面向网络流的漏洞攻击检测研究-计算机技术专业毕业论文.docxVIP

本文从攻击者的角度切入研究，首先介绍了漏洞攻击的基础知识，分 本文从攻击者的角度切入研究，首先介绍了漏洞攻击的基础知识，分 析对比了常用攻击手段的技术特点；然后通过对攻击载体——shellcode的 实现原理及其检测技术进行深入研究，提出三类新的启发式规则；最后将 静态分析和动态执行方法相结合，提出一种shellcode混合检测方法。综 上所述，本文立足于从程序外部检测漏洞攻击，对shellcode实现原理及 其检测技术进行深入研究，取得了两方面的成果： 1．提出了三类新的启发式规则。针对现有检测方法对分段式shellcode 的检测支持不足的问题提出了LEH、FDR、TIAT等三类新的启发式规则，有 效地增强了现有方法对于分段式she]lcode的检测效果。 2．提出一种shellcode混合检测方法。不同于单纯的静态或动态方法， 新方法将两者相结合，既保留了动态方法的准确性优势，又综合了静态方 法在检测效率上的优势，找到了一种平衡准确性和效率的有效途径。 实验结果表明，提出的新启发式规则能有效地识别出对应的分段式 shellcode，同时新方法拥有良好的检测效率。 关键词：shellcode新启发式规则漏洞攻击混合检测 Ⅱ 万方数据 RESEARCH RESEARCH 0N DETECTl0N 0F VULNERABILITY ATTACK INSlDE ABSTRACT With the development and popularization of computer networks， vulnerability attack has become one of the main problems of network security due to its prevalence，widespread impact，serious consequences and other characteristics．At present，the relevant security researchers have proposed many defensive strategies and detection mechanisms against vulnerability attack，but the network security situation is still grim．Therefore，how to effectively detect vulnerability attack inside network flow is still one of the core issues of information security． The detection of vulnerability attack Can be carried out from extemal and intemal of programs．For internal way,the defender systems determme whether the program is under attack through checking if its control flow and other sensitive data have been tampered at run—time．For external way,the defender can fend and prevent the attack in time based on shellcode detection inside the input stream．In contrast to the internal detection，shellcode detection is a more effective means to defense against vulnerability attack． Currently,shellcode detection methods Can be generally divided into static and dynamic methods．The static method has the advantage in speed，and the dynamic method obtains better detection accuracy．However,many existing detection mechanism is purely static or dynamic methods，sacrificing efficiency or accuracy of the detection．becaus