本文選題：腳本攻擊　切入點(diǎn)：惡意代碼　出處：《北京郵電大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：21世紀(jì)以來,個(gè)人計(jì)算機(jī)迅速普及,互聯(lián)網(wǎng)高速發(fā)展,這個(gè)過程中,病毒、木馬、僵尸網(wǎng)絡(luò)、蠕蟲等一直在威脅Internet安全。Web2.0的出現(xiàn)使得黑客實(shí)施攻擊更為方便。攻擊者利用Web頁面里邊的腳本偷取用戶信息、劫持用戶會(huì)話、破壞用戶機(jī)器。腳本安全逐漸成為安全領(lǐng)域的熱門話題。本文主要研究腳本攻擊檢測與防御方法。 本文提出了一套基于惡意代碼特征的Web頁面腳本攻擊檢測防御方案。首先,利用云計(jì)算框架Hadoop對(duì)網(wǎng)頁惡意代碼特征進(jìn)行提取,提高特征提取效率。接著,在提取的網(wǎng)頁惡意代碼特征的基礎(chǔ)上,提出了一種對(duì)網(wǎng)頁惡意代碼特征進(jìn)行加權(quán)處理的方法,提高惡意腳本檢測精度。最后,提出了對(duì)網(wǎng)頁進(jìn)行三層檢測的攻擊檢測防御系統(tǒng)設(shè)計(jì),并進(jìn)行實(shí)驗(yàn)對(duì)該系統(tǒng)設(shè)計(jì)進(jìn)行了功能和性能驗(yàn)證。實(shí)驗(yàn)結(jié)果表明,本文提出的Web環(huán)境下腳本攻擊檢測防御系統(tǒng)能夠很好的檢測Web頁面惡意腳本并阻止頁面中惡意腳本的執(zhí)行。
[Abstract]:Since 21th century, personal computers have spread rapidly and the Internet has developed at a high speed. In the process, viruses, Trojans, botnets, Worms have been threatening the security of Internet. Web2.0 has made it more convenient for hackers to attack. Attackers use scripts in Web pages to steal user information and hijack user sessions. The security of scripts has become a hot topic in the field of security. This paper mainly studies the methods of script attack detection and defense. This paper proposes a Web page script attack detection and defense scheme based on malicious code features. Firstly, using cloud computing framework Hadoop to extract malicious code features to improve the efficiency of feature extraction. On the basis of extracting the malicious code features of web pages, a method of weighting the malicious code features of web pages is proposed to improve the accuracy of malicious script detection. Finally, An attack detection and defense system based on three-layer detection of web pages is proposed, and the function and performance of the system are verified by experiments. The experimental results show that, The script attack detection and defense system proposed in this paper can detect the malicious script of Web page and prevent the execution of the malicious script in the Web page.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 張慧琳;諸葛建偉;宋程昱;韓心慧;鄒維;;基于網(wǎng)頁動(dòng)態(tài)視圖的網(wǎng)頁木馬檢測方法[J];清華大學(xué)學(xué)報(bào)(自然科學(xué)版);2009年S2期

，

本文編號(hào)：1639395