本文選題：蜜罐 + 誘餌文檔　； 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：隨著信息技術(shù)與網(wǎng)絡(luò)技術(shù)的快速發(fā)展,人類社會(huì)已經(jīng)走進(jìn)信息時(shí)代,而信息安全是這一新時(shí)代下的重要話題。面對(duì)日益嚴(yán)重的內(nèi)部威脅,以防火墻、IDS等防御產(chǎn)品為主的被動(dòng)防御體系表現(xiàn)不佳。而以蜜罐、蜜網(wǎng)、誘捕文檔等誘捕資源為主的主動(dòng)防御體系,成為防御內(nèi)部威脅的有效手段。面對(duì)誘捕網(wǎng)絡(luò)中產(chǎn)生的大量安全日志信息,如何將這些分散的信息及時(shí)地匯總、分析是目前誘捕網(wǎng)絡(luò)安全事件分析領(lǐng)域亟待解決的問(wèn)題。 針對(duì)以上問(wèn)題,本文面向誘捕網(wǎng)絡(luò)產(chǎn)生的大量安全事件進(jìn)行可視分析技術(shù)研究,設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)誘捕網(wǎng)絡(luò)安全事件可視分析平臺(tái),具體工作如下： (1)針對(duì)誘捕網(wǎng)絡(luò)安全事件多樣性的特點(diǎn),本文給出了誘捕網(wǎng)絡(luò)安全事件統(tǒng)一形式化描述方法,該方法將誘捕網(wǎng)絡(luò)安全事件定義為公有屬性與擴(kuò)展屬性的集合,有效地解決了誘捕網(wǎng)絡(luò)安全事件異構(gòu)問(wèn)題。 (2)在數(shù)據(jù)存儲(chǔ)層,本文使用可擴(kuò)展數(shù)據(jù)庫(kù)很好地解決不同安全事件擴(kuò)展屬性的存儲(chǔ)問(wèn)題,設(shè)計(jì)并實(shí)現(xiàn)了誘捕網(wǎng)絡(luò)安全事件的統(tǒng)一存儲(chǔ)模型,并為誘捕網(wǎng)絡(luò)安全事件的擴(kuò)展屬性提供數(shù)據(jù)訪問(wèn)接口,該接口提供自動(dòng)生成數(shù)據(jù)庫(kù)SQL的支持,并且使用緩存機(jī)制,可以大大提高數(shù)據(jù)庫(kù)的訪問(wèn)效率。 (3)針對(duì)誘捕網(wǎng)絡(luò)中蜜罐分布式部署的特點(diǎn),本文設(shè)計(jì)了基于發(fā)布／訂閱機(jī)制的數(shù)據(jù)收集框架。該框架可以將各個(gè)蜜罐捕獲的安全日志信息實(shí)時(shí)地收集到后端服務(wù)器。 (4)設(shè)計(jì)并實(shí)現(xiàn)了面向誘捕網(wǎng)絡(luò)安全事件流的可視分析平臺(tái),該平臺(tái)對(duì)實(shí)時(shí)監(jiān)控誘捕網(wǎng)絡(luò)安全事件提供支持,并提供友好的安全事件分析界面。通過(guò)實(shí)際的案例分析,該平臺(tái)可以幫助分析人員發(fā)現(xiàn)和理解攻擊者的攻擊方法以及攻擊意圖。
[Abstract]:With the rapid development of information technology and network technology, human society has entered the information age, and information security is an important topic in this new era. In the face of increasingly serious internal threats, passive defense systems, such as firewall IDS and other defense products, perform poorly. The active defense system with honeypot, honey net, entrapment document and other entrapment resources has become an effective means to defend the internal threat. In the face of a large amount of security log information generated in entrapment network, how to collect these scattered information in time and analyze them is an urgent problem to be solved in the field of trapping network security event analysis. Aiming at the above problems, this paper studies the visual analysis technology of a large number of security events generated by entrapment network, and designs and implements a visual analysis platform for trapping network security events. The specific work is as follows: 1) in view of the diversity of entrapment network security events, this paper presents a unified formal description method of entrapment network security events, which defines trapping network security events as a set of public attributes and extended attributes. It effectively solves the heterogeneous problem of trapping network security events. In the data storage layer, the scalable database is used to solve the storage problem of different security event extension attributes, and the unified storage model of trapping network security events is designed and implemented. It also provides a data access interface for the extended attributes of entrapment network security events. The interface provides the support of automatically generating database SQL and using cache mechanism can greatly improve the efficiency of database access. According to the characteristics of honeypot distributed deployment in trapping network, this paper designs a data collection framework based on publish / subscribe mechanism. The security log information captured by each honeypot can be collected to the back-end server in real time. A visual analysis platform for trapping network security event flow is designed and implemented. The platform supports real-time monitoring of trapping network security events and provides a friendly security event analysis interface. Through practical case analysis, the platform can help analysts to discover and understand the attack method and intention of the attacker.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 鄧偉華;;SAAS應(yīng)用的數(shù)據(jù)模型研究與設(shè)計(jì)[J];電腦編程技巧與維護(hù);2009年08期

2 木淼鑫;;從索尼泄密看云計(jì)算安全[J];中國(guó)傳媒科技;2011年05期

3 朱海嬌;;從“維基解密”事件反思數(shù)據(jù)信息的保護(hù)[J];信息網(wǎng)絡(luò)安全;2011年02期

相關(guān)博士學(xué)位論文 前1條

1 王莉;網(wǎng)絡(luò)多步攻擊識(shí)別方法研究[D];華中科技大學(xué);2007年

，

本文編號(hào)：1838211