本文選題：智能建筑管理系統(tǒng) + 木馬��； 參考：《哈爾濱工程大學》2014年碩士論文

【摘要】：隨著計算機、控制與通訊技術的提高,智能建筑已經(jīng)成為成熟的可以實現(xiàn)的目標。采用一個統(tǒng)一的管理平臺對智能建筑的各個子系統(tǒng)實現(xiàn)統(tǒng)一管理已經(jīng)勢在必行。對于與互聯(lián)網(wǎng)相連接的智能建筑管理系統(tǒng)的內部安全問題,針對內部網(wǎng)絡的主機和服務器存在可能被植入木馬的安全隱患問題,本文提出了相應的檢測方法,主要做了以下幾個方面的工作:首先,闡述了智能建筑管理系統(tǒng)信息安全研究背景,包括智能建筑管理系統(tǒng)的基本概念和現(xiàn)在信息網(wǎng)絡環(huán)境下信息安全的應用范圍,同時說明了木馬檢測技術在國內外的研究現(xiàn)狀以及發(fā)展趨勢,重點論述現(xiàn)代木馬病毒技術在互聯(lián)網(wǎng)上的工作機制和對互聯(lián)網(wǎng)空間安全產(chǎn)生的影響。然后,具體分析了智能建筑管理系統(tǒng)安全與特洛伊木馬工作機制。在論述了智能建筑管理系統(tǒng)的內涵和外延的基礎上,深入分析了智能建筑管理系統(tǒng)的安全問題,說明了惡意程序在智能建筑管理系統(tǒng)中可能的存在形式;介紹了特洛伊木馬的通信體系結構,分析特洛伊木馬已知的偽裝方法,在此基礎上分析了特洛伊木馬的工作原理,從而從總體上說明了特洛伊木馬的工作機制。重點研究了特洛伊木馬的網(wǎng)絡通信行為,分析了網(wǎng)絡惡意代碼常用的網(wǎng)絡通信協(xié)議,論述了現(xiàn)代木馬病毒在互聯(lián)網(wǎng)環(huán)境下的工作模式,尤其是對現(xiàn)在的主流木馬,端口反彈式木馬的通信連接方式和通信模式做了重點的分析,包括半反彈型通信連接架構、全反彈型通信連接架構以及兩種通信連接架構的比較。基于以上的理解,提取了木馬在互聯(lián)網(wǎng)模式下的基本工作模式中表現(xiàn)出的網(wǎng)絡行為特征。其次,在現(xiàn)代互聯(lián)網(wǎng)環(huán)境中,對廣泛分布的智能建筑管理系統(tǒng)的安全問題做了闡述。引入C-F模型,對C-F模型的基本概念,C-F模型的原理,C-F模型產(chǎn)生的應用都做了說明和闡述。同時,根據(jù)提取的C-F模型的特征,對智能建筑管理系統(tǒng)中可能存在的特洛伊木馬,建立檢測系統(tǒng),實現(xiàn)檢測機制。檢測特洛伊木馬網(wǎng)絡行為的識別系統(tǒng)架構,為已經(jīng)選定的各特征,建立木馬遠控軟件網(wǎng)絡行為特征的不確定表述,同時建立特洛伊木馬通信行為特征的知識庫,根據(jù)C-F模型理論的推理過程,建立檢測特洛伊木馬網(wǎng)絡行為的推理策略,建立遷移識別推理策略,并給出最終的推理結果。最后,為了驗證本文提出的在智能建筑管理系統(tǒng)網(wǎng)絡環(huán)境下,從網(wǎng)關處獲取網(wǎng)絡流量,并分析識別網(wǎng)絡流量中是否木馬遠程控制軟件的通信行為方法的有效性,選取真實的智能建筑管理系統(tǒng)網(wǎng)絡內部和外部互聯(lián)網(wǎng)通信的流量數(shù)據(jù),同時采用真實的特洛伊木馬惡意軟件進行木馬的通信行為數(shù)據(jù)的模擬。并將這兩類數(shù)據(jù)混合,從混合數(shù)據(jù)中識別出木馬惡意軟件的通信行為的數(shù)據(jù)。同時,采用典型特洛伊木馬程序樣本,采集其通信流量進行檢測分析,取得良好實驗結果。
[Abstract]:With the improvement of computer, control and communication technology, intelligent building has become a mature and achievable goal. It is imperative to use a unified management platform to realize the unified management of each subsystem of intelligent building. For the internal security problem of the intelligent building management system connected with the Internet, aiming at the problem that the host and server of the internal network may be implanted into the Trojan horse, this paper puts forward the corresponding detection method. The main work is as follows: firstly, the research background of information security in intelligent building management system is expounded, including the basic concept of intelligent building management system and the application scope of information security under the information network environment. At the same time, the present situation and development trend of Trojan horse detection technology at home and abroad are explained, and the working mechanism of modern Trojan horse virus technology on the Internet and its influence on the security of Internet space are discussed. Then, the security of intelligent building management system and Trojan horse working mechanism are analyzed concretely. Based on the discussion of the connotation and extension of the intelligent building management system, the security problems of the intelligent building management system are deeply analyzed, and the possible forms of malicious programs in the intelligent building management system are explained. This paper introduces the communication system structure of the Trojan horse, analyzes the known camouflage method