中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/89791
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41645262      Online Users : 1299
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/89791


    Title: HoneyContainer: Container-based Webshell Command Injection Defending and Backtracking
    Authors: 城偉竣;Cheng, Wei-Jun
    Contributors: 資訊工程學系
    Keywords: 資安;security;container;Linux;webshell;honeypot
    Date: 2022-07-25
    Issue Date: 2022-10-04 11:59:51 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 網頁伺服器通常被視為一個企業相當重要的門面。然而,由於網際網路上日益
    變化、種類繁多的攻擊手段,網頁伺服器也往往淪為企業整體系統中的資安弱 點。在這些複雜的攻擊手段中,又以 webshell 攻擊最令人困擾。攻擊者可以經 由合法的途徑上傳 webshell 檔案,並且透過與一般使用者相似的流量行為發起 webshell 攻擊。 目前學術界有大量研究在探討如何偵測 webshell 攻擊,包含靜 態檔案分析以及 HTTP 流量分析,但攻擊者仍可以透過加密 webshell 檔案以及 加密其操作 webshell 的 HTTP 封包內容來躲避偵測。 為了達成偵測與防禦 webshell 攻擊的目的,我們提出一個架構名叫 HoneyContainer。此架構可以偵測 攻擊、反向追蹤攻擊者的來源並且把惡意的流量導向到 honeypot 容器環境中。 如此一來,HoneyContainer 可以有效的保護網頁伺服器免於遭受攻擊者入侵。 我們實作了 HoneyContainer 的基本架構並使用 214 個真實的 webshell 檔案來驗 證其功能,結果顯示 HoneyContainer 可以順利的偵測到所有的攻擊並且將惡意 流量導向到 honeypot 環境中。另外,我們的評估結果顯示 HoneyContainer 僅會 對整體網頁伺服器系統造成一般使用者無法察覺的細微效能負擔。;The web server is considered as the face of a company. However, it is exposed
    to users on the internet, so the web server is also a weak point in the enterprise’s
    system because of the variety of attack strategies. Among those strategies, webshell
    attack is one of the most frustrating issues. Webshell can be uploaded through legal
    path and launched with the network traffic that is similar to other normal user’s.
    Although plenty of research works focus on detecting webshell attacks with various
    methods including analyzing source file or content of HTTP requests, the adversary
    can encode the source file or encrypt the communications between the webshell in
    a server and his browser. To detect and defend webshell-based command injection
    attacks, we propose an architecture, namely HoneyContainer, which detects attack
    event, backtracks the source of adversary, and redirects the malicious traffic to a
    honeypot container. It can efficiently protect the web service from adversary’s in-
    trusion. A prototype of HoneyContainer is implemented and validated with 214
    webshell files, and the results show that HoneyContainer can detect all of the shell
    command injection events and redirect malicious traffic. Furthermore, our evalua-
    tions indicate that the overhead caused by HoneyContainer is hardly noticeable for
    normal users.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML29View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明