【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 1575次   下载 1026 本文二维码信息
码上扫一扫!
一种基于预警信息的漏洞自动化快速防护方法
徐其望,陈震杭,彭国军,张焕国
分享到: 微信 更多
(武汉大学空天信息安全与可信计算教育部重点实验室, 武汉大学国家网络安全学院 武汉 中国 430072;北京神州绿盟信息安全科技股份有限公司 北京 中国 100089)
摘要:
针对当前Web应用防护方法无法有效应对未知漏洞攻击、性能损耗高、响应速度慢的问题,本文从漏洞预警公告中快速提取漏洞影响范围和细节,然后对目标系统存在风险的访问请求与缺陷文件和函数调用关系进行自动化定位,构建正常访问模型,从而形成动态可信验证机制,提出并实现了基于预警信息的漏洞自动化快速防护方法,最后以流行PHP Web应用的多个高危漏洞对本文方法进行验证测试,结果表明本文方法能够自动化快速成功阻止最新漏洞攻击,平均性能损耗仅为5.31%。
关键词:  漏洞预警  漏洞防护  动态可信  调用分析  Web安全
DOI:10.19363/J.cnki.cn10-1380/tn.2020.01.07
投稿时间:2019-09-06修订日期:2019-10-22
基金项目:本课题得到NSFC-通用技术基础研究联合基金(No.U1636107),国家自然科学基金(No.61972297)资助。
A rapid and automatic vulnerability protection scheme based on warning information
XU Qiwang,CHEN Zhenhang,PENG Guojun,ZHANG Huanguo
Key laboratory of space information security and trusted computing, ministry of education, wuhan university, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China;Nsfocus Information Technology Co., Ltd., Beijing 100089, China
Abstract:
Aiming at the problem that current Web application protection schemes can not effectively deal with unknown vulnerability attacks, with high performance loss and slow response speed, this paper extracts the scope and details of vulnerabilities from vulnerability warning announcements, and then automatically locates the relationship between access requests and defective files and function calls that exist risks in the target system, and constructs a normal access model, thus forming dynamic trusted authentication mechanism, proposed and implemented a rapid vulnerability automation protection scheme based on warning information. Finally, several high-risk vulnerabilities of popular PHP Web applications were tested to verify the scheme. The results show that the scheme can automatically and successfully prevent the latest vulnerability attacks, with an average performance loss of only 5.31%.
Key words:  vulnerability warning  vulnerability protection  dynamic trustworthiness  invocations analysis  web security