安徽理工大学学报(自然科学版)
安徽理工大學學報(自然科學版)
안휘리공대학학보(자연과학판)
JOURNAL OF ANHUI UNIVERSITY OF SCIENCE AND TECHNOLOGY(NATURAL SCIENCE)
2015年
1期
60-63
,共4页
攻击识别%浏览器安全%动态检测
攻擊識彆%瀏覽器安全%動態檢測
공격식별%류람기안전%동태검측
attack analysis%web browser safety%dynamic detection
浏览器是互联网的重要入口,其脆弱性直接影响到用户数据和财产的安全。本文在分析跨站脚本攻击、跨站请求攻击以及点击劫持的攻击方法和成因的基础上,提出相应的动态检测和拦截方式,从而加强浏览器的安全性。通过使用WebBrowser 控件实现自定义浏览器,载入网页脚本预过滤等相关模块,实现防御功能。相关实验证明,本方案将有效提升浏览器安全性,减少网络风险。
瀏覽器是互聯網的重要入口,其脆弱性直接影響到用戶數據和財產的安全。本文在分析跨站腳本攻擊、跨站請求攻擊以及點擊劫持的攻擊方法和成因的基礎上,提齣相應的動態檢測和攔截方式,從而加彊瀏覽器的安全性。通過使用WebBrowser 控件實現自定義瀏覽器,載入網頁腳本預過濾等相關模塊,實現防禦功能。相關實驗證明,本方案將有效提升瀏覽器安全性,減少網絡風險。
류람기시호련망적중요입구,기취약성직접영향도용호수거화재산적안전。본문재분석과참각본공격、과참청구공격이급점격겁지적공격방법화성인적기출상,제출상응적동태검측화란절방식,종이가강류람기적안전성。통과사용WebBrowser 공건실현자정의류람기,재입망혈각본예과려등상관모괴,실현방어공능。상관실험증명,본방안장유효제승류람기안전성,감소망락풍험。
The browser is an important entrance of the Internet .Its vulnerability directly affects users ’ data and property safety .Three kinds of common attack methods via web browser were presented and analyzed , i.e.Cross Site Scripting attack , Cross Site Request Forgery attack and Click -jacking attack .According to the attacker's attack mode , three corresponding methods of defending attacks were proposed so as to strengthen safety of the browser .The self-made browser was achieved by using the WebBrower control .Webpage script prefiltering and other related module were installed and loaded , the defense function was realized .Through related experiments , the systems using the proposed method can block attacks .The method effectively improves the browser safety and reduces the risk of network .
