網(wǎng)絡(luò)滲透的HTTP通信分析研究
發(fā)布時(shí)間:2018-11-29 07:26
【摘要】:互聯(lián)網(wǎng)和計(jì)算機(jī)技術(shù)的高速發(fā)展給人們的生活帶來(lái)了許多便利,同時(shí)也為網(wǎng)絡(luò)犯罪分子提供了更多的犯罪手段,信息安全問(wèn)題日益突出。網(wǎng)絡(luò)滲透可以作為評(píng)估網(wǎng)絡(luò)系統(tǒng)安全性的一種方法,也可以作為公安機(jī)關(guān)偵察犯罪活動(dòng)、收集證據(jù)的手段。木馬是一種常見(jiàn)的以控制用戶主機(jī)和盜取用戶隱私為目的的病毒,完善木馬檢測(cè)技術(shù)和提高木馬識(shí)別率對(duì)保障用戶的財(cái)產(chǎn)和隱私安全具有現(xiàn)實(shí)意義。本文對(duì)網(wǎng)絡(luò)滲透的HTTP通信進(jìn)行了分析研究,研究?jī)?nèi)容包括: (1)研究網(wǎng)絡(luò)滲透的HTTP通信方法。通過(guò)對(duì)防火墻等網(wǎng)絡(luò)安全設(shè)備的原理進(jìn)行分析,研究了基于HTTP通信的防火墻穿透技術(shù);通過(guò)對(duì)網(wǎng)絡(luò)嗅探器、網(wǎng)絡(luò)連接查看器和網(wǎng)絡(luò)流量查看器三種類型的網(wǎng)絡(luò)安全檢測(cè)軟件進(jìn)行分析,研究了網(wǎng)絡(luò)滲透中網(wǎng)絡(luò)活動(dòng)的隱藏方法;基于對(duì)HTTP數(shù)據(jù)傳輸方式的研究,構(gòu)建了網(wǎng)絡(luò)滲透的HTTP通信規(guī)則;基于上述研究的方法完成了基于HTTP通信的網(wǎng)絡(luò)滲透系統(tǒng)。 (2)研究HTTP木馬的網(wǎng)絡(luò)通信分析檢測(cè)模型。對(duì)基于HTTP進(jìn)行通信的木馬和普通程序產(chǎn)生的HTTP網(wǎng)絡(luò)通信數(shù)據(jù)進(jìn)行了分析,并在此基礎(chǔ)上提取出HTTP木馬的六個(gè)網(wǎng)絡(luò)通信行為特征;綜合利用層次聚類、Davies-Bouldin指數(shù)和k-means算法建立了一個(gè)HTTP木馬檢測(cè)模型,該模型僅用于檢測(cè)基于HTTP進(jìn)行通信的木馬。 (3)設(shè)計(jì)實(shí)驗(yàn)對(duì)本文提出的網(wǎng)絡(luò)滲透的HTTP通信方法和HTTP木馬檢測(cè)模型的可行性進(jìn)行驗(yàn)證。實(shí)驗(yàn)結(jié)果表明,本文的HTTP通信方法能夠穿透網(wǎng)絡(luò)防火墻的防護(hù),成功隱藏了自身的網(wǎng)絡(luò)活動(dòng),并能夠提供可靠的數(shù)據(jù)傳輸;HTTP術(shù)馬的網(wǎng)絡(luò)通信分析檢測(cè)模型能夠有效的檢測(cè)出HTTP木馬,準(zhǔn)確率較高,誤報(bào)率較低。 本文通過(guò)研究網(wǎng)絡(luò)滲透的HTTP通信,提出了一種網(wǎng)絡(luò)滲透的HTTP通信方法,它能夠提高網(wǎng)絡(luò)滲透中通信的穿透性和隱蔽性。同時(shí),本文構(gòu)建的HTTP木馬檢測(cè)模型對(duì)典型的HTTP木馬具有較高的識(shí)別率,它可以作為對(duì)現(xiàn)有木馬檢測(cè)方法的補(bǔ)充。
[Abstract]:The rapid development of Internet and computer technology has brought a lot of convenience to people's life, at the same time, it also provides more criminal means for network criminals. The problem of information security is becoming more and more prominent. Network penetration can be used as a method to evaluate the security of network system, as well as a means for public security organs to detect criminal activities and collect evidence. Trojan horse is a kind of common virus which is aimed at controlling the user's host computer and stealing user's privacy. It is of practical significance to improve the Trojan horse detection technology and improve the Trojan horse identification rate to ensure the user's property and privacy security. In this paper, the HTTP communication of network penetration is analyzed and studied. The main contents are as follows: (1) the HTTP communication method of network penetration is studied. By analyzing the principle of network security equipment such as firewall, the firewall penetration technology based on HTTP communication is studied. Through the analysis of three types of network security detection software, network sniffer, network connection viewer and network traffic viewer, the hiding method of network activity in network penetration is studied. Based on the research of HTTP data transmission mode, the HTTP communication rules of network penetration are constructed, and the network penetration system based on HTTP communication is completed based on the above research methods. (2) the network communication analysis and detection model of HTTP Trojan horse is studied. This paper analyzes the HTTP network communication data generated by the Trojan horse and the ordinary program based on HTTP, and extracts the six network communication behavior characteristics of the HTTP Trojan horse. Based on hierarchical clustering, Davies-Bouldin index and k-means algorithm, a detection model of HTTP Trojan horse is established, which is only used to detect Trojan horse based on HTTP. (3) the experiment is designed to verify the feasibility of the HTTP communication method and the detection model of HTTP Trojan horse proposed in this paper. The experimental results show that the HTTP communication method in this paper can penetrate the protection of network firewall, hide its network activities successfully, and provide reliable data transmission. The network communication analysis and detection model of HTTP can effectively detect HTTP Trojan horse with high accuracy and low false alarm rate. In this paper, by studying the HTTP communication of network penetration, a HTTP communication method of network penetration is proposed, which can improve the penetration and concealment of network penetration. At the same time, the HTTP Trojan detection model constructed in this paper has a high recognition rate for typical HTTP Trojan horses, which can be used as a supplement to the existing Trojan detection methods.
