本文選題：網(wǎng)絡安全 + 漏洞掃描��； 參考：《北京郵電大學》2014年碩士論文

【摘要】：開放和共享的現(xiàn)代互聯(lián)網(wǎng)精神,在讓網(wǎng)絡世界變得豐富多彩的同時,也將網(wǎng)絡安全問題擺在了每個人的面前,安全問題已經(jīng)造成了巨大的損失。漏洞掃描技術是一種事先主動完善系統(tǒng)從而預防攻擊的安全防御方法,逐漸成為保障網(wǎng)絡安全不可或缺的一部分�，F(xiàn)在行業(yè)內(nèi)已有多種漏洞掃描產(chǎn)品存在,但這些產(chǎn)品由于其功能特性、執(zhí)行性能等限制大多只適用于單機部署、小規(guī)模掃描的應用場景,需要研究并實現(xiàn)一種適用于大規(guī)模網(wǎng)絡資產(chǎn)安全狀態(tài)評估的漏洞掃描器,以實現(xiàn)企業(yè)級網(wǎng)絡資產(chǎn)安全狀態(tài)評估的應用需求,為企業(yè)安全風險防御提供可靠的基礎數(shù)據(jù)。 本文針對大規(guī)模網(wǎng)絡漏洞掃描這一應用需求,基于漏洞掃描技術,利用新興的云計算技術,并結(jié)合RESTful Web Services技術,針對大規(guī)模網(wǎng)絡漏洞掃描的應用場景,設計并實現(xiàn)了云漏洞掃描平臺人機交互與開放接口子系統(tǒng),作為基于云的漏洞掃描平臺的子系統(tǒng)。 本文首先對網(wǎng)絡漏洞掃描技術以及掃描插件開發(fā)技術進行了研究,對掃描引擎關鍵技術、工作原理和機制進行了詳細的分析。其次,總結(jié)了大規(guī)模網(wǎng)絡漏洞掃描的應用場景的特殊性,分析網(wǎng)絡漏洞掃描器的需求,分析用戶的需求和使用習慣,完成人機交互界面的設計,并使用Ruby On Rails框架實現(xiàn)該功能。再次,完成了RESTful Web Services開放接口的設計與實現(xiàn),讓第三方應用以及非瀏覽器用戶可以使用漏洞掃描服務,并使用HTTPS安全傳輸來保護用戶的數(shù)據(jù)。最后本文實現(xiàn)將云漏洞掃描平臺人機交互與開放接口子系統(tǒng)部署在云平臺中,并與基于云的漏洞掃描平臺的其他模塊進行聯(lián)調(diào)與測試,測試結(jié)果說明了本文研究的云漏洞掃描平臺人機交互與開放接口子系統(tǒng)具有良好的可用性。
[Abstract]:The open and shared spirit of modern Internet makes the network world rich and colorful, but also puts the network security problem in front of everyone. The security problem has caused huge losses. Vulnerability scanning is a kind of security defense method which can preactively perfect the system and prevent attacks. It has gradually become an indispensable part of the network security. At present, there are many kinds of vulnerability scanning products in the industry, but most of these products are only suitable for single-machine deployment and small-scale scanning applications due to their functional characteristics and performance constraints. It is necessary to study and implement a vulnerability scanner suitable for large-scale network asset security state assessment in order to meet the application requirements of enterprise network asset security state assessment and provide reliable basic data for enterprise security risk defense. In this paper, aiming at the application requirement of large-scale network vulnerability scanning, based on vulnerability scanning technology, using the emerging cloud computing technology and combining with RESTful Web Services technology, this paper aims at the application scenario of large-scale network vulnerability scanning. The man-machine interaction and open interface subsystem of the cloud vulnerability scanning platform is designed and implemented, which is used as the subsystem of the cloud-based vulnerability scanning platform. In this paper, the network vulnerability scanning technology and scanning plug-in development technology are studied, and the key technology, working principle and mechanism of scanning engine are analyzed in detail. Secondly, the particularity of the application scene of large-scale network vulnerability scanning is summarized, the requirement of network vulnerability scanner is analyzed, the user's needs and usage habits are analyzed, the design of man-machine interface is completed, and the Ruby on Rails framework is used to realize the function. Thirdly, the design and implementation of RESTful Web Services open interface is completed, which enables third-party applications and non-browser users to use vulnerability scanning services, and uses HTTPS secure transfer to protect users' data. Finally, this paper implements the deployment of the Human-Computer interaction and Open Interface Subsystem of the Cloud vulnerability scanning platform in the Cloud platform, and combines and tests with the other modules of the cloud-based vulnerability scanning platform. The test results show that the Human-Computer interaction and Open Interface Subsystem of the cloud vulnerability scanning platform studied in this paper has good usability.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 沈陽,黃厚寬;網(wǎng)絡安全漏洞掃描器[J];電腦與信息技術;2004年04期

2 蓋玲;;基于云計算的安全服務研究[J];電信科學;2011年06期

3 張文海;;網(wǎng)絡安全漏洞掃描技術研究[J];福建電腦;2011年10期

4 謝惠瓊;凌捷;;插件技術在漏洞分類掃描中的應用[J];廣東工業(yè)大學學報;2011年01期

5 馬睿;;淺談計算機網(wǎng)絡安全的防控[J];北方經(jīng)貿(mào);2011年11期

6 劉娜;周平;張順利;;云計算互操作性分類研究[J];信息技術與標準化;2012年Z1期

7 王良;;漏洞掃描系統(tǒng)設計與應用[J];信息安全與技術;2011年Z1期

8 洪宏,張玉清,胡予濮,戴祖鋒;網(wǎng)絡安全掃描技術研究[J];計算機工程;2004年10期

9 張建勛;古志民;鄭超;;云計算研究進展綜述[J];計算機應用研究;2010年02期

10 潘冰;;基于Rails的RESTful Web Service研究與實現(xiàn)[J];計算機應用與軟件;2010年10期

，

本文編號：1855307