【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的發(fā)展,Web應(yīng)用也越來越廣泛,基于B/S架構(gòu)的各類網(wǎng)站和各種應(yīng)用系統(tǒng)層出不窮。為了增強(qiáng)用戶體驗,主流網(wǎng)站充分利用了動態(tài)腳本語言,如Java Script語言。這種技術(shù)為用戶帶來便利的同時,大量的安全漏洞和威脅也隨之而來。在當(dāng)今的Web應(yīng)用領(lǐng)域中,跨站腳本攻擊是最嚴(yán)重、最常見的威脅之一。Web應(yīng)用的安全機(jī)制的缺陷是該攻擊存在的根源,沒有對用戶的輸入進(jìn)行足夠的檢查和過濾。雖然在服務(wù)器端可以通過修復(fù)Web應(yīng)用,從根本性上解決該問題,但是由于安全補丁的更新速度較慢,以及系統(tǒng)運維人員安全意識的薄弱等原因,當(dāng)遭受跨站攻擊時,仍然不能及時修復(fù)Web應(yīng)用中的漏洞,使用這些應(yīng)用時會導(dǎo)致用戶的操作處在高風(fēng)險下。因此在遭受跨站腳本攻擊時,為了提高用戶的主動防御能力,研究用戶客戶端的跨站腳本攻擊防御措施顯得尤為重要。本文分析和探討了目前常用的跨站腳本攻擊的檢測防御技術(shù)后,進(jìn)行了如下兩方面研究:(1)在深刻理解動態(tài)污點追蹤,靜態(tài)污點分析的基礎(chǔ)上,提出一種以動態(tài)污點追蹤為主,靜態(tài)污點分析為輔的跨站腳本攻擊檢測防御方法,該方法首先對當(dāng)前頁面中的敏感信息進(jìn)行標(biāo)記,通過對當(dāng)前頁面中敏感信息傳輸過程的監(jiān)測,當(dāng)敏感信息有異常操作時,會向用戶發(fā)出危險警告,并由用戶來處理,實現(xiàn)對跨站腳本攻擊的有效攔截。(2)針對已知常見的跨站腳本攻擊特征可以直接檢測的問題,引入跨站腳本攻擊特征檢測技術(shù),提出了跨站腳本已知特征庫。在對用戶輸入的信息進(jìn)行靜態(tài)污點分析之后,將分析結(jié)果中可疑污點源與跨站腳本已知的特征庫作對比,對于存在于已知特征庫中的污點信息直接進(jìn)行過濾。而且結(jié)合污點判斷的結(jié)果,可以不斷更新已知特征庫。該擴(kuò)展的跨站腳本防御檢測技術(shù)極大的提高了檢測速度。在具體實現(xiàn)方法中,本文以開源的Mozilla Firefox作為實驗平臺。通過對該瀏覽器Java Script引擎的分析,擴(kuò)展它各個階段的處理過程。經(jīng)實驗驗證,本文提出的檢測防御方法是可行的。
[Abstract]:With the development of Internet technology, the application of Web is becoming more and more extensive, and various websites and application systems based on B / S architecture emerge endlessly. To enhance the user experience, mainstream websites make full use of dynamic scripting languages such as Java Script. This technology brings convenience to the user, at the same time, a large number of security vulnerabilities and threats also follow. In today's Web application field, cross-site scripting attack is the most serious and one of the most common threats. The flaw of the security mechanism of Web application is the root of the attack, and the user's input is not checked and filtered sufficiently. Although the problem can be fundamentally solved on the server side by fixing the Web application, due to the slow update speed of the security patches and the weak security awareness of the system operators, when they are subjected to cross-site attacks, There is still no time to fix vulnerabilities in Web applications, which can cause users to operate at high risk. Therefore, in order to improve the active defense ability of users, it is very important to study the defense measures of cross-site script attacks on users' clients when they are attacked by cross-site scripts. After analyzing and discussing the commonly used detection and defense technology of cross-station script attack, this paper makes the following two aspects of research: (1) based on the deep understanding of dynamic stain tracing and static stain analysis, a new method based on dynamic stain tracing is proposed. The method of cross-station script attack detection and defense supplemented by static stain analysis is used to mark sensitive information in the current page. By monitoring the process of transmission of sensitive information in the current page, when the sensitive information has abnormal operation, It will issue a danger warning to the user and be handled by the user to effectively intercept the cross-site script attack. (2) aiming at the problem that the known common cross-station script attack characteristics can be directly detected, the cross-station script attack feature detection technology is introduced. The known feature library of cross-station script is presented. After the static stain analysis of the information input by the user, the source of the suspicious stain in the analysis result is compared with the known feature library of the cross-station script, and the stain information that exists in the known feature library is filtered directly. And combined with the results of the stain judgment, you can constantly update the known feature library. The extended cross-site script defense detection technology greatly improves the detection speed. In the concrete implementation method, this paper takes the open source Mozilla Firefox as the experimental platform. Through the analysis of the browser Java Script engine, the processing process of each stage of the browser is extended. Experimental results show that the proposed method is feasible.
【學(xué)位授予單位】：蘭州理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 李維峰;;基于平臺的XSS攻擊緩解技術(shù)[J];電腦編程技巧與維護(hù);2017年05期

2 石穎;孫瑩;;分布式拒絕服務(wù)攻擊防御技術(shù)綜述[J];計算機(jī)安全;2014年07期

3 周穎杰;焦程波;陳慧楠;馬力;胡光岷;;基于流量行為特征的DoS&DDoS攻擊檢測與異常流識別[J];計算機(jī)應(yīng)用;2013年10期

4 王夏莉;張玉清;;一種基于行為的XSS客戶端防范方法[J];中國科學(xué)院研究生院學(xué)報;2011年05期

5 陳建青;張玉清;;Web跨站腳本漏洞檢測工具的設(shè)計與實現(xiàn)[J];計算機(jī)工程;2010年06期

6 張潔;武裝;陸倜;;一種改進(jìn)的ARP協(xié)議欺騙檢測方法[J];計算機(jī)科學(xué);2008年03期

7 孫知信;任志廣;楊熙;王成;;基于多層檢測的網(wǎng)絡(luò)安全防范系統(tǒng)[J];通信學(xué)報;2007年07期

相關(guān)碩士學(xué)位論文 前2條

1 曹文;基于哈希樹匹配模型的跨站腳本攻擊檢測防御研究[D];江西師范大學(xué);2013年

2 吳曉恒;跨站腳本攻擊的防御技術(shù)研究[D];上海交通大學(xué);2011年

，

本文編號：2288270