Glastopf蜜罐在Web安全中的應(yīng)用研究
發(fā)布時(shí)間:2018-08-18 16:59
【摘要】:Internet發(fā)展到今天,基于瀏覽器/服務(wù)器結(jié)構(gòu)的Web應(yīng)用程序已經(jīng)廣泛應(yīng)用于互聯(lián)網(wǎng)的各個(gè)角落。隨著Web業(yè)務(wù)的迅速發(fā)展,Web安全威脅也接踵而來(lái)。根據(jù)高德納公司最新的報(bào)告,大部分基于Web環(huán)境的互聯(lián)網(wǎng)應(yīng)用都存在著可能被攻擊者利用的漏洞。Web應(yīng)用系統(tǒng)的盛行讓這個(gè)網(wǎng)絡(luò)社會(huì)更非富,隨之而來(lái)的安全問(wèn)題也很大程度上決定了Web應(yīng)用能否更長(zhǎng)遠(yuǎn)的發(fā)展。 面臨著多種網(wǎng)絡(luò)攻擊手段的威脅,Web安全方面的研究不斷深入,各種新技術(shù)也不斷涌現(xiàn),Web應(yīng)用蜜罐技術(shù)正是針對(duì)Web威脅所設(shè)計(jì)的一種全新思想的解決方案。本文研究的是一種開(kāi)源的,低交互型Web應(yīng)用蜜罐——Glastopf蜜罐。 本文基于SQL注入攻擊與文件包含攻擊,對(duì)Glastopf蜜罐的基本工作原理、工作流程和使用過(guò)程進(jìn)行了研究。Glastopf蜜罐的原理是用攻擊者試圖從被攻擊的Web應(yīng)用程序中獲得的信息來(lái)回應(yīng)攻擊者,,它能夠模擬成千上萬(wàn)的漏洞,然后從黑客對(duì)目標(biāo)Web應(yīng)用程序的攻擊過(guò)程中收集數(shù)據(jù)。作者重點(diǎn)分析研究了以下技術(shù): 1.漏洞相關(guān)的Dork與Attack Surface技術(shù)。Dork就是吸引攻擊者的誘餌,AttackSurface則是含有大量Dorks的HTML頁(yè)面; 2.請(qǐng)求預(yù)處理階段的模糊化技術(shù)。在預(yù)處理步驟,Glastopf蜜罐對(duì)請(qǐng)求進(jìn)行模糊化處理,以便詞法分析器能夠?qū)λM(jìn)行分析; 3.預(yù)處理階段的詞法分析器與語(yǔ)法分析器技術(shù)。Glastopf蜜罐處理可以識(shí)別的SQL注入攻擊的解析是基于詞法分析器技術(shù)和語(yǔ)法分析器技術(shù); 4.響應(yīng)階段的分類規(guī)則與響應(yīng)規(guī)則。對(duì)于不可識(shí)別的攻擊,Glastopf蜜罐在預(yù)分類步驟尋找哪些是不可解析的請(qǐng)求,然后使用已有模板來(lái)對(duì)這些請(qǐng)求進(jìn)行比較;對(duì)于可以識(shí)別的攻擊,分類過(guò)程為一個(gè)詞法記號(hào)比較步驟和一個(gè)請(qǐng)求比較步驟。根據(jù)分類方式的不同,對(duì)SQL注入有兩種不同的響應(yīng)路徑。 最后結(jié)合作者的實(shí)例配置,驗(yàn)證了Glastopf蜜罐能有效地防御Web攻擊,完成Web應(yīng)用蜜罐的功能。
[Abstract]:With the development of Internet, Web applications based on browser / server structure have been widely used in every corner of the Internet. With the rapid development of Web business, the threat of web security is coming. According to Gartner's latest report, most Internet applications based on the Web environment have vulnerabilities that could be exploited by attackers. The prevalence of web applications makes the web society less affluent. The following security problems also largely determine whether the Web application can develop in the long-term. Facing the threat of many kinds of network attack means, the research on web security is deepening, and various new technologies are emerging. The honeypot technology of web application is just a new idea solution to the threat of Web. In this paper, an open source, low-interactive honeypot for Web application-Glastopf honeypot is studied. Based on the SQL injection attack and file inclusion attack, the basic working principle of Glastopf honeypot is discussed in this paper. The workflow and usage process has studied the principle of .Glastopf honeypot, which can simulate thousands of vulnerabilities by responding to attackers with information they try to obtain from the attacked Web application. Data is then collected from hackers attacking the target Web application. The author focuses on the following techniques: 1. Vulnerability related Dork and Attack Surface technology. Dork is the bait to attract attackers, AttackSurface is a large number of Dorks HTML pages; 2. The fuzzification technique in the request preprocessing stage. In the preprocessing step Glastopf honeypot blurs the request so that the lexical analyzer can analyze it; 3. In the preprocessing stage, the lexical analyzer and parser technology. Glastopf honeypot processing the recognizable SQL injection attack parsing is based on lexical analyzer technology and parser technology; 4. Response stage classification rules and response rules. For an unrecognized attack, the Glastopf honeypot looks for unparsed requests in the pre-classification step, and then compares these requests using an existing template; for identifiable attacks, the The classification process consists of a lexical notation comparison step and a request comparison step. There are two different response paths to SQL injection according to the classification methods. Finally, combined with the author's example configuration, it is proved that Glastopf honeypot can effectively defend against Web attack and accomplish the function of Web application honeypot.