| Due to the rise of cyber-attack activities and malware,more and more security studies are focused on how to improve the safety and the reliability of web services.Web backdoor attack as an increasingly prevalent network attack can cause a serious damage to websites.In cyber-attack activities,system vulnerabilities and web application flaws are usually used to implant a webshell into victim servers.Enterprises and government networks are under serious security threat.In order to mitigate the effect of backdoor attack,extensive studies have been conducted in this field of backdoor attack detection.Static feature detection is believed to be an effective solution and is being improved ceaselessly.However,static feature detection also has certain limitations and security risks which focuses on the text feature of script file but ignore the diversity of backdoor attack forms.This potential problem has the risk of being exploited by attackers.In this paper,we have carried out relevant research work at home and abroad on the most popular static feature detection technology at this stage.By investigating some existing detection schemes and finding out the inherent security risks,this paper proposes a backdoor injection attack model for Java Web application servers,and on this basis,proposes an improved command and control channel model based on blockchain which improves the anti-traceability of backdoor injection attack.The main work of this thesis is as follows:(1)As for the inherent security risks of static feature detection technology,this paper begins with web backdoor detection technology,analyzing and summarizing some existing backdoor detection techniques,and combines the principle analysis of Java Web related technologies to propose a backdoor injection attack scheme for Java Web application servers,which can be used to inject malicious backdoors into the Java virtual machine of the Web application server in the form of fileless attack.(2)This paper analyzes the issues of extensibility and concealment commonly lacking in Web backdoor attacks,and overcomes these issues in the backdoor injection attack model by tracking the key class of Java Filter and releasing process handles that occupy them.The experimental results show that this model can effectively attack five different types of Java web application servers(covering about 87% Java application servers in the market)while avoiding static feature detection,access control policy and anti-virus software,and automatically clean up the attack traces.(3)Due to the backdoor injection attack model lacks the ability to resist traceability,this paper proposes an improved command and control channel model via blockchain based on the backdoor injection attack model.The experimental results show that this model can avoid most anti-virus engines and network tracking monitoring.In addition,it can improve the issue that backdoor injection attack cannot display correctly when executing commands on some Java Web application servers. |
PDF Full Text Request