信息网络安全
信息網絡安全
신식망락안전
Netinfo Security
2015年
11期
53-59
,共7页
Web应用防火墙%HTTP%Web攻击%Simhash%分块检索
Web應用防火牆%HTTP%Web攻擊%Simhash%分塊檢索
Web응용방화장%HTTP%Web공격%Simhash%분괴검색
Web application ifrewall%HTTP%Web attack%Simhash%block search
随着 Web 应用的快速发展,安全形势不容乐观,大部分Web 应用都存在安全漏洞,而传统的网络安全设备对于应用层的攻击防范十分有限。传统防火墙只能保护网络层,IDS、IPS不能有效防护通过灵活编码和报文分割来实现的应用层攻击。而Web应用防火墙工作在应用层,通过对HTTP请求和应答的解析,将解析出的内容与HTTP攻击特征库进行检索比对,阻断Web应用攻击,有效防护应用层。文章分析HTTP协议和主流Web攻击及其绕过方式,针对HTTP协议的缺陷和模式匹配的不足,采用Simhash提取特征和分块检索技术进行过滤防护,提出一个基于特征匹配的Web应用防火墙系统。实验表明,该Web 应用防火墙系统可以防御各种Web 应用层的攻击,有效解决了Web攻击检测的遗漏问题。
隨著 Web 應用的快速髮展,安全形勢不容樂觀,大部分Web 應用都存在安全漏洞,而傳統的網絡安全設備對于應用層的攻擊防範十分有限。傳統防火牆隻能保護網絡層,IDS、IPS不能有效防護通過靈活編碼和報文分割來實現的應用層攻擊。而Web應用防火牆工作在應用層,通過對HTTP請求和應答的解析,將解析齣的內容與HTTP攻擊特徵庫進行檢索比對,阻斷Web應用攻擊,有效防護應用層。文章分析HTTP協議和主流Web攻擊及其繞過方式,針對HTTP協議的缺陷和模式匹配的不足,採用Simhash提取特徵和分塊檢索技術進行過濾防護,提齣一箇基于特徵匹配的Web應用防火牆繫統。實驗錶明,該Web 應用防火牆繫統可以防禦各種Web 應用層的攻擊,有效解決瞭Web攻擊檢測的遺漏問題。
수착 Web 응용적쾌속발전,안전형세불용악관,대부분Web 응용도존재안전루동,이전통적망락안전설비대우응용층적공격방범십분유한。전통방화장지능보호망락층,IDS、IPS불능유효방호통과령활편마화보문분할래실현적응용층공격。이Web응용방화장공작재응용층,통과대HTTP청구화응답적해석,장해석출적내용여HTTP공격특정고진행검색비대,조단Web응용공격,유효방호응용층。문장분석HTTP협의화주류Web공격급기요과방식,침대HTTP협의적결함화모식필배적불족,채용Simhash제취특정화분괴검색기술진행과려방호,제출일개기우특정필배적Web응용방화장계통。실험표명,해Web 응용방화장계통가이방어각충Web 응용층적공격,유효해결료Web공격검측적유루문제。
With the rapid development of Web application, the security situation is not optimistic, the majority of Web applications have security vulnerabilities, and the traditional network security equipment for the application layer attack prevention is very limited. The traditional ifrewall can only protect the network layer, IPS, IDS cannot effectively protect the application layer attacks by lfexible encoding and packet segmentation. The Web application firewall works in the application layer, it analysis the HTTP requests and responses, then compares the analysis results to the HTTP attack feature library, blocking Web application attacks, protect application layer effectively. This paper analyzed the HTTP protocol and mainstream web attacks and bypass mode, aiming at the deifciency of the HTTP protocol and the defect of model matching, and it adopted Simhash feature extraction and block prevention and ifltering search technology, to propose a based on feature matching of Web Application Firewall System. Experiments show that the Web application ifrewall can defend against all kinds of Web application layer attacks, effectively solve the problem of the Web attack detection.