本文選題：惡意廣告 + URL提取　； 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：互聯(lián)網(wǎng)的發(fā)展促進(jìn)了網(wǎng)絡(luò)廣告的興起,在人們每天瀏覽的網(wǎng)頁(yè)中,隨處可見(jiàn)的是網(wǎng)絡(luò)廣告。廣告不僅僅是很多公司的主要收入來(lái)源,也成為黑客攻擊的載體,典型的廣告攻擊包括廣告釣魚(yú)攻擊、廣告跨站攻擊、惡意代碼注入類(lèi)攻擊等。惡意廣告攻擊不但給上網(wǎng)用戶帶來(lái)很大的經(jīng)濟(jì)損失,同時(shí)也給網(wǎng)站和廣告聯(lián)盟帶來(lái)了很多負(fù)面影響。隨著這個(gè)問(wèn)題越來(lái)越嚴(yán)重,找到一種高效的惡意廣告檢測(cè)方案變得非常迫切。 目前國(guó)內(nèi)外對(duì)惡意廣告的檢測(cè)問(wèn)題做了很多工作,其中最典型的方案是從廣告網(wǎng)絡(luò)的角度進(jìn)行研究,通過(guò)識(shí)別廣告網(wǎng)絡(luò)中的惡意節(jié)點(diǎn)實(shí)現(xiàn)源頭上檢測(cè)的目的。其他的方案主要是從跨站廣告、釣魚(yú)廣告、代碼注入類(lèi)廣告等具體的攻擊形式進(jìn)行展開(kāi)。惡意廣告的來(lái)源有很多種,來(lái)源不同使得攻擊具有多樣性,例如惡意廣告攻擊具有時(shí)間短、變化快、種類(lèi)多等特點(diǎn)。檢測(cè)廣告節(jié)點(diǎn)可以有效地從源頭上找到惡意廣告,但對(duì)于從網(wǎng)站站點(diǎn)或者第三方發(fā)起的惡意廣‘告攻擊卻無(wú)法達(dá)到很好的檢測(cè)效果,同樣從釣魚(yú)廣告和跨站廣告的角度也只能檢測(cè)到其中一種攻擊形式。這些方案無(wú)論是從網(wǎng)絡(luò)節(jié)點(diǎn)還是從單一攻擊類(lèi)型,其檢測(cè)效果都不是很理想。 本文首先分析了廣告網(wǎng)絡(luò)及廣告聯(lián)盟的特點(diǎn),然后總結(jié)了目前主流的惡意廣告檢測(cè)方法,通過(guò)對(duì)比這些方式的優(yōu)缺點(diǎn),在此基礎(chǔ)上提出了一種基于客戶端的惡意廣告檢測(cè)方案。該方案主要由URL提取過(guò)濾模塊、請(qǐng)求發(fā)起模塊、組合檢測(cè)模塊、日志分析模塊等構(gòu)成。其中URL提取模塊是在Nutch框架的基礎(chǔ)上改進(jìn)實(shí)現(xiàn)的,主要用于提取待測(cè)網(wǎng)站中與廣告有關(guān)的URL鏈接。請(qǐng)求發(fā)起模塊主要是模擬客戶端的請(qǐng)求,將提取的待測(cè)URL請(qǐng)求服務(wù)器并獲得響應(yīng)信息。組合過(guò)濾模塊主要由釣魚(yú)網(wǎng)站檢測(cè)庫(kù)和HTTP響應(yīng)檢測(cè)引擎組成,它包含了匹配惡意廣告的特征規(guī)則,該模塊是檢測(cè)方案的核心。日志分析模塊主要是對(duì)檢測(cè)日志進(jìn)行分析,然后統(tǒng)計(jì)識(shí)別的攻擊類(lèi)型并以圖形的形式展示出來(lái)。文章最后一部分是對(duì)檢測(cè)方案進(jìn)行驗(yàn)證,經(jīng)驗(yàn)證該方案可以有效的檢測(cè)到了網(wǎng)站中的惡意廣告信息。
[Abstract]:The development of the Internet has promoted the rise of online advertising, which can be seen everywhere in the web pages that people browse every day. Advertising is not only the main revenue source of many companies, but also a carrier of hacker attacks. Typical advertising attacks include advertising phishing attacks, ad cross-site attacks, malicious code injection attacks and so on. Malicious advertising attacks not only bring great economic losses to Internet users, but also bring a lot of negative effects to websites and advertising alliances. As this problem becomes more and more serious, it is very urgent to find an efficient malicious advertising detection scheme. At present, a lot of work has been done on the detection of malicious advertising at home and abroad, among which the most typical scheme is to study the problem from the perspective of advertising network, and realize the purpose of source detection by identifying the malicious nodes in the advertising network. Other schemes are mainly from cross-station advertising, phishing advertising, code injection advertising and other specific attack forms. There are many kinds of malicious advertising sources. Different sources make attacks have diversity. For example, malicious advertising attacks have the characteristics of short time, fast change, variety and so on. The detection advertisement node can find the malicious advertisement from the source effectively, but for the malicious wide complaint attack launched from the website site or the third party, it can not achieve the very good detection effect. It also detects only one form of attack from the point of view of phishing and cross-site advertising. The detection effect of these schemes is not ideal either from network nodes or from a single attack type. This paper first analyzes the characteristics of advertising network and advertising alliance, then summarizes the current mainstream malicious advertising detection methods. By comparing the advantages and disadvantages of these methods, a client based malicious advertising detection scheme is proposed. The scheme is mainly composed of URL extraction and filtering module, request initiation module, combination detection module, log analysis module and so on. The URL extraction module is improved on the basis of the Nutch framework and is mainly used to extract the URL links related to advertisements in the website under test. The request initiation module mainly simulates the request of the client, which will extract the URL request server to be tested and obtain the response information. The combined filtering module is mainly composed of the fishing site detection library and the HTTP response detection engine. It contains the feature rules for matching malicious advertisements. This module is the core of the detection scheme. Log analysis module mainly analyzes the detection log, and then statistics the type of attack and shows it in the form of graph. The last part of the paper is to verify the detection scheme, which can effectively detect the malicious advertising information in the website.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 李冰;趙逢禹;;Stored-XSS漏洞檢測(cè)的研究與設(shè)計(jì)[J];計(jì)算機(jī)應(yīng)用與軟件;2013年03期

2 葛欣航;;我國(guó)網(wǎng)絡(luò)廣告的現(xiàn)狀及發(fā)展趨勢(shì)分析[J];現(xiàn)代商業(yè);2012年08期

3 達(dá)斯孟;陸永忠;寧峰;;客戶端跨站腳本攻擊的分層防御策略[J];計(jì)算機(jī)系統(tǒng)應(yīng)用;2010年02期

，

本文編號(hào)：1826046