發(fā)布時(shí)間：2018-06-11 11:33

  本文選題：HoneyClient + DeepWeb　； 參考：《武漢理工大學(xué)》2014年碩士論文

【摘要】：當(dāng)今世界互聯(lián)網(wǎng)已經(jīng)成為了人們生活中不可缺少的一部分，這些年來(lái)網(wǎng)絡(luò)技術(shù)蓬勃發(fā)展，在很大程度上改變了人們的生活方式，但隨之而來(lái)的新的網(wǎng)絡(luò)安全問(wèn)題也不斷涌現(xiàn)。現(xiàn)今的網(wǎng)絡(luò)攻擊越來(lái)越多地以客戶端作為攻擊對(duì)象，而充斥互聯(lián)網(wǎng)的大量惡意網(wǎng)頁(yè)則是一種常見(jiàn)的入侵手法，且隨著HTML5規(guī)范的提出和應(yīng)用，在帶來(lái)了大量新功能的同時(shí)，不可避免地也帶來(lái)了新的安全漏洞。 本文將基于對(duì)現(xiàn)有客戶端蜜罐和惡意網(wǎng)頁(yè)收集系統(tǒng)的分析，重點(diǎn)研究HoneyClient蜜罐系統(tǒng)的安全改進(jìn)、基于DeepWeb動(dòng)態(tài)網(wǎng)頁(yè)數(shù)據(jù)捕獲技術(shù)的深度網(wǎng)頁(yè)爬蟲(chóng)以及惡意網(wǎng)頁(yè)數(shù)據(jù)分析技術(shù)，設(shè)計(jì)出一種基于客戶端蜜罐的惡意網(wǎng)頁(yè)收集和分析系統(tǒng)原型，能夠同時(shí)對(duì)HTML4以及HTML5制作的網(wǎng)頁(yè)以及其數(shù)據(jù)庫(kù)中的數(shù)據(jù)進(jìn)行分析，捕獲可能含有的惡意攻擊代碼。本文的主要工作如下： 1.客戶端攻擊研究，本文對(duì)現(xiàn)今流行的各種針對(duì)客戶端的攻擊進(jìn)行了充分研究，從攻擊原理，客戶端軟件漏洞和攻擊途徑三個(gè)方面分析了針對(duì)客戶端的攻擊的常見(jiàn)情況。 2.高交互客戶端蜜罐HoneyClient的安全改進(jìn)。本系統(tǒng)的惡意URL收集功能將使用HoneyClient來(lái)完成，由于高交互客戶端蜜罐自身存在著一定的風(fēng)險(xiǎn)，因此本文將對(duì)HoenyClient的安全保障系統(tǒng)做一定的研究和配置，減少使用其收集惡意URL時(shí)被攻陷的可能性。 3.深度網(wǎng)頁(yè)爬蟲(chóng)設(shè)計(jì)。本文在傳統(tǒng)爬蟲(chóng)的基礎(chǔ)上加入了DeepWeb技術(shù)，設(shè)計(jì)了一種具有獲取網(wǎng)站完整數(shù)據(jù)功能的新型深度網(wǎng)頁(yè)爬蟲(chóng)，使得無(wú)論是攻擊者建立的純粹以攻擊為目的的網(wǎng)站，還是被攻擊者攻陷后放入惡意數(shù)據(jù)的普通網(wǎng)站，都能夠?qū)ζ渲械膼阂鈨?nèi)容有高效率的發(fā)現(xiàn)能力。 4.網(wǎng)頁(yè)代碼安全性分析，，本文對(duì)當(dāng)前最新的HTML5安全漏洞進(jìn)行了分析，研究了其基本原理和攻擊方式，同時(shí)在此基礎(chǔ)上對(duì)現(xiàn)有網(wǎng)頁(yè)上可能存在的以HTML和JS編寫(xiě)的攻擊代碼的一般性特征進(jìn)行了分析和獲取。 5.惡意代碼檢測(cè)，本文根據(jù)提取到的攻擊特征，使用HtmlAgility Pack和傳統(tǒng)正則表達(dá)式兩種方法對(duì)于獲取的網(wǎng)站數(shù)據(jù)進(jìn)行檢索和分析，發(fā)現(xiàn)了大量符合特征的攻擊內(nèi)容，且其中相當(dāng)一部分攻擊代碼是處于在網(wǎng)頁(yè)數(shù)據(jù)庫(kù)中抽取到的信息之中。
[Abstract]:Nowadays, the Internet has become an indispensable part of people's life. With the rapid development of network technology in recent years, it has changed people's way of life to a great extent, but the new network security problems have been emerging constantly. Nowadays, more and more network attacks take the client as the object of attack, and a large number of malicious web pages filled with the Internet are a common intrusion technique, and with the development and application of HTML5 specification, it brings a lot of new functions at the same time. Based on the analysis of the existing client honeypot and malicious web page collection system, this paper will focus on the HoneyClient honeypot system security improvement. Based on DeepWeb dynamic web page data capture technology, a web crawler and malicious web page data analysis technology are proposed to design a client honeypot based malicious web page collection and analysis system prototype. It can analyze the web pages made by HTML4 and HTML5 and the data in its database at the same time, and capture the malicious attack code that may contain. The main work of this paper is as follows: 1. In this paper, the current popular attacks against clients are fully studied, and the common situations of attacks against clients are analyzed from three aspects: attack principle, client software vulnerabilities and attack ways. 2. High interactive client honeypot HoneyClient security improvement. The malicious URL collection function of this system will be completed by HoneyClient. Because there are some risks in honeypot itself, this paper will do some research and configuration on Hoeny client's security system. Reduces the possibility of being compromised when using it to collect malicious URLs. 3. Deep web crawler design. In this paper, DeepWeb technology is added to the traditional crawler, and a new kind of deep web crawler is designed, which has the function of obtaining the complete data of the website. Or after being attacked by the attacker into malicious data into the ordinary site, which can have a high efficiency in the detection of malicious content. 4. 4. In this paper, the latest HTML5 security vulnerabilities are analyzed, and its basic principle and attack methods are studied. At the same time, the general features of the attack code written in HTML and JS on the existing web pages are analyzed and acquired. Malicious code detection, according to the extracted attack features, using HtmlAgility Pack and traditional regular expression to retrieve and analyze the obtained website data, found a large number of attacks that accord with the characteristics. And a considerable part of the attack code is in the web database extracted from the information.
【學(xué)位授予單位】：武漢理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP393.092

