博碩士論文 955202016 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊工程學系zh_TW
DC.creator吳孟容zh_TW
DC.creatorMeng-jung Wuen_US
dc.date.accessioned2008-7-22T07:39:07Z
dc.date.available2008-7-22T07:39:07Z
dc.date.issued2008
dc.identifier.urihttp://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=955202016
dc.contributor.department資訊工程學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract隨著網際網路的快速發展,使得網頁伺服器成為學習、教育、娛樂、資訊交換、商業服務的重要平臺。也隨著網頁的重要性與日俱增,竄改網頁便成為攻擊者破壞企業形象或表達不同意識型態的方式[1]。此外,越來越多的攻擊者侵入網頁伺服器後,在不改變網頁在瀏覽器上呈現畫面的前提下,透過網頁竄改使得原網頁成為一個釣魚網頁(phishing)[12],或於網頁內加入下載檔案的指令。只要使用者瀏覽到該被竄改的網頁,其瀏覽器就自動地將攻擊者設定的惡意程式下載至其主機內,而這些惡意程式可能會執行破壊、偷竊資料的行為或奪取使用者主機的控制權,得使用者的主機成為下一波攻擊的跳板。基於以上的理由,如何快速且有效地防止網頁竄改,變成為一件很重要的事。 本篇論文,我們提出一個根植於作業系統核心內之防止網頁竄改的機制-- WsP(Websites Protector)。WsP是以malbehavior-based的方式來偵測攻擊,所以,攻擊者即使利用網頁伺服器漏洞,如apache網頁伺服器緩衝區溢位弱點,發動攻擊,取得伺服器的Super User 權限,仍無法直接竄改網頁,除非攻擊者重新起始新的作業系統,而此動作很可能會引起原有系統管理者的注意。而在此同時除了確保網頁伺服器不會在不安全的環境下操作,WsP並不會改變網站系統管理者原有的管理網頁的方式,也就是說,我們的機制對使用者而言是完全透明的、感受不到的,但對攻擊者而言,WsP能準確地阻擋攻擊者的攻擊。zh_TW
dc.description.abstractAlong with the fast development of Internet, the web servers become the important platforms of learning, educating, entertainment, information exchange and commercial service. Because of the growing importance of the web pages, altering web pages becomes the way that the attackers destroy the image of enterprises or expresses different ideology. In addition, more and more attackers intrude the web server and do not change web pages appear on the browser, but to alter the web pages make the original web pages become fishing pages or insert the command of downloading files in the web pages. As the user browses the web pages its browser downloads the malware which the attackers set up to user’s computer automatically and the malware may carry out broken or stolen the user’s data or even capture the control of user’’s computer and then user’’s computer becomes the springboard of next attacks. On the basis of the reasons of the above, how to prevent web pages to be defaced fast and effectively turn into a very important thing. In this research ,we propose a protect mechanism which is based on operating system kernel against web defacement attacks-- WsP(Websites Protector). WsP is base on malbehavior approach to detect attacks, even the attackers utilizes the loophole of web servers, eg.the buffer overflow vulnerability of Apache web server, to attack web servers and then gain Super User privileges of the servers.The attacker still unable to deface web pages directly unless the attacker start new operating system but this action will possibly cause the systematic administrator’s attention. Our mechanism at the same time dose not change the existing administrator’’s management, that is to say, our mechanism is totally transparent and unfeeling for user but WsP can resist the attacker’s attacks accurately.en_US
DC.subject網頁竄改zh_TW
DC.subject網頁保護zh_TW
DC.subject網路釣魚zh_TW
DC.subject惡意軟體zh_TW
DC.subjectphishingen_US
DC.subjectweb protectionen_US
DC.subjectweb defacementen_US
DC.subjectmalwareen_US
DC.title一個根植於作業系統核心之防止網頁竄改機制zh_TW
dc.language.isozh-TWzh-TW
DC.titleWsP: A Websites Protector against Web Defacement Attacksen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明