本文選題：漏洞掃描 + 相似度匹配��； 參考：《杭州電子科技大學(xué)》2014年碩士論文

【摘要】：隨著網(wǎng)絡(luò)技術(shù)的飛速發(fā)展以及網(wǎng)絡(luò)平臺的易開發(fā)、易使用和平臺開放等特性,越來越多的公司企業(yè)、行政機關(guān)以及個人都在互聯(lián)網(wǎng)上建立了自己的站點,但也使得網(wǎng)絡(luò)平臺的安全形勢日益嚴峻。Web應(yīng)用程序存在的許多編碼漏洞,將導(dǎo)致Web服務(wù)器易于受到網(wǎng)絡(luò)惡意攻擊,其中SQL注入攻擊是流傳較為廣泛而且危害性較大的攻擊方法。為保證Web應(yīng)用程序的安全,通過Web漏洞掃描及時發(fā)現(xiàn)、挖掘出SQL注入漏洞是非常重要的。一般情況下,在對Web漏洞掃描時,需要抓取網(wǎng)站所有網(wǎng)頁并對覆蓋較多的SQL注入漏洞,這將導(dǎo)致過高的掃描時間開銷。因此,在SQL注入漏洞掃描過程中,適當(dāng)縮減掃描規(guī)模又盡可能充分覆蓋系統(tǒng)中可能存在的SQL注入漏洞成為了當(dāng)前亟需解決的問題。 本文首先介紹國內(nèi)外在SQL注入漏洞檢測上的一些進展,通過詳細研究了當(dāng)前漏洞檢測常用方法,在前面研究的基礎(chǔ)上設(shè)計和實現(xiàn)了一個檢測效率高同時漏洞檢出率也較高的Web漏洞安全檢測模型。這個模型的設(shè)計主要分為兩部分：基于模板匹配的網(wǎng)絡(luò)爬蟲和基于知識庫自動擴展的SQL注入漏洞挖掘模塊構(gòu)成。本文設(shè)計的模型實現(xiàn)了網(wǎng)站漏洞掃描時爬蟲抓取對象的適當(dāng)精簡,從而大大提高了漏洞掃描的效率。同時,為了提高SQL注入漏洞的檢出率,本文設(shè)計并實現(xiàn)了用于檢測的模擬攻擊集自動擴展。擴展后的模擬攻擊集涵蓋多個方面的黑客攻擊途徑,在系統(tǒng)遭受攻擊之前為安全工作者和系統(tǒng)開發(fā)者提供系統(tǒng)編碼和安全機制的漏洞信息。 本文提出了基于模板匹配的網(wǎng)絡(luò)爬蟲解決方案用于實現(xiàn)掃描對象的精簡從而對目標(biāo)服務(wù)器實施高效準確的漏洞檢測。它首先對同一模板下的網(wǎng)頁進行抽樣抓,再對抓取的網(wǎng)頁進行結(jié)構(gòu)相似度計算,根據(jù)相似網(wǎng)頁的在抽樣中所在的比例決定是否完全抓取該模板下的網(wǎng)頁。本文通過模板匹配方法過濾掉那些同一模板結(jié)構(gòu)重復(fù)的網(wǎng)頁實現(xiàn)了漏洞掃描對象的精簡,并付諸于具體實驗。實驗證明,基于模板匹配的網(wǎng)絡(luò)爬蟲設(shè)計方案針對不同類型的網(wǎng)站時保持了一定規(guī)模之內(nèi)的抓取數(shù)量(實驗中分別爬行三種類型網(wǎng)站的抓取數(shù)量為88-129),同時由于設(shè)計了前綴匹配爬行策略,本文設(shè)計的爬蟲對網(wǎng)頁深度設(shè)置不敏感實現(xiàn)了檢測結(jié)果的高魯棒性。 另一方面,由于SQL注入漏洞的黑盒檢測依賴一個預(yù)先定義好的模擬攻擊集,這個模擬攻擊集中包含了所有可能存在的黑客攻擊手段,如何完善這個模擬攻擊集從而實現(xiàn)對可能存在的黑客攻擊的有效覆蓋成了本文另一個研究重點。本文提出的基于知識庫自動擴展的SQL注入漏洞挖掘,通過研究當(dāng)前的SQL注入攻擊的各種變種形式,總結(jié)出了SQL注入攻擊語句的各種不同的變化模式,將這些變化的模式應(yīng)用到現(xiàn)有的模擬攻擊集上從而實現(xiàn)了檢測手段的擴展。新的模擬攻擊集擴展方案不僅可以掃描服務(wù)器的編碼漏洞還可以檢測出當(dāng)前部署的安全機制上的不足,從而有效預(yù)防了SQL注入攻擊對目標(biāo)站點的侵害。實驗證明,擴展后漏洞檢出率都在80%以上,雖然擴展后的時間開銷確實要高于擴展之前,但兩者差距并不明顯實驗中的三組實驗結(jié)果的差距基本控制在5s之內(nèi)。 本文的研究依托浙江省重大項目“基于云計算感知的Web漏洞防護系統(tǒng)”課題,研究成果可為Web漏洞,尤其是SQL注入漏洞的檢測供技術(shù)支撐。本文也為網(wǎng)絡(luò)爬蟲技術(shù)、漏洞掃描覆蓋以及漏洞知識庫自動擴展提供了一些全新角度的方法和思路,對進一步研究Web漏洞檢測和防護以及自動識別網(wǎng)絡(luò)黑客的SQL注入手段提供了一定的參考價值和借鑒作用。
[Abstract]:With the rapid development of network technology, the easy development of network platform, easy to use and open platform, more and more companies, administrative agencies and individuals have built their own sites on the Internet, but the security situation of the network platform is becoming increasingly severe in the.Web applications of many coding vulnerabilities, which will lead to We B server is prone to malicious attacks on the network, and SQL injection attack is a widely spread and harmful attack method. In order to ensure the security of Web applications, it is very important to discover SQL injection vulnerabilities in time by scanning the Web vulnerability. In general, it is necessary to capture all web sites when the Web vulnerability is scanned. Pages and a large number of SQL injection vulnerabilities will lead to excessive scanning time costs. Therefore, in the process of SQL injection vulnerability scanning, it is an urgent problem to appropriately reduce the scan scale and cover the possible SQL injection vulnerabilities in the system as well as possible.
This paper first introduces the progress of SQL injection vulnerability detection at home and abroad. By studying the common methods of current vulnerability detection in detail, a Web vulnerability detection model with high detection efficiency and high vulnerability detection rate is designed and implemented on the basis of the previous research. The design of this model is mainly divided into two parts: Base It is composed of template matching network crawler and SQL injection vulnerability mining module based on knowledge base automatic extension. The model designed in this paper implements the appropriate simplification of crawler grabbing objects during web site vulnerability scanning, thus greatly improving the efficiency of vulnerability scanning. In order to improve the detection rate of SQL injection vulnerability, this paper designs and implements the use of this model. The simulated attack set is extended automatically. The extended analog attack set covers a number of hacker attacks and provides security workers and system developers with system coding and security mechanisms for vulnerability information before the system is attacked.
