本文選題：HoneyClient + DeepWeb　； 參考：《武漢理工大學(xué)》2014年碩士論文

【摘要】：當今世界互聯(lián)網(wǎng)已經(jīng)成為了人們生活中不可缺少的一部分，這些年來網(wǎng)絡(luò)技術(shù)蓬勃發(fā)展，在很大程度上改變了人們的生活方式，但隨之而來的新的網(wǎng)絡(luò)安全問題也不斷涌現(xiàn)。現(xiàn)今的網(wǎng)絡(luò)攻擊越來越多地以客戶端作為攻擊對象，而充斥互聯(lián)網(wǎng)的大量惡意網(wǎng)頁則是一種常見的入侵手法，且隨著HTML5規(guī)范的提出和應(yīng)用，在帶來了大量新功能的同時，不可避免地也帶來了新的安全漏洞。 本文將基于對現(xiàn)有客戶端蜜罐和惡意網(wǎng)頁收集系統(tǒng)的分析，重點研究HoneyClient蜜罐系統(tǒng)的安全改進、基于DeepWeb動態(tài)網(wǎng)頁數(shù)據(jù)捕獲技術(shù)的深度網(wǎng)頁爬蟲以及惡意網(wǎng)頁數(shù)據(jù)分析技術(shù)，設(shè)計出一種基于客戶端蜜罐的惡意網(wǎng)頁收集和分析系統(tǒng)原型，能夠同時對HTML4以及HTML5制作的網(wǎng)頁以及其數(shù)據(jù)庫中的數(shù)據(jù)進行分析，捕獲可能含有的惡意攻擊代碼。本文的主要工作如下： 1.客戶端攻擊研究，本文對現(xiàn)今流行的各種針對客戶端的攻擊進行了充分研究，從攻擊原理，客戶端軟件漏洞和攻擊途徑三個方面分析了針對客戶端的攻擊的常見情況。 2.高交互客戶端蜜罐HoneyClient的安全改進。本系統(tǒng)的惡意URL收集功能將使用HoneyClient來完成，由于高交互客戶端蜜罐自身存在著一定的風(fēng)險，因此本文將對HoenyClient的安全保障系統(tǒng)做一定的研究和配置，減少使用其收集惡意URL時被攻陷的可能性。 3.深度網(wǎng)頁爬蟲設(shè)計。本文在傳統(tǒng)爬蟲的基礎(chǔ)上加入了DeepWeb技術(shù)，設(shè)計了一種具有獲取網(wǎng)站完整數(shù)據(jù)功能的新型深度網(wǎng)頁爬蟲，使得無論是攻擊者建立的純粹以攻擊為目的的網(wǎng)站，還是被攻擊者攻陷后放入惡意數(shù)據(jù)的普通網(wǎng)站，都能夠?qū)ζ渲械膼阂鈨?nèi)容有高效率的發(fā)現(xiàn)能力。 4.網(wǎng)頁代碼安全性分析，，本文對當前最新的HTML5安全漏洞進行了分析，研究了其基本原理和攻擊方式，同時在此基礎(chǔ)上對現(xiàn)有網(wǎng)頁上可能存在的以HTML和JS編寫的攻擊代碼的一般性特征進行了分析和獲取。 5.惡意代碼檢測，本文根據(jù)提取到的攻擊特征，使用HtmlAgility Pack和傳統(tǒng)正則表達式兩種方法對于獲取的網(wǎng)站數(shù)據(jù)進行檢索和分析，發(fā)現(xiàn)了大量符合特征的攻擊內(nèi)容，且其中相當一部分攻擊代碼是處于在網(wǎng)頁數(shù)據(jù)庫中抽取到的信息之中。
[Abstract]:Nowadays, the Internet has become an indispensable part of people's life. With the rapid development of network technology in recent years, it has changed people's way of life to a great extent, but the new network security problems have been emerging constantly. Nowadays, more and more network attacks take the client as the object of attack, and a large number of malicious web pages filled with the Internet are a common intrusion technique, and with the development and application of HTML5 specification, it brings a lot of new functions at the same time. Based on the analysis of the existing client honeypot and malicious web page collection system, this paper will focus on the HoneyClient honeypot system security improvement. Based on DeepWeb dynamic web page data capture technology, a web crawler and malicious web page data analysis technology are proposed to design a client honeypot based malicious web page collection and analysis system prototype. It can analyze the web pages made by HTML4 and HTML5 and the data in its database at the same time, and capture the malicious attack code that may contain. The main work of this paper is as follows: 1. In this paper, the current popular attacks against clients are fully studied, and the common situations of attacks against clients are analyzed from three aspects: attack principle, client software vulnerabilities and attack ways. 2. High interactive client honeypot HoneyClient security improvement. The malicious URL collection function of this system will be completed by HoneyClient. Because there are some risks in honeypot itself, this paper will do some research and configuration on Hoeny client's security system. Reduces the possibility of being compromised when using it to collect malicious URLs. 3. Deep web crawler design. In this paper, DeepWeb technology is added to the traditional crawler, and a new kind of deep web crawler is designed, which has the function of obtaining the complete data of the website. Or after being attacked by the attacker into malicious data into the ordinary site, which can have a high efficiency in the detection of malicious content. 4. 4. In this paper, the latest HTML5 security vulnerabilities are analyzed, and its basic principle and attack methods are studied. At the same time, the general features of the attack code written in HTML and JS on the existing web pages are analyzed and acquired. Malicious code detection, according to the extracted attack features, using HtmlAgility Pack and traditional regular expression to retrieve and analyze the obtained website data, found a large number of attacks that accord with the characteristics. And a considerable part of the attack code is in the web database extracted from the information.
【學(xué)位授予單位】：武漢理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08;TP393.092

【參考文獻】

相關(guān)期刊論文 前10條

1 李揚;朱曉民;李煒;;網(wǎng)站安全漏洞解析[J];四川兵工學(xué)報;2012年01期

2 羅江洲;郝斌;;一種主動的網(wǎng)絡(luò)安全防御策略——蜜罐及其技術(shù)[J];電腦知識與技術(shù)(學(xué)術(shù)交流);2007年06期

3 李必云;石俊萍;;Web攻擊及安全防護技術(shù)研究[J];電腦知識與技術(shù);2009年31期

4 陳青;王穎杰;;基于惡意網(wǎng)頁檢測的蜜罐系統(tǒng)的改進[J];計算機安全;2009年01期

5 王榮國;;HTML5帶來的WEB應(yīng)用變革及安全問題研究[J];電腦開發(fā)與應(yīng)用;2012年07期

6 顧春蓮;;HTML5中的音頻及視頻元素對互聯(lián)網(wǎng)的影響[J];河北省科學(xué)院學(xué)報;2011年03期

7 藺旭東;薄靜儀;王宇賓;曾曉寧;;網(wǎng)絡(luò)安全中的蜜罐技術(shù)和蜜網(wǎng)技術(shù)[J];中國環(huán)境管理干部學(xué)院學(xué)報;2007年03期

8 孫曉妍;王洋;祝躍飛;武東英;;基于客戶端蜜罐的惡意網(wǎng)頁檢測系統(tǒng)的設(shè)計與實現(xiàn)[J];計算機應(yīng)用;2007年07期

9 陳培;高維;;惡意代碼行為獲取的研究與實現(xiàn)[J];計算機應(yīng)用;2009年S2期

10 齊林;王靜云;蔡凌云;陳寧波;;SQL注入攻擊檢測與防御研究[J];河北科技大學(xué)學(xué)報;2012年06期

本文編號：2005053