节点文献
网页木马检测技术的研究
Study of Webpage-Trojan Detection Technology
【作者】 付鸣;
【导师】 宋继红;
【作者基本信息】 沈阳工业大学 , 计算机应用技术, 2012, 硕士
【摘要】 随着互联网技术应用迅速的发展,网页以其直观易操作,信息量大的特点逐渐成为人们进行获取和发布信息的主要方式。大量的网站为人们提供丰富多样的信息同时也遭受着各种威胁。互联网应用被木马攻击的事件案例举不胜举,其中90%是靠网页传播的。研究有效的针对网页木马的检测技术,对于控制木马的主要传播渠道,实现从“源”端阻止木马具有重要意义。本文通过对现有网页木马检测技术的分析,从网页代码审查为主的方法入手,设计基于网页代码审查的网页木马检测系统。采用XML的DOM文档对象模型解析和顺序读取网页源码的方法,进行网页木马特征码提取,并建立一个DOM树形结构的文档对象。用网页木马类型特征作为关键字进行树节点查找。网页木马特征库依据网页木马攻击网站系统后,在网页文件源码中的嵌入代码特征进行设计的。通过审查静态的网页脚本代码,发现其中隐藏的木马攻击行为。这种检测发生在代码执行前,可以有效避免威胁。它也不需要巨大的木马数据库,检测效率高。最后基于以上研究的基础,设计一个检测网页木马的网站安全检测系统。系统通过对一个目标网站文件进行检测网页木马特征,论证了以网页代码审查为主的方法是可行的。以网页代码审查为主,旨在提高网页木马检测的准确性和效率,并推动智能化检测在实际检测中的应用。该系统可减少网站安全管理相关人员的工作强度,在检测网站文件方面具有一定的实用价值。
【Abstract】 As the rapid development of Internet technology, webpage which has trait of intuitiveeasy operation and abundance information gradually becomes the main way for people toobtain and release information. Many websites provide people with a rich variety ofinformation at the same time suffer from all sorts of threats. There are many event casesof Internet applications attacking, and 90% of them transmitted by webpage.Through the analysis of the existing web Trojan detection techniques, from the mainmethod of webpage code review, this paper designs a web Trojan detection system basedon webpage code review. Using the method of XML DOM document object modelanalysis and order reading the webpage source code, this paper extracts the trait of thewebpage Trojan, and builds a DOM tree document objects structure. This paper uses thetype trait of the webpage Trojan as keywords to search the tree node. The feature library ofwebpage Trojan is designed on the trait of webpage source code after attacking bywebpage Trojan. Through the review of static page code, the system finds the attackingbehavior of the hidden Trojan. The test can effectively avoid threat before the execution ofcode. It does not need a huge Trojan database, and has high efficiency of detection.Finally, based above research, this pager designs a detection system of the webpageTrojan. Through detecting the webpage Trojan on a target site file, the detection systemdemonstrated to review the webpage code method is feasible. The aim is to improve thewebpage Trojan detection accuracy and efficiency, and promote intelligent testing in theactual detection. This system can reduce the intensity of the work related to personnel, andhas some practical value in the test of website documents.