CAJ | 학술논문

随着 Web 应用的快速发展，安全形势不容乐观，大部分Web 应用都存在安全漏洞，而传统的网络安全设备对于应用层的攻击防范十分有限。传统防火墙只能保护网络层，IDS、IPS不能有效防护通过灵活编码和报文分割来实现的应用层攻击。而Web应用防火墙工作在应用层，通过对HTTP请求和应答的解析，将解析出的内容与HTTP攻击特征库进行检索比对，阻断Web应用攻击，有效防护应用层。文章分析HTTP协议和主流Web攻击及其绕过方式，针对HTTP协议的缺陷和模式匹配的不足，采用Simhash提取特征和分块检索技术进行过滤防护，提出一个基于特征匹配的Web应用防火墙系统。实验表明，该Web 应用防火墙系统可以防御各种Web 应用层的攻击，有效解决了Web攻击检测的遗漏问题。
수착 Web 응용적쾌속발전，안전형세불용악관，대부분Web 응용도존재안전루동，이전통적망락안전설비대우응용층적공격방범십분유한。전통방화장지능보호망락층，IDS、IPS불능유효방호통과령활편마화보문분할래실현적응용층공격。이Web응용방화장공작재응용층，통과대HTTP청구화응답적해석，장해석출적내용여HTTP공격특정고진행검색비대，조단Web응용공격，유효방호응용층。문장분석HTTP협의화주류Web공격급기요과방식，침대HTTP협의적결함화모식필배적불족，채용Simhash제취특정화분괴검색기술진행과려방호，제출일개기우특정필배적Web응용방화장계통。실험표명，해Web 응용방화장계통가이방어각충Web 응용층적공격，유효해결료Web공격검측적유루문제。
With the rapid development of Web application, the security situation is not optimistic, the majority of Web applications have security vulnerabilities, and the traditional network security equipment for the application layer attack prevention is very limited. The traditional ifrewall can only protect the network layer, IPS, IDS cannot effectively protect the application layer attacks by lfexible encoding and packet segmentation. The Web application firewall works in the application layer, it analysis the HTTP requests and responses, then compares the analysis results to the HTTP attack feature library, blocking Web application attacks, protect application layer effectively. This paper analyzed the HTTP protocol and mainstream web attacks and bypass mode, aiming at the deifciency of the HTTP protocol and the defect of model matching, and it adopted Simhash feature extraction and block prevention and ifltering search technology, to propose a based on feature matching of Web Application Firewall System. Experiments show that the Web application ifrewall can defend against all kinds of Web application layer attacks, effectively solve the problem of the Web attack detection.