Web服务资源消耗脆弱性检测技术研究

Research on Web Service Resource Consumption Vulnerability Detection Technolog

当前,针对Web应用层的分布式拒绝服务攻击(distributed denial of service,DDoS)形式愈加严峻,但是对此类DDoS的缓解手段研究较少且技术不够成熟,并且主要聚集于攻击过程中的检测和流量清洗,而缺乏针对Web服务器资源消耗脆弱性的主动检测手段.为此,提出了面向Web服务资源消耗脆弱性的检测模型和评测框架,能够检测Web服务资源消耗脆弱点,并且评测Web服务资源消耗脆弱程度,旨在Web服务受到攻击前预先分析和了解Web服务的资源消耗脆弱性安全问题,为网站安全性能优化和需要采取的防御手段提供支撑.通过对某网站的实际测评验证了本模型和框架的有效性,能够通过对实际应用的网站进行Web服务资源消耗脆弱性检测和评测,发现其Web服务资源消耗脆弱点.

At present,the form of distributed denial of service(DDoS)attacks against the Web application layer is becoming more and more strict.However,the research on the mitigation methods of this kind of DDoS is less and the technology is not mature enough.It mainly focuses on the detection and traffic cleaning in the attack process and lacks active detection methods for the vulnerability of Web server resource consumption.Therefore,this paper proposes a detection model and evaluation framework for the vulnerability of Web service resource consumption,which can detect the vulnerability of Web service resource consumption and evaluate the vulnerability of Web service resource consumption.The purpose is to analyze and understand the vulnerability of Web service resource consumption before Web service is attacked,so as to provide a reference for website security performance optimization and defense measures support.Through the actual evaluation of a website,the effectiveness of the model and framework is verified.The vulnerability of Web service resource consumption can be detected and evaluated through the actual application website,and the vulnerability of Web service resource consumption can be found.