王穎杰;基于惡意網(wǎng)頁檢測的蜜罐系統(tǒng)研究[D];南京師范大學;2008年

4 李靜;基于蜜罐日志分析的主動防御研究和實現(xiàn)[D];上海交通大學;2009年

5 樊迅;客戶端蜜罐研究與應用擴展[D];上海交通大學;2008年

本文編號：1531033