本文關(guān)鍵詞： 惡意網(wǎng)頁檢測(cè) 蜜罐技術(shù) Capture-HPC 數(shù)據(jù)挖掘　出處：《上海交通大學(xué)》2012年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著計(jì)算機(jī)互聯(lián)網(wǎng)的發(fā)展，人們通過網(wǎng)絡(luò)進(jìn)行著娛樂、購(gòu)物、工作、電子商務(wù)等一系列的活動(dòng)。其中，網(wǎng)頁瀏覽在這些活動(dòng)當(dāng)中占據(jù)著非常多的一部分比重，正因?yàn)槿绱�，許多不法分子和黑客瞄準(zhǔn)了人們對(duì)于網(wǎng)絡(luò)安全意識(shí)薄弱的漏洞，肆意地進(jìn)行惡意攻擊、侵入用戶的系統(tǒng)，其中惡意網(wǎng)頁是最為嚴(yán)重的一個(gè)網(wǎng)絡(luò)安全問題，極大地危害了用戶使用互聯(lián)網(wǎng)的數(shù)據(jù)安全，甚至造成嚴(yán)重的經(jīng)濟(jì)損失。 惡意網(wǎng)頁檢測(cè)技術(shù)也隨著網(wǎng)絡(luò)安全問題不斷擴(kuò)大而深入，靜態(tài)網(wǎng)頁檢測(cè)分析和客戶端蜜罐技術(shù)成為了惡意網(wǎng)頁檢測(cè)研究的重要領(lǐng)域。蜜罐是一種欺騙入侵者以達(dá)到采集黑客攻擊方法和保護(hù)真實(shí)主機(jī)目標(biāo)的誘騙技術(shù)。本文所使用的Capture-HPC是一種高交互度客戶端蜜罐，它建立了一個(gè)虛擬的環(huán)境，模擬真實(shí)的操作系統(tǒng)和應(yīng)用系統(tǒng)，故意暴露出各種弱點(diǎn)或漏洞，，引誘入侵者來攻擊，攻擊者對(duì)虛擬系統(tǒng)所做的任何改變和行為都會(huì)被記錄在蜜罐日志中。 本文設(shè)計(jì)并實(shí)現(xiàn)了一種惡意網(wǎng)頁動(dòng)態(tài)檢測(cè)模型，模型通過對(duì)Capture-HPC蜜罐日志進(jìn)行數(shù)據(jù)挖掘的方法，解決了Capture-HPC檢測(cè)效率低，以及在實(shí)際應(yīng)用過程中誤警率過高的問題。該檢測(cè)模型通過將蜜罐日志轉(zhuǎn)換成操作序列和挖掘序列，可以有效地運(yùn)用數(shù)據(jù)挖掘算法對(duì)海量日志文件進(jìn)行挖掘與分析，從而優(yōu)化本文的惡意網(wǎng)頁檢測(cè)系統(tǒng)，以尋找出攻擊者的攻擊方式和行為特征。 本文主要闡述了三種常見的數(shù)據(jù)挖掘技術(shù)：聚類分析、關(guān)聯(lián)規(guī)則挖掘、決策樹分類，如何有效而合理地應(yīng)用在本文的惡意網(wǎng)頁動(dòng)態(tài)檢測(cè)模型當(dāng)中。本文對(duì)于檢測(cè)模型的模塊構(gòu)成和具體設(shè)計(jì)和實(shí)現(xiàn)的方法給予了詳細(xì)地介紹，并通過真實(shí)地具體實(shí)驗(yàn)進(jìn)一步驗(yàn)證了本文提出的惡意網(wǎng)頁動(dòng)態(tài)檢測(cè)模型設(shè)計(jì)是合理的，數(shù)據(jù)挖掘的算法選取是正確的，挖掘技術(shù)應(yīng)用在惡意網(wǎng)頁檢測(cè)中有效的，以及隨之對(duì)于優(yōu)化檢測(cè)模型的效果是明顯的。在實(shí)際的應(yīng)用過程中，本文所提出的模型有著非常穩(wěn)定和良好的惡意網(wǎng)頁檢測(cè)效果。
[Abstract]:With the development of the computer Internet, people are engaged in a series of activities such as entertainment, shopping, work, electronic commerce and so on through the network. Many lawless elements and hackers have aimed at the vulnerability of people's weak awareness of network security, carried out wanton malicious attacks and intruded into users' systems. Among them, malicious web pages are the most serious network security problems. It greatly endangers the data security of users using the Internet, and even causes serious economic losses. Malicious web page detection technology has also deepened with the expansion of network security issues. Static web page detection and analysis and client honeypot technology have become an important area of malicious web page detection. Honeypot is a deceptive technology to deceive intruders to collect hacker attack methods and protect real host target. The Capture-HPC used in this paper is a high degree of interaction client honeypot, It creates a virtual environment, simulates real operating systems and applications, deliberately exposes vulnerabilities or vulnerabilities, seduces intruders to attack, Any changes and behaviors made by an attacker to the virtual system are recorded in the honeypot log. This paper designs and implements a dynamic detection model for malicious web pages. The model solves the low efficiency of Capture-HPC detection by mining the honeypot log data. By converting honeypot log into operation sequence and mining sequence, the model can effectively use data mining algorithm to mine and analyze massive log files. In order to find out the attack mode and behavior characteristics of the attacker, the malicious web page detection system is optimized in this paper. This paper mainly describes three common data mining techniques: cluster analysis, association rule mining, decision tree classification, How to effectively and reasonably apply to the dynamic detection model of malicious web pages in this paper. This paper gives a detailed introduction to the module structure and the specific design and implementation of the detection model. Furthermore, the design of the dynamic detection model of malicious web pages proposed in this paper is proved to be reasonable, the algorithm selection of data mining is correct, and the application of mining technology is effective in the detection of malicious web pages. In the practical application process, the model presented in this paper has a very stable and good malicious web page detection effect.
【學(xué)位授予單位】：上海交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2012
【分類號(hào)】：TP311.13

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 吳際,黃傳河,王麗娜,吳小兵;基于數(shù)據(jù)挖掘的入侵檢測(cè)系統(tǒng)研究[J];計(jì)算機(jī)工程與應(yīng)用;2003年04期

2 翟光群;陳向東;胡貴江;;蜜罐與入侵檢測(cè)技術(shù)聯(lián)動(dòng)系統(tǒng)的研究與設(shè)計(jì)[J];計(jì)算機(jī)工程與設(shè)計(jì);2009年21期

3 孫印杰;王敏;陳智芳;;解析蜜罐技術(shù)在網(wǎng)絡(luò)安全中的應(yīng)用[J];計(jì)算機(jī)技術(shù)與發(fā)展;2008年07期

相關(guān)碩士學(xué)位論文 前5條

1 魏為;基于內(nèi)容的網(wǎng)頁惡意代碼檢測(cè)的研究與實(shí)現(xiàn)[D];華中科技大學(xué);2011年

2 李世勇;基于混合式客戶端蜜罐的惡意網(wǎng)址收集系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];武漢科技大學(xué);2008年

3 王穎杰;基于惡意網(wǎng)頁檢測(cè)的蜜罐系統(tǒng)研究[D];南京師范大學(xué);2008年

4 李靜;基于蜜罐日志分析的主動(dòng)防御研究和實(shí)現(xiàn)[D];上海交通大學(xué);2009年

5 樊迅;客戶端蜜罐研究與應(yīng)用擴(kuò)展[D];上海交通大學(xué);2008年

本文編號(hào)：1531033