摘  要

计算机互联网的出现极大的改变了人们的生活方式与工作习惯，大量的共享信息给人们带来了各方面的便利，但与此同时由于互联网本身的开放性、脆弱性使得互联网面临的安全问题也日益突显。互联网上的Web站点几乎时刻都面临着拒绝服务攻击、木马注入、跨站脚本等恶意攻击，并常因此导致服务中断、网站内容被恶意篡改、客户信息泄露等严重后果，极大的削弱了Web站点的稳定性，同时也严重影响了用户对Web站点的信心。更值得关注的是，网页木马由于其制作的简捷性、传播速度快、变种形式多样、破坏力强、挂马方式的多样性等原因使其成为最为广泛的网络攻击手段并大行其道，给网络安全造成了极大威胁和负担。

结合上述网络安全现状，本论文主要针对网站安全需求，Web服务器往往得不到传统防御方式的有效保护，使其成为整个网络环境中安全最薄弱的地方。缓冲区溢出、SQL注入、基于脚本的DDos、盗链和跨站等攻击行为对Web服务器的安全和稳定造成极大的威胁，而目前缺少有效的防御和保护的方式。本课题中首先调研了当前Web服务器所面对的威胁，然后针对这些安全威胁设计了一套木马检测系统，并通过ISAPI实现了对Windows平台下的IIS服务器的保护。在这套木马检测系统中，可以通过制定策略来检测所有访问Web服务器的行为，可以有效地阻止恶意攻击从而保护Web服务器的安全。这套木马检测系统的策略引擎可以加载和调用Lua语言编写的策略脚本，使策略脚本的编写更加简单。

论文在总体设计的基础上，完成了系统功能模块的实现，并对系统的功能和性能进行了测试，结果显示所实现系统满足网站安全检测需求，具有较好的可用性。

关键词:网络爬虫，网页源码解析，网页挂马，木马特征库，ISAPI 的解析

Abstract

The emergence of the computer Internet has greatly changed people's way of life and work habits, a large amount of information sharing has brought people convenience in all aspects, but at the same time, due to the openness of the Internet itself, Vulnerability makes the security problems facing the Internet increasingly prominent. Web sites on the Internet almost always face malicious attacks such as denial of service attacks, Trojan horse injection, cross-site scripts, and so on, which often lead to service disruption, malicious tampering with website content, and serious consequences such as customer information disclosure. Greatly weakened the stability of the Web site, but also seriously affected the user confidence in the Web site. It's worth it. Note: because of its simplicity, high speed of transmission, variety of forms, strong destructive power and so on, the web Trojan horse has become the most widely used means of network attack. To the network security caused the great threat and the burden.

Combined with the above network security situation, this paper mainly aims at the website security demand, the Web server often can not be effectively protected by the traditional defense mode, making it become the weakest place in the whole network environment. Buffer overflow, SQL injection, DDos, chain theft based on script and cross-station attacks pose a great threat to the security and stability of Web server, but there is a lack of effective defense and protection methods. In this paper, the threats to the current Web server are investigated, and then a Trojan horse detection system is designed for these security threats, and the Win is realized through ISAPI. Dows platform under the IIS server protection. In this Trojan detection system, we can make a policy to detect all access to Web servers, and can effectively prevent malicious attacks to protect the security of Web servers. The policy engine of the Trojan detection system can load and call the policy script written in Lua language, which makes the writing of policy script easier.

On the basis of the overall design, the realization of the system function module is completed, and the function and performance of the system are tested. The results show that the system meets the requirements of website security detection and has good usability.

Keywords: Web crawler, web page source code analysis, web page hanging horse, Trojan horse feature library, Analysis of ISAPI

目  录

1 引言 1

2 Web服务器所受的威胁及防御 1

2.1 缓冲区溢出 1

2.2 SQL注入攻击 1

2.3 基于脚本的DDos攻击 2

2.4 其他的不安全因素 3

3 Web的木马检测系统的设计 4

3.1 体系结构 4

3.2 处理流程 5

3.3 对客户端访问的响应 7

3.4 策略引擎的设计 8

3.4.1 策略的属性 8

3.4.2 策略的加载 9

3.4.3 策略的调度 10

3.4.4 策略的接口 10

4 Web的木马检测系统的实现 11

4.1 基于ISAPI 的解析及响应模块的实现 11

4.1.1 使用ISAPI Filter获取Http报文信息 11

4.1.2 使用ISAPI进行Http响应 13

4.1.3 在服务器上的安装配置ISAPI Filter 14

4.2 基于Lua的策略实现 15

4.2.1 对策略的封装 15

4.2.2 Lua策略脚本示例 15

4.3 基于xml的策略管理 16

5 系统运行过程及测试 16

结    论 18

参考文献 19

致  谢 20