本文選題：網(wǎng)絡(luò)安全 + 應(yīng)用層攻擊�。� 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)的發(fā)展,網(wǎng)絡(luò)應(yīng)用服務(wù)為人們的生活提供了各種各樣的便利,除了傳統(tǒng)的獲取信息和學(xué)習(xí)知識(shí)外,互聯(lián)網(wǎng)還發(fā)展出了網(wǎng)上購(gòu)物、網(wǎng)上銀行、社交互動(dòng)等等服務(wù)�？梢哉f(shuō),網(wǎng)絡(luò)已經(jīng)成為了人們生活中必不可少的工具之一。 然而,人們?cè)谙硎芫W(wǎng)絡(luò)帶來(lái)的便利的同時(shí),網(wǎng)絡(luò)安全也漸漸成為了一個(gè)被廣泛提起和關(guān)注的話題。同時(shí),隨著網(wǎng)絡(luò)防火墻的發(fā)展,網(wǎng)絡(luò)攻擊得到了一定的防護(hù),而攻擊者也開(kāi)始轉(zhuǎn)變自己的攻擊方式,針對(duì)網(wǎng)絡(luò)應(yīng)用層展開(kāi)攻擊�，F(xiàn)在網(wǎng)絡(luò)應(yīng)用防護(hù)已經(jīng)成為了網(wǎng)絡(luò)安全領(lǐng)域一個(gè)飽受關(guān)注的熱點(diǎn)話題。 本文結(jié)合當(dāng)前網(wǎng)絡(luò)應(yīng)用層攻擊現(xiàn)狀,分析了網(wǎng)絡(luò)中應(yīng)用攻擊手段,以及國(guó)內(nèi)外在應(yīng)用層防御技術(shù)層面做出的努力,重點(diǎn)針對(duì)應(yīng)用防火墻技術(shù)進(jìn)行研究。針對(duì)當(dāng)前網(wǎng)絡(luò)應(yīng)用防火墻仍然存在的防御不全面,誤判率較高和執(zhí)行效率低的缺點(diǎn),本文提出了一種基于反向代理的,融合了黑名單和白名單防御技術(shù)的網(wǎng)絡(luò)應(yīng)用防火墻,并將之實(shí)現(xiàn)。本文重點(diǎn)研究了Modsecurity黑名單規(guī)則,在該黑名單規(guī)則的基礎(chǔ)上加入了白名單檢測(cè)技術(shù)。通過(guò)手動(dòng)和自動(dòng)生成白名單的方式完善應(yīng)用防火墻的防御過(guò)程,提高了應(yīng)用防火墻的防御效果和執(zhí)行效率,對(duì)現(xiàn)在網(wǎng)絡(luò)應(yīng)用防火墻的結(jié)構(gòu)進(jìn)行了完善和優(yōu)化。本文提出的應(yīng)用防火墻架構(gòu)是對(duì)經(jīng)典應(yīng)用防火墻架構(gòu)的詮釋,完整的實(shí)現(xiàn)了應(yīng)用防火墻架構(gòu)模塊,為網(wǎng)絡(luò)應(yīng)用防火墻的布局提供了新思路。
[Abstract]:With the development of the Internet, Internet application services provide a variety of convenience for people's life. In addition to the traditional access to information and learning knowledge, the Internet has also developed online shopping, online banking, social interaction and other services. It can be said that the network has become one of the essential tools in people's lives. However, while people enjoy the convenience brought by the network, network security has gradually become a widely raised and concerned topic. At the same time, with the development of the network firewall, the network attack has been protected to a certain extent, and the attacker has begun to change his attack mode and launch the attack against the network application layer. Network application protection has become a hot topic in the field of network security. According to the current situation of network application layer attack, this paper analyzes the means of network application attack, and the domestic and foreign efforts in the application layer defense technology, focusing on the application of firewall technology. Aiming at the shortcomings of the current network application firewall, such as incomplete defense, high error rate and low execution efficiency, this paper proposes a network application firewall based on reverse proxy, which combines blacklist and whitelist defense technology. And realize it. This paper focuses on the Modsecurity blacklist rule and adds the whitelist detection technology to the blacklist rule. By manually and automatically generating whitelist, the defense process of the applied firewall is improved, the defense effect and execution efficiency of the applied firewall are improved, and the structure of the network application firewall is improved and optimized. The application firewall architecture proposed in this paper is the interpretation of the classical application firewall architecture. It implements the application firewall architecture module completely and provides a new idea for the layout of the network application firewall.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 周敬利;王曉鋒;余勝生;夏洪濤;;一種新的反SQL注入策略的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)科學(xué);2006年11期

2 桑圣洪;胡飛;;性能測(cè)試工具LoadRunner的工作機(jī)理及關(guān)鍵技術(shù)研究[J];科學(xué)技術(shù)與工程;2007年06期

3 沈東;劉嘉勇;吳少華;劉亮;;一種基于NDIS的Web安全防護(hù)技術(shù)與性能研究[J];四川大學(xué)學(xué)報(bào)(自然科學(xué)版);2008年06期

4 王宇;陸松年;;Web應(yīng)用防火墻的設(shè)計(jì)與實(shí)現(xiàn)[J];信息安全與通信保密;2011年05期

5 張洪揚(yáng);唐學(xué)文;;用ModSecurity增強(qiáng)Web應(yīng)用安全[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2007年05期

6 張楠;張振國(guó);;基于規(guī)則的檢測(cè)SQL注入攻擊方法的研究[J];陜西科技大學(xué)學(xué)報(bào);2007年02期

，

本文編號(hào)：1803295