of the Trojan horse, analyzes the working principle of the Trojan horse on this basis, and explains the working mechanism of the Trojan horse in general. This paper mainly studies the network communication behavior of Trojan horse, analyzes the network communication protocol commonly used in network malicious code, and discusses the working mode of modern Trojan horse virus in Internet environment, especially for the current mainstream Trojan horse. The communication connection mode and communication mode of port rebound Trojan are analyzed, including the semi-rebound communication connection architecture, the full bounce communication connection architecture and the comparison between the two communication connection architectures. Based on the above understanding, the characteristics of network behavior of Trojan horse in the basic working mode of Internet mode are extracted. Secondly, in the modern Internet environment, the security of the widely distributed intelligent building management system is expounded. With the introduction of C-F model, the basic concept of C-F model and the principle of C-F model are introduced. At the same time, according to the features of the C-F model extracted, the Trojan horse which may exist in the intelligent building management system is used to establish the detection system and realize the detection mechanism. To detect the network behavior recognition system architecture of Trojan Horse, to establish the uncertain expression of network behavior characteristics of Trojan Horse remote control software, and to establish the knowledge base of the communication behavior characteristics of Trojan Horse, According to the reasoning process of C-F model theory, the inference strategy to detect the network behavior of Trojan horse is established, and the inference strategy of migration identification is established, and the final inference result is given. Finally, in order to verify the effectiveness of the method proposed in this paper to obtain the network traffic from the gateway under the network environment of intelligent building management system, and to analyze the effectiveness of the communication behavior method to identify whether the Trojan horse remote control software in the network traffic. The internal and external Internet traffic data of real intelligent building management system are selected, and the real malware of Trojan horse is used to simulate the communication behavior data of Trojan horse. The two kinds of data are mixed to identify the communication behavior data of Trojan malware from the mixed data. At the same time, the sample of Trojan horse program is used to detect and analyze its communication flow, and good experimental results are obtained.
【學位授予單位】：哈爾濱工程大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP309;TU855

【參考文獻】

相關期刊論文 前5條

1 蔡博;康書碩;李洪強;董文靜;韓杰;張國強;;基于天然氣基分布式能源系統(tǒng)智能建筑能源物聯(lián)網(wǎng)研究[J];工程熱物理學報;2012年12期

2 李小玲;郭長國;李小勇;王懷民;;一種基于約束優(yōu)化的虛擬網(wǎng)絡映射方法[J];計算機研究與發(fā)展;2012年08期

3 王天佐;王懷民;劉波;史佩昌;;僵尸網(wǎng)絡中的關鍵問題[J];計算機學報;2012年06期

4 劉豫;王明華;蘇璞睿;馮登國;;基于動態(tài)污點分析的惡意代碼通信協(xié)議逆向分析方法[J];電子學報;2012年04期

5 李德毅,劉常昱,杜瀊,韓旭;不確定性人工智能[J];軟件學報;2004年11期

相關碩士學位論文 前1條

1 楊新柱;可執(zhí)行文件格式分析與應用[D];北京郵電大學;2009年

，

本文編號：2022081