基于HoneyClient客户端蜜罐技术的安全防御研究-通信与信息系统专业论文.docxVIP

测针对这类客户端软件的攻击上还稍显不足。 本文首先对客户端攻击进行综述和剖析。然后针对开源的客户端蜜 罐系统 HoneyClient 进行源码级阐述和分析，并研究分析其架构设计及 系统模块，提出了加强 Honeyclient 系统的安全性能的方法；随后为提 高 HoneyClient 网页扫描效率，利用 Wget 开发出 URL 深度扫描功能。在 验证方面，本文利用 HoneyClient 系统对网站进行扫描检测，最终检测 出恶意网站的客户端攻击具体行为，并分析客户端攻击所利用的漏洞。 由于现有客户端蜜罐系统的设计和实现主要用于检测恶意网页，对其他 客户端软件的支持较少。因此，在本次研究中，为 HoneyClient 系统开 发了一个 WinExcel 插件，使得 HoneyClient 系统能够检测针对 Excel 客 户端的攻击。 关键词：客户端攻击，客户端蜜罐 Client Honeypot Research and Application Extension ABSTRACT With the development and common use of the Internet, the Internet security has touched our daily life. Usually a hacker using different server hardware and software vulnerabilities to get access to the server and control over sensitive information. However, with a variety of network security products and technologies had been widely applied, it is more difficult of making a common server-side attacks. Thus led to the invention of client-side attacks, which is a new and more concise way. After the rapid development of client-side software in recent years, the client-side attacks, which target on client-side software vulnerabilities, has become a major hacker attack method. In the course of confrontation with the traditional attacks, security researchers had proposed the groundbreaking honeypot theory and developed many honeypot system for researching and testing of traditional network attacks, which had made tremendous contributions. However, the newly developed client-side attacks made the honeypot system which specificly desinged for the traditional attacks inoperative. Therefore, security researchers proposed a new honeypot system called client-side honeypot system for client-side attacks. Client-side honeypot system was designed for detecting client-side attacks. And the main targets are malicious web pages and servers. It interacts with the web server actively and detect whether the data returned by the server contains attacks towards the users browser and the plug-ins. At present, the client-side honeypot system for det