| 摘要: |
| 针对当前Web应用防护方法无法有效应对未知漏洞攻击、性能损耗高、响应速度慢的问题,本文从漏洞预警公告中快速提取漏洞影响范围和细节,然后对目标系统存在风险的访问请求与缺陷文件和函数调用关系进行自动化定位,构建正常访问模型,从而形成动态可信验证机制,提出并实现了基于预警信息的漏洞自动化快速防护方法,最后以流行PHP Web应用的多个高危漏洞对本文方法进行验证测试,结果表明本文方法能够自动化快速成功阻止最新漏洞攻击,平均性能损耗仅为5.31%。 |
| 关键词: 漏洞预警 漏洞防护 动态可信 调用分析 Web安全 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2020.01.07 |
| Received:September 06, 2019Revised:October 22, 2019 |
| 基金项目:本课题得到NSFC-通用技术基础研究联合基金(No.U1636107),国家自然科学基金(No.61972297)资助。 |
|
| A rapid and automatic vulnerability protection scheme based on warning information |
| XU Qiwang,CHEN Zhenhang,PENG Guojun,ZHANG Huanguo |
| Key laboratory of space information security and trusted computing, ministry of education, wuhan university, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China;Nsfocus Information Technology Co., Ltd., Beijing 100089, China |
| Abstract: |
| Aiming at the problem that current Web application protection schemes can not effectively deal with unknown vulnerability attacks, with high performance loss and slow response speed, this paper extracts the scope and details of vulnerabilities from vulnerability warning announcements, and then automatically locates the relationship between access requests and defective files and function calls that exist risks in the target system, and constructs a normal access model, thus forming dynamic trusted authentication mechanism, proposed and implemented a rapid vulnerability automation protection scheme based on warning information. Finally, several high-risk vulnerabilities of popular PHP Web applications were tested to verify the scheme. The results show that the scheme can automatically and successfully prevent the latest vulnerability attacks, with an average performance loss of only 5.31%. |
| Key words: vulnerability warning vulnerability protection dynamic trustworthiness invocations analysis web security |
