摘要
针对当前工业界主流的Web应用保护方案难以检测未知漏洞且无法定位漏洞攻击细节的问题,分析主流Web框架和组件上的4类典型漏洞攻击流程,总结4类漏洞通用利用模式,进而利用运行时应用自我保护(runtime application selfprotection,RASP)技术,在Web程序内部获取运行时信息并进行漏洞攻击行为检测和多层次的信息记录,提出了基于RASP技术的Java Web框架漏洞通用检测与定位方案。实验结果表明,该检测方案可检测出全部攻击测试样本,并可定位漏洞攻击细节在Web应用程序中的位置,定位准确率达88.2%,且该方案性能消耗小。
Aiming to solve the problem that it is hard for the mainstream Web application protection schemes in the industry to de⁃tect unknown vulnerabilities and locate the details of vulnerability attacks,we firstly analyze four types of typical vulnerability attacking processes on the mainstream Web frameworks and components,then extract four types of vulnerability general exploita⁃tion patterns.Next,by RASP(runtime application self-protection)technology,we obtain the runtime information inside the Web application and perform the vulnerability attack behavior detection as well as the multi-level information recording.Finally,we pro⁃pose a general detection and location scheme for Java Web framework vulnerability based on RASP technology.The experimental results show that the detection scheme can detect all attack test samples,locate the details of the vulnerability attack inside the Web application with accuracy rate of 88.2%and has low performance consumption.
作者
邱若男
胡岸琪
彭国军
张焕国
QIU Ruonan;HU Anqi;PENG Guojun;ZHANG Huanguo(Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,Wuhan University,Wuhan 430072,Hubei,China;School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,Hubei,China;Information Security Department,Didi Chuxing Limited Company,Hangzhou 310000,Zhejiang,China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2020年第3期285-296,共12页
Journal of Wuhan University:Natural Science Edition
基金
NSFC-通用技术基础研究联合基金(U1636107)
国家自然科学基金(61972297)。
关键词
运行时应用自我保护
漏洞定位
攻击检测
Java
Web
runtime application self-protection(RASP)
vulnerability location
attack detection
Java Web
