【摘要】：最近幾十年,隨著Internet的快速發(fā)展,人們的生活發(fā)生了巨大的改變,在充分的享受網(wǎng)絡(luò)帶給他們便利的同時(shí),人們也正遭受著來(lái)自互聯(lián)網(wǎng)的安全威脅,諸如惡意代碼,網(wǎng)絡(luò)釣魚(yú),僵尸網(wǎng)絡(luò)等,而近年來(lái)互聯(lián)網(wǎng)演變出來(lái)一種新的惡意代碼網(wǎng)頁(yè)木馬讓網(wǎng)絡(luò)安全的前景更不明朗。伴隨網(wǎng)頁(yè)木馬而來(lái)的都是一些木馬病毒,僵尸網(wǎng)絡(luò),肉雞等破壞性的行為,瀏覽網(wǎng)頁(yè)已經(jīng)成為人們感染網(wǎng)頁(yè)木馬的主要方式,因此有必要加強(qiáng)對(duì)網(wǎng)頁(yè)木馬的研究以及檢測(cè)技術(shù)的探索,還互聯(lián)網(wǎng)一個(gè)安全有序的環(huán)境。 針對(duì)這種現(xiàn)狀,本文首先對(duì)網(wǎng)頁(yè)木馬的定義、網(wǎng)頁(yè)木馬的性質(zhì)特點(diǎn)、網(wǎng)頁(yè)木馬的攻擊方法和原理做了一個(gè)綜述,并詳細(xì)的分析了當(dāng)前普遍使用的網(wǎng)頁(yè)木馬檢測(cè)技術(shù),找出這些技術(shù)中存在的不足；然后提出了一種基于機(jī)器學(xué)習(xí)的檢測(cè)方法,通過(guò)對(duì)網(wǎng)頁(yè)木馬結(jié)構(gòu)層次的分析篩選出若干種典型網(wǎng)馬特征,并結(jié)合算法進(jìn)行了實(shí)驗(yàn)驗(yàn)證；最后設(shè)計(jì)了一個(gè)網(wǎng)頁(yè)木馬檢測(cè)系統(tǒng),通過(guò)爬取互聯(lián)網(wǎng)上公布的惡意URL的網(wǎng)頁(yè)源代碼,檢測(cè)和收集網(wǎng)頁(yè)木馬,為網(wǎng)絡(luò)安全研究提供支撐。 本文的主要研究工作如下： 1.研究了當(dāng)前互聯(lián)網(wǎng)安全現(xiàn)狀,闡述了網(wǎng)頁(yè)木馬的嚴(yán)重危害性,并對(duì)網(wǎng)頁(yè)木馬做了一個(gè)綜述,包括網(wǎng)頁(yè)木馬的定義、網(wǎng)頁(yè)木馬的性質(zhì)和特點(diǎn)、網(wǎng)頁(yè)木馬的攻擊方法和原理、網(wǎng)頁(yè)木馬的防御等。 2.介紹了當(dāng)前正在使用的網(wǎng)頁(yè)木馬檢測(cè)技術(shù),并對(duì)現(xiàn)在比較流行的檢測(cè)方法進(jìn)行了詳細(xì)的研究和分析,找出其中的缺陷,然后提出了一種基于機(jī)器學(xué)習(xí)的檢測(cè)方法,通過(guò)對(duì)網(wǎng)頁(yè)木馬層次結(jié)構(gòu)的分析,找出若干種典型的特征,并用實(shí)驗(yàn)證明這些特征的有效性。 3.設(shè)計(jì)了一個(gè)網(wǎng)頁(yè)木馬檢測(cè)系統(tǒng),首先明確系統(tǒng)設(shè)計(jì)的目的,然后對(duì)系統(tǒng)進(jìn)行了需求分析、概要設(shè)計(jì)和詳細(xì)設(shè)計(jì),并使用Python語(yǔ)言完成了系統(tǒng)的實(shí)現(xiàn)。 4.對(duì)設(shè)計(jì)的系統(tǒng)進(jìn)行了測(cè)試和驗(yàn)證,通過(guò)執(zhí)行設(shè)計(jì)的測(cè)試用例完成了系統(tǒng)的功能測(cè)試和性能測(cè)試,并對(duì)比其它殺毒軟件分析系統(tǒng)的檢測(cè)效果。 經(jīng)過(guò)測(cè)試驗(yàn)證得出設(shè)計(jì)的系統(tǒng)能夠有效的檢測(cè)出網(wǎng)頁(yè)木馬,較快速的收集高質(zhì)量的惡意網(wǎng)頁(yè),為網(wǎng)絡(luò)安全研究提供了有利的支撐。
[Abstract]:In recent decades, with the rapid development of Internet, great changes have taken place in people's lives. While fully enjoying the convenience brought to them by the Internet, people are also suffering from security threats from the Internet, such as malicious code, phishing, botnet and so on. In recent years, a new malicious code web Trojan horse has evolved from the Internet to make the prospect of network security even more uncertain. With the web Trojan horse is accompanied by some Trojan horse viruses, botnet, broiler and other destructive behavior, browsing the web has become the main way for people to infect the web Trojan horse, so it is necessary to strengthen the research and detection technology of the web Trojan horse, and return the Internet to a secure and orderly environment. In view of this situation, this paper first summarizes the definition of web Trojan horse, the nature and characteristics of web Trojan horse, the attack methods and principles of web Trojan horse, and analyzes the commonly used detection technology of web Trojan horse in detail, and finds out the shortcomings of these technologies. Then a detection method based on machine learning is proposed, and several typical net horse features are screened out through the analysis of the structure level of the web Trojan horse, and the experimental verification is carried out with the algorithm. Finally, a web Trojan horse detection system is designed to detect and collect the web Trojan horse by crawling the source code of the malicious URL published on the Internet, which provides support for the network security research. The main research work of this paper is as follows: 1. This paper studies the present situation of Internet security, expounds the serious harm of web Trojan horse, and makes a summary of web Trojan horse, including the definition of web Trojan horse, the nature and characteristics of web Trojan horse, the attack method and principle of web Trojan horse, the defense of web Trojan horse, etc. two銆，

本文編號(hào)：2507337