【摘要】：伴隨著互聯(lián)網(wǎng)的迅猛擴(kuò)張,電子商務(wù)、網(wǎng)絡(luò)企業(yè)在互聯(lián)網(wǎng)上得到了急速發(fā)展,同時(shí)也給網(wǎng)絡(luò)攻擊者提供了極大的犯罪空間。近年來,各種網(wǎng)絡(luò)攻擊事件頻繁發(fā)生,尤其是網(wǎng)絡(luò)釣魚和網(wǎng)絡(luò)嫁接攻擊。網(wǎng)絡(luò)釣魚主要通過發(fā)送聲稱來自銀行或其他知名機(jī)構(gòu)的欺騙性垃圾郵件,意圖引誘收信人泄露敏感信息以實(shí)施攻擊。網(wǎng)址嫁接攻擊是在網(wǎng)絡(luò)釣魚攻擊的基礎(chǔ)上發(fā)展起來的一種新的更高級(jí)的攻擊方式。主要通過在用戶電腦上植入木馬、安裝惡意軟件或者破壞域名服務(wù)器的解析過程等手段,將用戶重定向到虛假的網(wǎng)頁,并伺機(jī)竊取用戶的重要信息。網(wǎng)址嫁接攻擊采用的技術(shù)手段不同于傳統(tǒng)的網(wǎng)絡(luò)釣魚攻擊,傳統(tǒng)的檢測(cè)與防范技術(shù)無法直接應(yīng)用于網(wǎng)址嫁接攻擊。 目前,針對(duì)網(wǎng)址嫁接攻擊的研究還處于初步階段,深入研究網(wǎng)址嫁接攻擊采用的技術(shù)手段以及檢測(cè)與防范方法,具有十分重要的理論與現(xiàn)實(shí)意義。本文在研究網(wǎng)址嫁接攻擊原理基礎(chǔ)上,提出一種基于IP地址過濾與PSO-SVM混合算法的網(wǎng)址嫁接攻擊檢測(cè)模型,用于客戶端檢測(cè)網(wǎng)址嫁接攻擊,并進(jìn)一步提出一種基于主機(jī)hosts文件保護(hù)的網(wǎng)址嫁接攻擊防范方法。仿真實(shí)驗(yàn)表明,本文提出的檢測(cè)模型對(duì)網(wǎng)址嫁接攻擊的識(shí)別準(zhǔn)確率可達(dá)到99%以上。具體工作包括： 1.研究了網(wǎng)址嫁接的攻擊原理和攻擊類別,并在分析域名服務(wù)工作過程和hosts文件脆弱性的基礎(chǔ)上,提出了基于主機(jī)hosts文件保護(hù)的網(wǎng)址嫁接攻擊防范方法。 2.通過分析網(wǎng)址嫁接攻擊對(duì)IP地址解析過程的影響以及虛假網(wǎng)頁與合法網(wǎng)頁特征的差異性,提出一種基于IP地址過濾與PSO-SVM混合算法的網(wǎng)址嫁接攻擊檢測(cè)模型。 3.從互聯(lián)網(wǎng)爬取合法網(wǎng)頁,并從PishTank庫(kù)中隨機(jī)抽取一定數(shù)量的虛假網(wǎng)頁,提取12個(gè)網(wǎng)頁敏感特征,對(duì)本文提出的檢測(cè)模型進(jìn)行了大量的實(shí)驗(yàn),驗(yàn)證了本模型用于網(wǎng)址嫁接攻擊檢測(cè)的有效性。 4.基于Netbeans軟件開發(fā)平臺(tái),利用Java編程語言實(shí)現(xiàn)了C/S結(jié)構(gòu)的網(wǎng)址嫁接攻擊檢測(cè)及防范系統(tǒng)。
[Abstract]:With the rapid expansion of the Internet, e-commerce, network enterprises in the Internet has been rapid development, but also to network attackers to provide a great space for crime. In recent years, a variety of network attacks occur frequently, especially phishing and grafted attacks. Phishing involves sending fraudulent spam purporting to come from banks or other well-known institutions in an attempt to entice recipients to reveal sensitive information to carry out attacks. Web site grafting attack is a new and more advanced attack method based on phishing attack. By inserting Trojan horse into user's computer, installing malware or destroying the parsing process of domain name server, the user is redirected to a false web page, and the important information of the user is stolen. Web site grafting attack is different from the traditional phishing attack, and the traditional detection and prevention technology can not be directly applied to the site grafting attack. At present, the research on web site grafting attack is still in its initial stage. It is of great theoretical and practical significance to study the technical means, detection and prevention methods of web site grafting attack. On the basis of studying the principle of web address grafting attack, this paper proposes a detection model of web address grafting attack based on IP address filtering and PSO-SVM hybrid algorithm, which can be used to detect web site grafting attack by client. Furthermore, this paper proposes a method of preventing the attack of web address grafting based on host hosts file protection. The simulation results show that the detection model proposed in this paper can identify the URL grafting attacks with a accuracy rate of more than 99%. Specific work includes: 1. On the basis of analyzing the working process of domain name service and the vulnerability of hosts file, this paper puts forward a method of preventing the attack based on the protection of host hosts file. 2. By analyzing the influence of address grafting attack on the process of IP address resolution and the differences between false web pages and legitimate web pages, a new detection model of URL grafting attack based on IP address filtering and PSO-SVM hybrid algorithm is proposed. 3. After crawling legal web pages from the Internet and randomly extracting a certain number of false web pages from the PishTank library, 12 sensitive features of web pages are extracted, and a large number of experiments are carried out on the detection model proposed in this paper. The validity of this model for detecting web site grafting attacks is verified. 4. Based on Netbeans software development platform, the detection and prevention system of Web site grafting attack based on C / S structure is realized by using Java programming language.
【學(xué)位授予單位】：華北電力大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08;TP18

【參考文獻(xiàn)】

中國(guó)期刊全文數(shù)據(jù)庫(kù) 前1條

1 鞠秋文;;PSO-SVM算法在網(wǎng)絡(luò)入侵檢測(cè)中的研究[J];計(jì)算機(jī)仿真;2011年04期

，

本文編號(hào)：2360405