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李揚(yáng);朱曉民;李煒;;網(wǎng)站安全漏洞解析[J];四川兵工學(xué)報(bào);2012年01期

2 羅江洲;郝斌;;一種主動(dòng)的網(wǎng)絡(luò)安全防御策略——蜜罐及其技術(shù)[J];電腦知識(shí)與技術(shù)(學(xué)術(shù)交流);2007年06期

3 李必云;石俊萍;;Web攻擊及安全防護(hù)技術(shù)研究[J];電腦知識(shí)與技術(shù);2009年31期

4 陳青;王穎杰;;基于惡意網(wǎng)頁(yè)檢測(cè)的蜜罐系統(tǒng)的改進(jìn)[J];計(jì)算機(jī)安全;2009年01期

5 王榮國(guó);;HTML5帶來(lái)的WEB應(yīng)用變革及安全問(wèn)題研究[J];電腦開(kāi)發(fā)與應(yīng)用;2012年07期

6 顧春蓮;;HTML5中的音頻及視頻元素對(duì)互聯(lián)網(wǎng)的影響[J];河北省科學(xué)院學(xué)報(bào);2011年03期

7 藺旭東;薄靜儀;王宇賓;曾曉寧;;網(wǎng)絡(luò)安全中的蜜罐技術(shù)和蜜網(wǎng)技術(shù)[J];中國(guó)環(huán)境管理干部學(xué)院學(xué)報(bào);2007年03期

8 孫曉妍;王洋;祝躍飛;武東英;;基于客戶端蜜罐的惡意網(wǎng)頁(yè)檢測(cè)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用;2007年07期

9 陳培;高維;;惡意代碼行為獲取的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用;2009年S2期

10 齊林;王靜云;蔡凌云;陳寧波;;SQL注入攻擊檢測(cè)與防御研究[J];河北科技大學(xué)學(xué)報(bào);2012年06期

本文編號(hào)：2005053