【摘要】：互聯(lián)網(wǎng)的快速發(fā)展給我們的生活帶來很大的便利,Web的快速發(fā)展尤其是Web2.0時(shí)代的到來更是能夠很好的說明這個(gè)問題。與此對(duì)應(yīng)的是,Web的快速發(fā)展是依靠硬件、應(yīng)用軟件等互聯(lián)網(wǎng)基礎(chǔ)設(shè)施以及相關(guān)協(xié)議的不斷發(fā)展。硬件(路由器、交換機(jī)、服務(wù)器和存儲(chǔ)設(shè)備等)越來越龐大,應(yīng)用軟件(門戶網(wǎng)站、Web應(yīng)用系統(tǒng)以及其使用的腳本語言)越來越復(fù)雜,相關(guān)協(xié)議(HTTP、POP3、ARP等)越來越顯得安全性的不足,在Web快速發(fā)展的同時(shí),Web安全問題接踵而來。在早期互聯(lián)網(wǎng)中,黑客的主要攻擊目標(biāo)是網(wǎng)絡(luò)、操作系統(tǒng)以及系統(tǒng)軟件和應(yīng)用軟件。當(dāng)Web安全威脅越來越嚴(yán)重時(shí),傳統(tǒng)的網(wǎng)絡(luò)防護(hù)設(shè)備、軟件等比如入侵檢測(cè)系統(tǒng)(IDS)、入侵防御系統(tǒng)(IPS)、傳統(tǒng)防火墻等只能針對(duì)數(shù)據(jù)流的安全進(jìn)行識(shí)別和防御,并不具備針對(duì)應(yīng)用層Web攻擊的防護(hù)能力。 在互聯(lián)網(wǎng)的基礎(chǔ)設(shè)施比較完備的今天,互聯(lián)網(wǎng)的核心已經(jīng)轉(zhuǎn)變�；ヂ�(lián)網(wǎng)公司追求的是使用用戶數(shù),用戶產(chǎn)生業(yè)務(wù),業(yè)務(wù)產(chǎn)生數(shù)據(jù),那么互聯(lián)網(wǎng)公司最核心的價(jià)值就是用戶的數(shù)據(jù)。互聯(lián)網(wǎng)安全的核心問題,已經(jīng)轉(zhuǎn)變?yōu)閿?shù)據(jù)安全的問題。而針對(duì)Web的攻擊能夠更直接和容易的獲取攻擊者想要獲取的數(shù)據(jù)。在眾多的Web攻擊方式中,SQL注入攻擊和XSS跨站攻擊能夠更直接獲取到用戶數(shù)據(jù),從這兩種攻擊方式出現(xiàn)一直到今天,都是一直高居OWASP TOP10,而未來攻擊的發(fā)展趨勢(shì),XSS跨站腳本攻擊會(huì)一直名列前茅,SQL注入攻擊也不會(huì)隨著防御意識(shí)的提高而消失。 Web應(yīng)用防火墻(也稱：網(wǎng)站應(yīng)用級(jí)入侵防御系統(tǒng)。英文：Web Application Firewall,簡(jiǎn)稱： WAF)的出現(xiàn)很好的解決了這個(gè)問題,但是仍有很多Web應(yīng)用防火墻無法高效率識(shí)別出黑客構(gòu)造的變幻莫測(cè)的攻擊數(shù)據(jù)。目前針對(duì)Web的攻擊有很多種,但最主流的攻擊方式包括SQL注入和XSS跨站腳本。Web攻擊的防御方式是通過正則匹配表達(dá)式來匹配并攔截可疑數(shù)據(jù)。 本文的研究工作主要包括以下幾個(gè)方面： (1)根據(jù)黑客在進(jìn)行SQL注入攻擊時(shí)所提交的不同數(shù)據(jù)格式,找出對(duì)應(yīng)的正則匹配算法,最大可能做到廣譜匹配性,且盡可能減少誤判的可能性； (2)根據(jù)黑客在進(jìn)行XSS跨站腳本攻擊時(shí)所提交的不同數(shù)據(jù)格式,找出對(duì)應(yīng)的正則匹配算法,最大可能做到廣譜匹配性,且盡可能減少誤判的可能性； (3)獲取客戶端與Web服務(wù)器交互的數(shù)據(jù),根據(jù)已有的正則匹配算法進(jìn)行攻擊數(shù)據(jù)的判斷和攔截。 (4)以遠(yuǎn)程任意命令執(zhí)行漏洞為例,來分析近年來出現(xiàn)的眾多Web應(yīng)用框架漏洞,最大可能做到廣譜匹配性,且盡可能減少誤判的可能性； 最后通過Python語言,結(jié)合搜集整理的正則匹配表達(dá)式,通過抓取Web服務(wù)端的HTTP報(bào)文,實(shí)現(xiàn)對(duì)多種數(shù)據(jù)提交方式比如GET、POST和COOKIE等進(jìn)行過濾,達(dá)到阻斷攻擊的目的,實(shí)現(xiàn)高效的Web應(yīng)用防火墻功能。
[Abstract]:The rapid development of the Internet has brought great convenience to our life, and the rapid development of Web, especially the arrival of the Web2.0 era, can explain this problem very well. Accordingly, the rapid development of Web depends on the continuous development of Internet infrastructure such as hardware, application software and related protocols. Hardware (routers, switches, servers, storage devices, etc.) is becoming larger and larger, applications (portals, Web applications and the scripting language they use) are becoming more and more complex, and related protocols (HTTP,POP3,) are becoming more and more complex With the rapid development of Web, Web security problems follow one after another. ARP, etc., is more and more deficient in security. In early Internet, the main targets of hackers were network, operating system, system software and application software. When the Web security threat becomes more and more serious, traditional network protection equipment, software and so on, such as intrusion detection system (IDS), intrusion prevention system, (IPS), traditional firewall and other traditional firewalls, can only identify and defend against the security of data flow. Does not have the ability to protect against application layer Web attacks. In the Internet infrastructure is relatively complete today, the core of the Internet has changed. Internet companies pursue the use of the number of users, users generate business, business generated data, then the core value of Internet companies is user data. The core issue of Internet security, has been transformed into the issue of data security. And Web attacks can more directly and easily access the data the attacker wants to acquire. Among the many Web attacks, SQL injection attacks and XSS cross-station attacks can obtain user data more directly. From the appearance of these two attacks to today, they are always high in the development trend of OWASP TOP10, attacks in the future. XSS cross-site scripting attacks will always be among the top, and SQL injection attacks will not disappear with increased defense awareness. Web application firewall (also known as: Web application-level intrusion prevention system. The emergence of: Web Application Firewall, (: WAF) has solved this problem well, but there are still many Web application firewalls that can not efficiently identify the unpredictable attack data constructed by hackers. At present, there are many kinds of attacks against Web, but the most popular attacks include SQL injection and XSS cross-site scripting. The defense of web attacks is to match and intercept suspicious data by regular matching expressions. The research work of this paper mainly includes the following aspects: (1) according to the different data formats submitted by hackers during the SQL injection attack, the corresponding regular matching algorithm is found, and the maximum likelihood of broad-spectrum matching is achieved. And minimize the possibility of miscarriage of justice; (2) according to the different data formats submitted by hackers during the XSS cross-station script attack, the corresponding regular matching algorithm is found, which can achieve broad-spectrum matching and minimize the possibility of misjudgment as much as possible. (3) get the data that the client interacts with the Web server, and judge and intercept the attack data according to the existing regular matching algorithm. (4) taking the remote arbitrary command execution vulnerability as an example, this paper analyzes many vulnerabilities in Web application framework in recent years, which is likely to achieve broad-spectrum matching and reduce the possibility of misjudgment as much as possible. Finally, through the Python language, combined with the regular matching expressions collected and collated, by grabbing the HTTP message of the Web server, we can filter a variety of data submission methods, such as GET,POST and COOKIE, to achieve the purpose of blocking the attack. Realize efficient Web application firewall function.
【學(xué)位授予單位】：安徽大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 于愛君,焦芳梅;電子郵件在圖書館參考咨詢中的應(yīng)用[J];圖書與情報(bào);2001年02期

