【摘要】：HTML5技術(shù)由于其對(duì)移動(dòng)設(shè)備的良好支持、跨瀏覽器、易使用等特點(diǎn),已經(jīng)在Web應(yīng)用中越來越流行。然而HTML5興起的同時(shí)也帶來了一些安全問題。HTML5中仍然存在著舊的攻擊形式例如跨站腳本攻擊、點(diǎn)擊劫持攻擊、跨站請(qǐng)求偽造攻擊等,同時(shí)HTML也引入了一些新的攻擊方式,例如API的濫用、離線應(yīng)用緩存中毒、本地存儲(chǔ)攻擊等等。因此在HTML5越來越流行的同時(shí),其帶來的安全漏洞導(dǎo)致的危害的也越來越嚴(yán)重,本文所研究的基于HTML5的Web安全及防御也有重要的意義。本文針對(duì)當(dāng)前HTML5最主要的攻擊即跨站腳本攻擊進(jìn)行了詳細(xì)的研究和分析,深入研究了跨站腳本攻擊的入侵檢測(cè)算法,設(shè)計(jì)了基于跨站腳本攻擊的防御模型,并實(shí)現(xiàn)了防御系統(tǒng),本文主要的工作如下:(1)提出了基于HTML5的XSS攻擊防御模型。對(duì)該模型的總體架構(gòu)進(jìn)行了設(shè)計(jì),防御模型分為客戶端、入侵檢測(cè)以及服務(wù)端三部分,詳細(xì)闡述了各部分的工作原理。(2)研究并實(shí)現(xiàn)了 XSS入侵檢測(cè)算法。采用字符串匹配算法對(duì)XSS攻擊進(jìn)行入侵檢測(cè),并對(duì)常見的KMP算法進(jìn)行改進(jìn),將改進(jìn)后的算法應(yīng)用到XSS防御系統(tǒng)中。(3)設(shè)計(jì)并實(shí)現(xiàn)了基于HTML5的XSS攻擊防御系統(tǒng)。對(duì)系統(tǒng)總體框架進(jìn)行設(shè)計(jì),并對(duì)三個(gè)主要模塊客戶端防御模塊、入侵檢測(cè)模塊和服務(wù)端防御模塊進(jìn)行了詳細(xì)設(shè)計(jì),并給出具體的實(shí)現(xiàn)方案。(4)對(duì)XSS攻擊防御模型進(jìn)行試驗(yàn)和評(píng)測(cè)。評(píng)測(cè)表明,本文提出的基于HTML5的XSS攻擊防御模型能夠滿足一般的Web應(yīng)用對(duì)于跨站腳本攻擊的防御要求。
[Abstract]:HTML5 technology has become more and more popular in Web applications because of its good support for mobile devices, cross-browser, easy to use and so on. However, the rise of HTML5 also brings some security problems. There are still some old attack forms in HTML5, such as cross-site script attack, click-hijacking attack, cross-station request forgery attack, etc. At the same time, HTML also introduces some new attack methods. For example, API abuse, offline application cache poisoning, local storage attacks, and so on. Therefore, as HTML5 becomes more and more popular, the harm caused by security vulnerabilities is becoming more and more serious. The research on Web security and defense based on HTML5 in this paper is also of great significance. This paper makes a detailed study and analysis on the most important attack of HTML5, I. e., cross-station script attack, deeply studies the intrusion detection algorithm of cross-station script attack, designs a defense model based on cross-station script attack, and implements a defense system. The main work of this paper is as follows: (1) A XSS attack defense model based on HTML5 is proposed. The overall architecture of the model is designed. The defense model is divided into three parts: client, intrusion detection and service. The working principle of each part is described in detail. (2) the XSS intrusion detection algorithm is studied and implemented. The string matching algorithm is used to detect the XSS attack, and the common KMP algorithm is improved. The improved algorithm is applied to the XSS defense system. (3) the XSS attack defense system based on HTML5 is designed and implemented. The overall framework of the system is designed, and the three main modules, the client defense module, the intrusion detection module and the server defense module, are designed in detail. The implementation scheme is given. (4) the XSS attack defense model is tested and evaluated. The evaluation results show that the proposed XSS attack defense model based on HTML5 can meet the requirements of general Web applications for cross-site scripting attacks.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 賈巖;王鶴;呂少卿;張玉清;;HTML5應(yīng)用程序緩存中毒攻擊研究[J];通信學(xué)報(bào);2016年10期

2 張玉清;賈巖;雷柯楠;呂少卿;樂洪舟;;HTML5新特性安全研究綜述[J];計(jì)算機(jī)研究與發(fā)展;2016年10期

3 李馳;李林;;基于HTML5的Web前端安全性研究[J];軟件導(dǎo)刊;2016年05期

4 瞿蘇;;淺析HTML5數(shù)據(jù)存儲(chǔ)的方法及應(yīng)用[J];電腦知識(shí)與技術(shù);2016年13期

5 劉艷平;俞海英;;基于HTML5的Application Cache技術(shù)研究[J];微型機(jī)與應(yīng)用;2015年20期

6 鮑澤民;王根英;李娟;;跨站腳本攻擊客戶端防御技術(shù)研究[J];鐵路計(jì)算機(jī)應(yīng)用;2015年07期

7 劉宇;閔棟;;HTML5在移動(dòng)互聯(lián)網(wǎng)中的機(jī)遇與挑戰(zhàn)[J];電信網(wǎng)技術(shù);2013年05期

8 張劍;陳劍鋒;王強(qiáng);;HTML5新特性及其安全性研究[J];信息安全與通信保密;2013年05期

9 蔣宇捷;;從HTML5移動(dòng)應(yīng)用現(xiàn)狀談發(fā)展趨勢(shì)[J];程序員;2013年05期

10 孫松柏;Ali Abbasi;諸葛建偉;段海新;王珩;;HTML5安全研究[J];計(jì)算機(jī)應(yīng)用與軟件;2013年03期

相關(guān)碩士學(xué)位論文 前3條

1 王曉強(qiáng);基于HTML5的CSRF攻擊與防御技術(shù)研究[D];電子科技大學(xué);2013年

2 吳曉恒;跨站腳本攻擊的防御技術(shù)研究[D];上海交通大學(xué);2011年

3 邱勇杰;跨站腳本攻擊與防御技術(shù)研究[D];北京交通大學(xué);2010年

，

本文編號(hào)：2413777