基于RASP的Web安全检测方法

doi:10.11959/j.issn.1000-0801.2020294

Abstract

Abstract:

At present,the traditional Web security detection methods act on the input and output of the program,which can not prevent malicious code entering the program after being distorted and confused,and it is difficult to meet the new requirements of Web application security protection.Based on the in-depth analysis of the risk of traditional data flow monitoring methods,combined with the technical characteristics of rasp,a Web security detection method based on rasp was proposed.The rasp probe was embedded in the parameters of authority discrimination function,system command execution function and database operation function in Web application,and the change of data flow was detected in real-time at the code interpreter level.This method was implemented based on Java language.It was proved in the laboratory that this method is better than the traditional Web security detection method in accuracy and detection time.Finally,the deployment and application scenarios of this method were analyzed and proposed.

Key words: Web application, network security, RASP, security monitoring

CLC Number:

TP393

Hang YU,Shuai WANG,Huamin JIN. RASP based Web security detection method[J]. Telecommunications Science, 2020, 36(11): 113-120.

Figures/Tables 10

References 6

[1]	Global runtime application self-protection (RASP) security market to grow at a CAGR of 49.68% during the period 2018-2022[Z]. 2018.
[2]	邱若男, 胡岸琪, 彭国军 ,等. 基于 RASP 技术的 Java Web框架漏洞通用检测与定位方案[J]. 武汉大学学报(理学版), 2020,66(3): 285-296.
	QIU R N , HU A Q , PENG G J ,et al. General detection and location scheme of Java Web framework vulnerabilities based on RASP technology[J]. Journal of Wuhan University (Science Edition), 2020,66(3): 285-296.
[3]	BELLESSORT R , RUELLAN H , OUEDRAOGO N . Method and device for safely executing a Web application in a Web runtime environment:GB2554697[P].2018-04-11.
[4]	陈威, 陈乐然, 徐小天 ,等. 基于 Web 应用系统脆弱性的攻击及其防御技术[J]. 电信科学, 2017,33(Z1): 108-116.
	CHEN W , CHEN L R , XU X T ,et al. Attack and defense technology based on Web application system vulnerability[J]. Telecommunications Science, 2017,33(Z1): 108-116.
[5]	YIN Z X , LI Z F , CAO Y . A Web application runtime application self-protection scheme against script injection attacks[P]. 2018
[6]	林锋, 徐柳婧, 陈晓华 ,等. 一种基于多视角特征融合的Webshell检测方法[J]. 电信科学, 2020,36(6): 125-132.
	LIN F , XU L J , CHEN X H ,et al. A Webshell detection method based on multi view feature fusion[J]. Telecommunications Science, 2020,36(6): 125-132.

Metrics

Recommended 0

No Suggested Reading articles found!

开发语言	实现原理
Java	利用Java的ClassFileTransformer接口特性，构建独立于Java应用的agent程序，让class文件在JVM运行前插入安全监测代码，实现RASP功能
PHP	利用PHP的拓展模块特性，在执行模块初始化（MINIT）过程中，替换特定 PHP_FUNCTION对应的函数指针，从而插入安全监测代码，实现RASP功能
Python	利用Python 动态分析中常用的命名空间覆盖的机制、hook关键函数，将函数的参数和返回值送回到安全监测代码，实现RASP功能

环境组件	Java	Tomcat	WAF	SQLmap	Jmeter	OpenRasp
版本	1.8	8.5.0	https://github.com/chengdedeng/waf	1.4.8	5.2.1	1.3.4

方法	平均识别准确率	平均运行时间/s
不采用安全防护	—	2.489
本文方法	100%	3.301
采用OpenRasp防护	100%	4.831
传统数据流监控	98%	4.653

[1]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[2]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[3]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[4]	Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning [J]. Telecommunications Science, 2021, 37(3): 105-113.
[5]	Ming GAO,Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING. A differential feedback scheduling decision algorithm based on mimic defense [J]. Telecommunications Science, 2020, 36(5): 73-82.
[6]	Wei DING. Network security threat prevention and control system of electric power monitoring systems for wind farm [J]. Telecommunications Science, 2020, 36(5): 138-144.
[7]	Zhiqiang YANG,Li SU,Minpeng QI,Bo YANG. Overview and prospect of 5G security [J]. Telecommunications Science, 2020, 36(12): 1-19.
[8]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[9]	Ping XIE,Xiaosong LIU. Security of the deployment of SDN-based IoT using blockchain [J]. Telecommunications Science, 2020, 36(12): 139-146.
[10]	Yuanying XIAO,Yaodong YOU,Lixi XIANG. Causes and optimization of the false alarm rate of code review system [J]. Telecommunications Science, 2020, 36(12): 155-162.
[11]	Junwen WANG. Technical requirement of future industrial internet [J]. Telecommunications Science, 2019, 35(8): 26-38.
[12]	Cong LI, Bo LEI, Chongfeng XIE, Yunhe LI. Trustworthy network based on blockchain technology [J]. Telecommunications Science, 2019, 35(10): 60-68.
[13]	Jianquan WANG,Zhangchao MA,Xinzhong LI,Lei SUN,Changwei HU. Quantum secure communication network architecture and mobile application solution [J]. Telecommunications Science, 2018, 34(9): 10-19.
[14]	Yeshen HE,Kun LIANG,Wei TAN,Xin HU. Security monitoring system of intelligent substation based on IoT [J]. Telecommunications Science, 2018, 34(9): 179-185.
[15]	. Interestmeasurement and system construction of personal information protectionLI Meiyan [J]. Telecommunications Science, 2018, 34(8): 160-166.

RASP based Web security detection method

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 6

Related Articles 15

Metrics

Recommended 0