2 姚振軍;黃德根;紀(jì)翔宇;;正則表達(dá)式在漢英對(duì)照中國(guó)文化術(shù)語抽取中應(yīng)用[J];大連理工大學(xué)學(xué)報(bào);2010年02期

3 張開便;;C語言與匯編混合編程機(jī)理探析與應(yīng)用[J];電腦開發(fā)與應(yīng)用;2010年04期

4 楊成科;;基于正則表達(dá)式的模糊查詢和數(shù)據(jù)匹配驗(yàn)證[J];電腦知識(shí)與技術(shù);2008年29期

5 范淵;;Web應(yīng)用風(fēng)險(xiǎn)掃描的研究與應(yīng)用[J];電信網(wǎng)技術(shù);2012年03期

6 劉琳;;淺談防火墻技術(shù)在網(wǎng)絡(luò)安全中的應(yīng)用[J];華南金融電腦;2009年12期

7 ;互聯(lián)網(wǎng)網(wǎng)絡(luò)安全熱點(diǎn)問題分析[J];互聯(lián)網(wǎng)天地;2013年05期

8 白會(huì)肖;;Web應(yīng)用程序下XSS漏洞攻擊與防御研究[J];石家莊職業(yè)技術(shù)學(xué)院學(xué)報(bào);2012年06期

9 張榮;中國(guó)互聯(lián)網(wǎng)發(fā)展現(xiàn)狀分析[J];西北電力技術(shù);2004年06期

10 郭淑紅;;入侵防御系統(tǒng)(IPS)[J];信陽農(nóng)業(yè)高等�？茖W(xué)校學(xué)報(bào);2007年02期

，

本文編號(hào)：2443862