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2190107
[Abstract]:With the development of Internet, Web applications based on browser / server structure have been widely used in every corner of the Internet. With the rapid development of Web business, the threat of web security is coming. According to Gartner's latest report, most Internet applications based on the Web environment have vulnerabilities that could be exploited by attackers. The prevalence of web applications makes the web society less affluent. The following security problems also largely determine whether the Web application can develop in the long-term. Facing the threat of many kinds of network attack means, the research on web security is deepening, and various new technologies are emerging. The honeypot technology of web application is just a new idea solution to the threat of Web. In this paper, an open source, low-interactive honeypot for Web application-Glastopf honeypot is studied. Based on the SQL injection attack and file inclusion attack, the basic working principle of Glastopf honeypot is discussed in this paper. The workflow and usage process has studied the principle of .Glastopf honeypot, which can simulate thousands of vulnerabilities by responding to attackers with information they try to obtain from the attacked Web application. Data is then collected from hackers attacking the target Web application. The author focuses on the following techniques: 1. Vulnerability related Dork and Attack Surface technology. Dork is the bait to attract attackers, AttackSurface is a large number of Dorks HTML pages; 2. The fuzzification technique in the request preprocessing stage. In the preprocessing step Glastopf honeypot blurs the request so that the lexical analyzer can analyze it; 3. In the preprocessing stage, the lexical analyzer and parser technology. Glastopf honeypot processing the recognizable SQL injection attack parsing is based on lexical analyzer technology and parser technology; 4. Response stage classification rules and response rules. For an unrecognized attack, the Glastopf honeypot looks for unparsed requests in the pre-classification step, and then compares these requests using an existing template; for identifiable attacks, the The classification process consists of a lexical notation comparison step and a request comparison step. There are two different response paths to SQL injection according to the classification methods. Finally, combined with the author's example configuration, it is proved that Glastopf honeypot can effectively defend against Web attack and accomplish the function of Web application honeypot.
【學(xué)位授予單位】:西安電子科技大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前2條
1 陳向東;謝華成;;蜜罐技術(shù)在網(wǎng)絡(luò)安全中的應(yīng)用研究[J];制造業(yè)自動(dòng)化;2012年05期
2 諸葛建偉;唐勇;韓心慧;段海新;;蜜罐技術(shù)研究與應(yīng)用進(jìn)展[J];軟件學(xué)報(bào);2013年04期
本文編號(hào):2190107
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2190107.html
最近更新
教材專著
