网页防篡改毕业论文.docVIP

摘要 随着互联网的大规模普及和迅猛发展，各政府机关、企业甚至个人纷纷建立起自己的网站。但由于外部网站需要被公众浏览而暴露在相对开放的环境中，很容易成为了黑客和不法分子的攻击目标。在各种各样的网络安全攻击事件当中，以篡改网站问题最为严重，造成的影响也最为恶劣。本文提出了一种具有主动拒绝非法修改网页文件行为的网站防篡改的改进机制。该机制要求管理员将网页文件加为受控对象，随后在文件驱动层进行检测，当检测到对受控对象有操作行为时，通过对象相关保护方式进行认证，对未通过验证的非法篡改行为予以拒绝。管理员需要修改文件时，通过特定程序输入授权码后进行修改。该机制还能够在保护网站安全的同时保证自身不被非法修改或中断，当被保护系统被非法篡改后，网站管理者将收到短信与邮件报警，从而体现防护的实时性。本系统采用HOOK对本程序线程进行保护，一但选择保护后，本程序将不能在任务管理器中被非法结束。使得入侵者无从下手，达到了主动防御网页篡改行为的目的。 关键词.NET网页防篡改，邮件短信报警，事件触发 ABSTRACT With the popularity of the Internet and the rapid development of large-scale, government agencies, businesses and even individuals have set up their own websites. However, due to external Web sites need to be exposed to public view and in a relatively open environment, it is easy to become the hackers and criminals target. In a variety of network security attacks were to tamper with the most severe site issues, and most adverse impact. This paper presents a web page with active refusal to modify the file illegal acts to improve the site tamper-resistant mechanism. The mechanism requires the administrator to add the page file to the controlled object, and then detected in the file driver layer, when the detected behavior of the controlled object has operations, the protection mode through the object related to authentication, for failure to verify the illegal tampering by be rejected. Administrators need to modify the file, enter the license key through a specific program after modifications. This mechanism can also protect the site while ensuring its own security is not illegal to modify or discontinue, when the protection system have been illegally tampered with, the site managers will receive SMS and e-mail alert, which reflects the real-time protection. The system uses HOOK protection of the thread, but the choice of a protection, the program will not be illegal in the Task Manager end. Makes the intruder can not start, reaching the proactive behavior of the purpose of tampering with web pages. KEYWORDS:. NET Web Conte