本文選題：網絡安全 + 應用層攻擊　； 參考：《北京郵電大學》2014年碩士論文

【摘要】：隨著互聯(lián)網的發(fā)展,網絡應用服務為人們的生活提供了各種各樣的便利,除了傳統(tǒng)的獲取信息和學習知識外,互聯(lián)網還發(fā)展出了網上購物、網上銀行、社交互動等等服務。可以說,網絡已經成為了人們生活中必不可少的工具之一。 然而,人們在享受網絡帶來的便利的同時,網絡安全也漸漸成為了一個被廣泛提起和關注的話題。同時,隨著網絡防火墻的發(fā)展,網絡攻擊得到了一定的防護,而攻擊者也開始轉變自己的攻擊方式,針對網絡應用層展開攻擊�，F(xiàn)在網絡應用防護已經成為了網絡安全領域一個飽受關注的熱點話題。 本文結合當前網絡應用層攻擊現(xiàn)狀,分析了網絡中應用攻擊手段,以及國內外在應用層防御技術層面做出的努力,重點針對應用防火墻技術進行研究。針對當前網絡應用防火墻仍然存在的防御不全面,誤判率較高和執(zhí)行效率低的缺點,本文提出了一種基于反向代理的,融合了黑名單和白名單防御技術的網絡應用防火墻,并將之實現(xiàn)。本文重點研究了Modsecurity黑名單規(guī)則,在該黑名單規(guī)則的基礎上加入了白名單檢測技術。通過手動和自動生成白名單的方式完善應用防火墻的防御過程,提高了應用防火墻的防御效果和執(zhí)行效率,對現(xiàn)在網絡應用防火墻的結構進行了完善和優(yōu)化。本文提出的應用防火墻架構是對經典應用防火墻架構的詮釋,完整的實現(xiàn)了應用防火墻架構模塊,為網絡應用防火墻的布局提供了新思路。
[Abstract]:With the development of the Internet, Internet application services provide a variety of convenience for people's life. In addition to the traditional access to information and learning knowledge, the Internet has also developed online shopping, online banking, social interaction and other services. It can be said that the network has become one of the essential tools in people's lives. However, while people enjoy the convenience brought by the network, network security has gradually become a widely raised and concerned topic. At the same time, with the development of the network firewall, the network attack has been protected to a certain extent, and the attacker has begun to change his attack mode and launch the attack against the network application layer. Network application protection has become a hot topic in the field of network security. According to the current situation of network application layer attack, this paper analyzes the means of network application attack, and the domestic and foreign efforts in the application layer defense technology, focusing on the application of firewall technology. Aiming at the shortcomings of the current network application firewall, such as incomplete defense, high error rate and low execution efficiency, this paper proposes a network application firewall based on reverse proxy, which combines blacklist and whitelist defense technology. And realize it. This paper focuses on the Modsecurity blacklist rule and adds the whitelist detection technology to the blacklist rule. By manually and automatically generating whitelist, the defense process of the applied firewall is improved, the defense effect and execution efficiency of the applied firewall are improved, and the structure of the network application firewall is improved and optimized. The application firewall architecture proposed in this paper is the interpretation of the classical application firewall architecture. It implements the application firewall architecture module completely and provides a new idea for the layout of the network application firewall.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前6條

1 周敬利;王曉鋒;余勝生;夏洪濤;;一種新的反SQL注入策略的研究與實現(xiàn)[J];計算機科學;2006年11期

2 桑圣洪;胡飛;;性能測試工具LoadRunner的工作機理及關鍵技術研究[J];科學技術與工程;2007年06期

3 沈東;劉嘉勇;吳少華;劉亮;;一種基于NDIS的Web安全防護技術與性能研究[J];四川大學學報(自然科學版);2008年06期

4 王宇;陸松年;;Web應用防火墻的設計與實現(xiàn)[J];信息安全與通信保密;2011年05期

5 張洪揚;唐學文;;用ModSecurity增強Web應用安全[J];網絡安全技術與應用;2007年05期

6 張楠;張振國;;基于規(guī)則的檢測SQL注入攻擊方法的研究[J];陜西科技大學學報;2007年02期

，

本文編號：1803295