检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:黄长慧[1] 胡光俊[1] 李海威[1] HUANG Changhui;HU Guangjun;LI Haiwei(First Research Institute of the Ministry of Public Security of PRC,Beijing 100048,China)
机构地区:[1]公安部第一研究所,北京100048
出 处:《信息网络安全》2021年第3期1-6,共6页Netinfo Security
摘 要:在网络空间对抗不断加剧的情况下,我国各重要行业单位信息化深度发展过程中建设的大量Web应用系统的安全面临严峻考验,各行业单位防护技术及措施存在不足,急需建立有效技术防护体系。文章提出一种基于URL智能白名单的Web应用未知威胁阻断防护方案,从合规行为角度入手,以访问控制白名单和非合规行为阻断为核心,通过建立业务白名单动态模型、URL访问控制白名单,实现应对Web应用未知威胁的主动防御体系,提升我国重要行业单位Web应用系统安全防护水平。With the increasing confrontation in cyberspace,the security of a large number of Web application systems constructed in the process of information development of important industry units in China is facing severe challenges.Protection technology and measures of various industries are insufficient,and it is urgent to establish effective technical protection system.This paper proposes an unknown threat blocking protection scheme for Web applications based on URL intelligent whitelist.This scheme proceeds from the perspective of compliance behavior,taking access control whitelist and non-compliance behavior blocking as the core.Through building dynamic model of business whitelist and URL access control whitelist,this scheme establishes an active defense system against unknown threats of Web applications which can improve the security protection level of Web application system of important industry units in China.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222