【學(xué)位授予單位】:北京化工大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2364316
[Abstract]:The rapid development of Internet and computer technology has brought a lot of convenience to people's life, at the same time, it also provides more criminal means for network criminals. The problem of information security is becoming more and more prominent. Network penetration can be used as a method to evaluate the security of network system, as well as a means for public security organs to detect criminal activities and collect evidence. Trojan horse is a kind of common virus which is aimed at controlling the user's host computer and stealing user's privacy. It is of practical significance to improve the Trojan horse detection technology and improve the Trojan horse identification rate to ensure the user's property and privacy security. In this paper, the HTTP communication of network penetration is analyzed and studied. The main contents are as follows: (1) the HTTP communication method of network penetration is studied. By analyzing the principle of network security equipment such as firewall, the firewall penetration technology based on HTTP communication is studied. Through the analysis of three types of network security detection software, network sniffer, network connection viewer and network traffic viewer, the hiding method of network activity in network penetration is studied. Based on the research of HTTP data transmission mode, the HTTP communication rules of network penetration are constructed, and the network penetration system based on HTTP communication is completed based on the above research methods. (2) the network communication analysis and detection model of HTTP Trojan horse is studied. This paper analyzes the HTTP network communication data generated by the Trojan horse and the ordinary program based on HTTP, and extracts the six network communication behavior characteristics of the HTTP Trojan horse. Based on hierarchical clustering, Davies-Bouldin index and k-means algorithm, a detection model of HTTP Trojan horse is established, which is only used to detect Trojan horse based on HTTP. (3) the experiment is designed to verify the feasibility of the HTTP communication method and the detection model of HTTP Trojan horse proposed in this paper. The experimental results show that the HTTP communication method in this paper can penetrate the protection of network firewall, hide its network activities successfully, and provide reliable data transmission. The network communication analysis and detection model of HTTP can effectively detect HTTP Trojan horse with high accuracy and low false alarm rate. In this paper, by studying the HTTP communication of network penetration, a HTTP communication method of network penetration is proposed, which can improve the penetration and concealment of network penetration. At the same time, the HTTP Trojan detection model constructed in this paper has a high recognition rate for typical HTTP Trojan horses, which can be used as a supplement to the existing Trojan detection methods.
【學(xué)位授予單位】:北京化工大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前6條
1 易軍凱;劉健民;萬(wàn)靜;;一種基于網(wǎng)絡(luò)行為分析的HTTP木馬檢測(cè)模型[J];北京化工大學(xué)學(xué)報(bào)(自然科學(xué)版);2014年03期
2 孔政;姜秀柱;;DNS欺騙原理及其防御方案[J];計(jì)算機(jī)工程;2010年03期
3 饒孟良;蔡皖東;丁要軍;;基于SVM的HTTP隧道檢測(cè)技術(shù)研究[J];計(jì)算機(jī)工程;2011年13期
4 孫海濤;劉勝利;陳嘉勇;孟磊;;基于操作行為的隧道木馬檢測(cè)方法[J];計(jì)算機(jī)工程;2011年20期
5 易軍凱;陳利;孫建偉;;網(wǎng)絡(luò)心跳包序列的數(shù)據(jù)流分簇檢測(cè)方法[J];計(jì)算機(jī)工程;2011年24期
6 孫吉貴;劉杰;趙連宇;;聚類算法研究[J];軟件學(xué)報(bào);2008年01期
,本文編號(hào):2364316
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2364316.html
最近更新
教材專著
