现代电子技术2025,Vol.48Issue(9):93-103,11.DOI:10.16652/j.issn.1004-373x.2025.09.015
PowerRASP:基于RASP的高性能Web安全防护方法研究
PowerRASP:Research on high performance Web application security protection method based on RASP
摘要
Abstract
The current Web applications are facing unprecedented threats of security attacks,such as SQL injection,Webshell attacks and increasingly prominent 0day security vulnerabilities,and these threats are serious and can impact societal order and national security.Unfortunately,the existing Web application security protection methods and tools often fall short,and they can be bypassed by sophisticated attacks,produce high rates of false positives,and require cumbersome configurations.As a result,they struggle to provide effective protection amid growing application demands and increasingly complex malicious attacks.To this end,an RASP-based PowerRASP high performance application security protection methodology and framework is proposed.It is used to solve the current Web application security protection problems such as low accuracy,inability to quickly block 0day security holes,and serious impact on the performance of Web applications.Experimental results demonstrate that PowerRASP achieves a 100%accuracy rate in security attack protection,whereas Baidu OpenRASP only reaches an accuracy rate of 77.60%.Furthermore,PowerRASP has a minimal impact on application performance,reducing CPU utilization by 5.2%and memory utilization by 0.41%in comparison with OpenRASP.关键词
Web应用安全防护/安全漏洞/高性能/高效防护/PowerRASP/快速阻挡0dayKey words
Web application security protection/security vulnerability/high performance/effective protection/PowerRASP/quickly blocking 0day分类
电子信息工程引用本文复制引用
何成刚,丁宏强..PowerRASP:基于RASP的高性能Web安全防护方法研究[J].现代电子技术,2025,48(9):93-103,11.基金项目
安徽理工大学高层次人才引进项目(2023gccrc120) (2023gccrc120)
安徽博士后科研项目资助(2024C931) (2024C931)
安徽省质量工程项目(2023cyts013) (2023cyts013)
安徽理工大学研究生教育教学项目(2024yjy009) (2024yjy009)
国家自然科学基金项目(61572030) (61572030)
国家自然科学基金项目(61673020) (61673020)