This paper proposes a network crawler solution based on template matching, which is used to simplify the scanned object and implement the efficient and accurate vulnerability detection to the target server. First, it takes a sample of the web pages under the same template, and then calculates the structure similarity of the captured web pages, according to the ratio of the similar web pages in the sampling. In this paper, we decide whether to completely grab the web page under the template. This paper filters out those web pages that duplicate the same template structure by template matching method and implements the simplification of the vulnerability scanning object and put it into specific experiments. The experiment proves that the network crawler design based on template matching maintains a certain scale for different types of websites. The number of crawling within the three types of crawling sites in the experiment is 88-129. At the same time, because of the design of the prefix matching crawling strategy, the crawler designed in this paper is insensitive to the depth of the web page to achieve the high robustness of the detection results.
On the other hand, the black box detection of the SQL injection vulnerability depends on a pre defined set of simulated attack sets, which contains all possible hacker attacks. How to improve the simulated attack set to achieve the effective coverage of possible hacker attacks is another research focus in this paper. The SQL injection vulnerability mining based on knowledge base automatic extension is proposed. By studying various variant forms of current SQL injection attacks, various different patterns of change of SQL injection attack statements are summed up, and the patterns of these changes are applied to the existing simulated attack sets to realize the expansion of detection means. The set extension scheme not only can scan the code vulnerability of the server but also detect the shortage on the security mechanism of the current deployment, thus effectively preventing the SQL injection attack against the target site. The experiment proves that the detection rate of the extended vulnerability is above 80%, although the extended time cost is really higher than that before the extension, but the difference between the two is poor. The gap between the three sets of experiments is not obvious, and the difference is basically within 5S.
This research relies on the major project of "cloud computing based Web vulnerability protection system" in Zhejiang province. The research results can provide technical support for the detection of Web vulnerabilities, especially SQL injection vulnerabilities. This paper also provides some new methods for network crawler technology, vulnerability scanning coverage and the automatic expansion of vulnerability knowledge base. The idea provides some reference and reference for further research on Web vulnerability detection and protection, and automatic identification of SQL injection methods of network hackers.

【學(xué)位授予單位】：杭州電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前5條

1 歐健文,董守斌,蔡斌;模板化網(wǎng)頁主題信息的提取方法[J];清華大學(xué)學(xué)報(自然科學(xué)版);2005年S1期

2 王璞,張臻鑒,王玉璽;基于覆蓋的軟件測試技術(shù)在實時嵌入式軟件中的應(yīng)用研究[J];計算機工程與設(shè)計;1998年06期

3 徐陋;姚國祥;;SQL注入攻擊全面預(yù)防辦法及其應(yīng)用[J];微計算機信息;2006年09期

4 李小花;孫建華;陳浩;;程序分析技術(shù)在SQL注入防御中的應(yīng)用研究[J];小型微型計算機系統(tǒng);2011年06期

5 羅啟漢;張玉清;劉奇旭;;針對RESTful API的SQL注入漏洞檢測工具的設(shè)計與實現(xiàn)[J];中國科學(xué)院研究生院學(xué)報;2013年03期

相關(guān)博士學(xué)位論文 前1條

1 張波;基于測試覆蓋的安全關(guān)鍵軟件測試策略研究[D];中國科學(xué)院研究生院（長春光學(xué)精密機械與物理研究所）;2012年

，

本文編號：1882963