基于RASP技术的电力应用系统账户安全防御技术研究

Research on Account Security Defense Technology of Power Application System Based on Runtime Application Self-protection Technology

目前常用的使用验证码进行验证登录、限制登录IP和认证日志监控等方法,都无法完美地解决账户密码暴力破解的问题。为提升电力应用系统账户安全性,提出基于运行时应用程序自我保护(Runtime Application Self-Protection,RASP)技术的电力应用系统账户安全防御技术方法。首先,提出一种基于数据中台架构的用户登录请求和数据库关联方法,在Web服务器部署jar包软件探针,通过采用RASP技术在Web中间件处理请求的类中加入拦截代码,通过监控Java虚拟机中的应用程序类,实现对HTTP请求和数据交换的全过程监测。其次,提出基于RASP用户行为分析的暴力破解账户检测方法,构建用户的访问行为,通过对比分析当前用户行为与用户行为模型,由此评判该用户行为是否存在异常,实现电力应用系统账户的安全防御。最后,设计基于RASP技术的电力应用系统账户安全防御系统,并详细介绍系统部署架构和功能架构,在数据中台架构下采用数据关联方法,精准关联前台用户访问请求和后台数据库访问,采用机器学习和大数据分析等技术实现账户密码防止暴力破解,有效提升新型数据攻击的检测能力。

Common methods such as using verification code to authenticate login,limiting login IP address,and monitoring authentication logs cannot perfectly solve the problem of brute force cracking of account passwords.In order to improve the account security of power application system,a method of account security defense of power application system based on runtime application self-protection(RASP)technology was proposed.Firstly,a method of user login request and database association based on data platform architecture was proposed.A JAR package software probe was deployed in the Web server,and the interception code was added to the request processing class in the Web middleware based on RASP technology,which can realize the whole process of monitoring HTTP request and data exchange.Secondly,a brute-force account cracking detection method based on RASP user behavior analysis was proposed,and the normal behavior profile of the user was constructed.The current user behavior was judged to be abnormal by comparing whether the current user behavior deviates from the user behavior model,so as to realize the security defense of the power application system account.Finally,the account security defense system of power application system was designed based on RASP technology,and the system deployment architecture and functional architecture was introduced in detail.Based on the data association method in the data center architecture,the precise association between the backstage database access and the foreground specific access request was realized.Big data analytics and machine learning technologies were used to prevent brute-force cracking of account passwords,effectively improving the detection capability of new data attacks.