摘要
随着企业信息化和应用系统的互联网化,互联网安全威胁从数量和种类上都在飞速增长.而传统的防护技术,在应对新型的互联网安全威胁,特别是零日漏洞和攻击、新型的自动化攻击方面,显现出明显的缺陷和力不从心,这些自动化攻击也称作网络机器人攻击(bots attacks).以近期著名的Struts2 S2-032漏洞为例,分析创新的动态安全技术以及其防护特点,阐述其对此类新型威胁有效的防御机理,并根据其机理拓展分析其在当下热点的互联网威胁中更广的应用场景.
With the development of enterprise informatization and the internet-enabled application system,the threats of cyber security are changing rapidly in quantity and variety.Traditional protection technology is showing obvious drawbacks in response to the emerging security threats,especially in the areas of zero-day attacks and automated attacks which are also called 'Bots'.This article uses Struts2 S2-032 vulnerability as an example to analyze the innovation of dynamic morphism technology and the effectiveness of its protection mechanism against Struts2 and other widespread cyber threats.
出处
《信息安全研究》
2016年第8期747-753,共7页
Journal of Information Security Research
关键词
机器人攻击
动态变换
STRUTS
2
零日攻击
撞库
多点低频攻击
数据保护
业务安全风险
Bots
dynamic variation
Struts2
zero-day attacks
Credential stuffing
multi-sources and slow frequency attack
data protection
business security risk
