發(fā)布時間：2018-04-17 03:34

  本文選題：網(wǎng)絡(luò)安全 + 拒絕服務(wù)攻擊�。� 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：目前,互聯(lián)網(wǎng)的高速發(fā)展和成功已經(jīng)對社會各方面基礎(chǔ)服務(wù)的運(yùn)作方式產(chǎn)生了深刻的影響和改變。在當(dāng)前的社會中,世界已經(jīng)對互聯(lián)網(wǎng)有著極大的依賴,互聯(lián)網(wǎng)也逐漸成為了信息社會中的主要基礎(chǔ)設(shè)施。因此,互聯(lián)網(wǎng)的安全性對社會的經(jīng)濟(jì)正常運(yùn)行和發(fā)展具有非常關(guān)鍵的作用。然而,由于互聯(lián)網(wǎng)架構(gòu)本身所具有的缺陷以及隨著云計算的興起,特別是虛擬網(wǎng)絡(luò)的出現(xiàn),導(dǎo)致許多以互聯(lián)網(wǎng)設(shè)施和服務(wù)為目標(biāo)的網(wǎng)絡(luò)攻擊有了可乘之機(jī)。在各種攻擊當(dāng)中,拒絕服務(wù)攻擊是較為常見,且危害較大的一種,這種攻擊對互聯(lián)網(wǎng)安全有著非常大的威脅。 本文針對在物理網(wǎng)絡(luò)和虛擬網(wǎng)絡(luò)相結(jié)合的環(huán)境當(dāng)中對拒絕服務(wù)攻擊進(jìn)行溯源這一特定需求,設(shè)計和實現(xiàn)了面向虛實結(jié)合環(huán)境的IP溯源系統(tǒng),該系統(tǒng)致力于提高在虛實結(jié)合網(wǎng)絡(luò)當(dāng)中溯源的準(zhǔn)確性,適應(yīng)性,降低溯源成本,提高溯源速度。文章通過對物理網(wǎng)絡(luò)和虛擬網(wǎng)絡(luò)相結(jié)合下的特點進(jìn)行分析,并對目前已有的溯源算法的優(yōu)缺點進(jìn)行了分析和比較,明確了系統(tǒng)設(shè)計的總體和功能需求。根據(jù)需求,將系統(tǒng)劃分為三個層次,分別是跨虛實結(jié)合網(wǎng)絡(luò)溯源,虛擬域狀態(tài)溯源以及虛擬域內(nèi)溯源。跨虛實結(jié)合網(wǎng)絡(luò)溯源被用于完成確定虛實網(wǎng)絡(luò)間溯源方向,并對虛擬網(wǎng)絡(luò)和物理網(wǎng)絡(luò)的溯源結(jié)果進(jìn)行整合。虛擬域狀態(tài)溯源采用一種域狀態(tài)算法,對虛擬網(wǎng)絡(luò)在攻擊過程中所處的角色進(jìn)行判斷,為上層溯源模塊提供結(jié)果參考以節(jié)省溯源資源。虛擬域內(nèi)溯源使用虛擬機(jī)狀態(tài)更新機(jī)制對活動虛擬機(jī)的狀態(tài)進(jìn)行維護(hù),并采用一種包摘要標(biāo)記混合算法對虛擬域內(nèi)進(jìn)行溯源,能夠?qū)μ摂M網(wǎng)絡(luò)內(nèi)部的拓?fù)溥M(jìn)行動態(tài)維護(hù)和實施高效溯源。三個層次的溯源模塊組成整個虛實結(jié)合網(wǎng)絡(luò)環(huán)境下的溯源系統(tǒng),共同完成溯源任務(wù)。最后,在實驗網(wǎng)絡(luò)中搭建了攻擊環(huán)境對系統(tǒng)進(jìn)行測試,系統(tǒng)的單元功能和整體性溯源能力在測試中獲得了驗證。
[Abstract]:At present, the rapid development and success of the Internet has had a profound impact and changes on the operation of basic services in all aspects of society.In the current society, the world has been greatly dependent on the Internet, the Internet has gradually become the main infrastructure in the information society.Therefore, the security of the Internet plays a key role in the normal operation and development of social economy.However, due to the defects of the Internet architecture and the emergence of cloud computing, especially the virtual network, many network attacks targeting Internet facilities and services are available.Among all kinds of attacks, denial of service attack is one of the most common and harmful attacks, which pose a great threat to Internet security.Aiming at the specific requirement of traceability of denial-of-service attack in the environment of physical network and virtual network, this paper designs and implements IP traceability system for virtual reality environment.The system aims to improve the accuracy and adaptability of traceability, reduce traceability cost and improve traceability speed.This paper analyzes the characteristics of the combination of physical network and virtual network, analyzes and compares the advantages and disadvantages of the existing traceability algorithms, and clarifies the overall and functional requirements of the system design.According to the requirements, the system is divided into three levels, namely, cross-virtual network traceability, virtual domain state traceability and virtual domain traceability.Cross-virtual network traceability is used to determine the traceability direction between virtual network and physical network, and the traceability results of virtual network and physical network are integrated.Virtual domain state tracing uses a domain state algorithm to judge the role of virtual network in the process of attack and to provide a result reference for the upper traceability module to save traceability resources.Virtual domain traceability uses virtual machine state update mechanism to maintain the state of active virtual machine, and uses a packet digest tag hybrid algorithm to trace the source of virtual domain.It can dynamically maintain and implement efficient traceability to the internal topology of virtual network.The three levels of traceability module constitute the whole traceability system under the network environment, and complete the traceability task together.Finally, the attack environment is built in the experimental network to test the system. The unit function and the integrity traceability of the system are verified in the test.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP311.52;TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 閆巧,吳建平,江勇;網(wǎng)絡(luò)攻擊源追蹤技術(shù)的分類和展望[J];清華大學(xué)學(xué)報(自然科學(xué)版);2005年04期

相關(guān)博士學(xué)位論文 前1條

1 閻冬;IP網(wǎng)絡(luò)溯源方法及協(xié)作模式相關(guān)技術(shù)研究[D];北京郵電大學(xué);2012年

，

本文編號：1761910