信息网络安全

信息网络安全 ›› 2015, Vol. 15 ›› Issue (11): 53-59.doi: 10.3969/j.issn.1671-1122.2015.11.009

• • 上一篇    下一篇

基于特征匹配的Web应用防火墙的研究与设计

辛晓杰, 辛阳, 姬硕   

  1. 北京邮电大学信息安全中心,北京100876
  • 收稿日期:2015-08-15 出版日期:2015-11-25 发布日期:2015-11-20
  • 作者简介:

    作者简介: 辛晓杰(1989-),女,山东,硕士研究生,主要研究方向:信息安全与灾备技术;辛阳(1977-),男,山东,副教授,博士,主要研究方向:信号与信息处理;姬硕(1990-),男,河北,硕士研究生,主要研究方向:信息安全与灾备技术。

  • 基金资助:
    国家高技术研究发展计划(国家863计划)[BY2015AA016005];江苏省未来网络创新研究院“未来网络前瞻性研究项目”[BY2013095-4-05]

Research and Design of Web Application Firewall Based on Feature Matching

Xiao-jie XIN, Yang XIN, Shuo JI   

  1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2015-08-15 Online:2015-11-25 Published:2015-11-20

RichHTML

2

PDF (PC)

515

摘要:

随着 Web 应用的快速发展,安全形势不容乐观,大部分Web 应用都存在安全漏洞,而传统的网络安全设备对于应用层的攻击防范十分有限。传统防火墙只能保护网络层,IDS、IPS不能有效防护通过灵活编码和报文分割来实现的应用层攻击。而Web应用防火墙工作在应用层,通过对HTTP请求和应答的解析,将解析出的内容与HTTP攻击特征库进行检索比对,阻断Web应用攻击,有效防护应用层。文章分析HTTP协议和主流Web攻击及其绕过方式,针对HTTP协议的缺陷和模式匹配的不足,采用Simhash提取特征和分块检索技术进行过滤防护,提出一个基于特征匹配的Web应用防火墙系统。实验表明,该Web 应用防火墙系统可以防御各种Web 应用层的攻击,有效解决了Web攻击检测的遗漏问题。

关键词: Web应用防火墙, HTTP, Web攻击, Simhash, 分块检索

Abstract:

With the rapid development of Web application, the security situation is not optimistic, the majority of Web applications have security vulnerabilities, and the traditional network security equipment for the application layer attack prevention is very limited. The traditional firewall can only protect the network layer, IPS, IDS cannot effectively protect the application layer attacks by flexible encoding and packet segmentation. The Web application firewall works in the application layer, it analysis the HTTP requests and responses, then compares the analysis results to the HTTP attack feature library, blocking Web application attacks, protect application layer effectively. This paper analyzed the HTTP protocol and mainstream web attacks and bypass mode, aiming at the deficiency of the HTTP protocol and the defect of model matching, and it adopted Simhash feature extraction and block prevention and filtering search technology, to propose a based on feature matching of Web Application Firewall System. Experiments show that the Web application firewall can defend against all kinds of Web application layer attacks, effectively solve the problem of the Web attack detection.

Key words: Web application firewall, HTTP, Web attack, Simhash, block search

中图分类号: