| With the rapid development of the Internet, network information security increasingly becoming the focus problem. Among them, web tamper events occur frequently, often accompanied by severe political influence or huge economic losses. In order to reduce the spread of these pages or the impact of the economic losses, real-time detecting whether tampering occurs has great practical significance.The traditional server-based web tamper detection research is mature, but there are some issues, such as only suitable for stand-alone deployment, high cost, can not batch detecting whether tampering occurs, considered about data security or the stability of the system and so on, some units do not want to install the system on the server. The web tamper detection based on the client can effectively avoid these problems, but there are also two problems about detection accuracy and detection efficiency. In this paper, taking the web tamper detection based on the client as research objects, according to the relevant properties, we will study how to increase the detection accuracy rate and improve the efficiency of detection. The main work and achievements are as follows:1. For the high time complexity about computing the similarity in web tamper detection technologies based on similarity, according to the principle of local changes in the page, we proposed an improved similarity calculation algorithm. Improved algorithm ignores the common prefixes and suffixes between two strings, and gets the similarity by solving directly edit distance between the remaining parts. At the same time, we prove the correctness of the improved algorithm and analysis the time efficiency about the improved algorithm. Experimental results show, compared with the classical algorithm, the improved algorithm has better computational efficiency.2. For the two traditional web tamper detection models based on similarity and anomaly detection have their own blind spots, according to the real needs of the tamper detection, we propose a hybrid web tamper detection model. Integrated Principle is that any detection result from two traditional models is tampered, the final result is tampered. Compared with the two traditional models, at the expense of a small amount of artificial troubleshooting, hybrid model has better sensitivity with the tampered pages. At the same time, in order to take full advantage of prior knowledge, the auxiliary model based on sensitive words and compare properties is proposed. Through detecting part tampered pages in preprocessing stage by the auxiliary model, the detection accuracy is improved.Finally, the web tamper detection model this paper design is successfully access to Zhejiang Qianguan Information Security Company Website Monitoring Platform. Through a period of testing, this system has high system stability, and need little system resources such as memory, CPU usage, etc. It can adapt to the needs of website defacement batch detection. |
PDF Full Text Request