Design And Implementation Of High Performance Web Fingerprint Identification And Threat Awareness System

Since the implementation of the "Internet +" strategy,informatized lifestyle not only brings convenience to people,but also causes many maj or security risks.Security incidents and high-risk vulnerabilities are increasing year by year.Researching penetration testing technology has great significance to improve the security of Web application systems.Penetration testing uses the simulated attack method to detect the vulnerabilities in system.The key problem is that the simulation attack phase will increase the network burden and trigger security devices such as fir-ewalls.And the attack script is not targeted,which leads to low scanning efficiency.In response to the above problems,the paper proposes a method based on port and website fingerprint to awareness system security threats.The main work includes:(1)This paper designs and implements Web fingerprint indentification and threat awareness system,which includes port fingerprint identification module,website fingerprint identification module,threat awareness module and task scheduling module.Among them,the task scheduling module is based on the Gearman framework development,which is a key point to improve system performance.By studying and analyzing the framework,this paper finds and solves its single point of failure problem and persistent store of task queue problem,which improves the multitasking ability of system.(2)By studying and analyzing the advantages and disadvantages of the existing port fingerprint identification tools-Nmap and Zmap,this paper designs and implements the stateless port scanning technology based on TCP SYN scanning.By introducing the asynchronous idea to independently send the packet thread and the receiving packet thread,the system identifies the open port of the target system,which increases port fingerprint identification rate.Resear-ching port service identification technology,the system uses regex match to match the target website Banner information with the signature of the service,which identifies the service running on the port.(3)This paper researches and analyzes the HTTP response packet header and HTML source code to summary the extracting rules of website fingerprint features.This paper designs component fingerprint and establishes the website fingerprint database.Then the target fingerprint features are matched with each component fingerprint in the fingerprint database by regex match to identify the website fingerprint,which improve the performance of the website fingerprint identification.In addition,by studying machine learning multi-classification algorithm,the system uses the GBDT(Gradient Boosting Decision Tree)multi-classification algorithm to further identify the version range of the Web server,which narrows the scope of threat awareness.