| 一种基于预警信息的漏洞自动化快速防护方法 |
| |
| 作者姓名: | 徐其望 陈震杭 彭国军 张焕国 |
| |
| 作者单位: | 武汉大学空天信息安全与可信计算教育部重点实验室, 武汉大学国家网络安全学院 武汉 中国 430072,北京神州绿盟信息安全科技股份有限公司 北京 中国 100089,武汉大学空天信息安全与可信计算教育部重点实验室, 武汉大学国家网络安全学院 武汉 中国 430072,武汉大学空天信息安全与可信计算教育部重点实验室, 武汉大学国家网络安全学院 武汉 中国 430072 |
| |
| 基金项目: | 本课题得到NSFC-通用技术基础研究联合基金(No.U1636107),国家自然科学基金(No.61972297)资助。 |
| |
| 摘 要: | 针对当前Web应用防护方法无法有效应对未知漏洞攻击、性能损耗高、响应速度慢的问题,本文从漏洞预警公告中快速提取漏洞影响范围和细节,然后对目标系统存在风险的访问请求与缺陷文件和函数调用关系进行自动化定位,构建正常访问模型,从而形成动态可信验证机制,提出并实现了基于预警信息的漏洞自动化快速防护方法,最后以流行PHP Web应用的多个高危漏洞对本文方法进行验证测试,结果表明本文方法能够自动化快速成功阻止最新漏洞攻击,平均性能损耗仅为5.31%。
|
| 关 键 词: | 漏洞预警 漏洞防护 动态可信 调用分析 Web安全 |
| 收稿时间: | 2019/9/6 0:00:00 |
| 修稿时间: | 2019/10/22 0:00:00 |
A rapid and automatic vulnerability protection scheme based on warning information |
| |
| Authors: | XU Qiwang CHEN Zhenhang PENG Guojun and ZHANG Huanguo |
| |
| Affiliation: | Key laboratory of space information security and trusted computing, ministry of education, wuhan university, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China,Nsfocus Information Technology Co., Ltd., Beijing 100089, China,Key laboratory of space information security and trusted computing, ministry of education, wuhan university, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China and Key laboratory of space information security and trusted computing, ministry of education, wuhan university, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China |
| |
| Abstract: | Aiming at the problem that current Web application protection schemes can not effectively deal with unknown vulnerability attacks, with high performance loss and slow response speed, this paper extracts the scope and details of vulnerabilities from vulnerability warning announcements, and then automatically locates the relationship between access requests and defective files and function calls that exist risks in the target system, and constructs a normal access model, thus forming dynamic trusted authentication mechanism, proposed and implemented a rapid vulnerability automation protection scheme based on warning information. Finally, several high-risk vulnerabilities of popular PHP Web applications were tested to verify the scheme. The results show that the scheme can automatically and successfully prevent the latest vulnerability attacks, with an average performance loss of only 5.31%. |
| |
| Keywords: | vulnerability warning vulnerability protection dynamic trustworthiness invocations analysis web security |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
