本文選題：蜜罐 + 誘餌文檔��； 參考：《北京郵電大學》2014年碩士論文

【摘要】：隨著信息技術與網絡技術的快速發(fā)展,人類社會已經走進信息時代,而信息安全是這一新時代下的重要話題。面對日益嚴重的內部威脅,以防火墻、IDS等防御產品為主的被動防御體系表現不佳。而以蜜罐、蜜網、誘捕文檔等誘捕資源為主的主動防御體系,成為防御內部威脅的有效手段。面對誘捕網絡中產生的大量安全日志信息,如何將這些分散的信息及時地匯總、分析是目前誘捕網絡安全事件分析領域亟待解決的問題。 針對以上問題,本文面向誘捕網絡產生的大量安全事件進行可視分析技術研究,設計并實現了一個誘捕網絡安全事件可視分析平臺,具體工作如下： (1)針對誘捕網絡安全事件多樣性的特點,本文給出了誘捕網絡安全事件統(tǒng)一形式化描述方法,該方法將誘捕網絡安全事件定義為公有屬性與擴展屬性的集合,有效地解決了誘捕網絡安全事件異構問題。 (2)在數據存儲層,本文使用可擴展數據庫很好地解決不同安全事件擴展屬性的存儲問題,設計并實現了誘捕網絡安全事件的統(tǒng)一存儲模型,并為誘捕網絡安全事件的擴展屬性提供數據訪問接口,該接口提供自動生成數據庫SQL的支持,并且使用緩存機制,可以大大提高數據庫的訪問效率。 (3)針對誘捕網絡中蜜罐分布式部署的特點,本文設計了基于發(fā)布／訂閱機制的數據收集框架。該框架可以將各個蜜罐捕獲的安全日志信息實時地收集到后端服務器。 (4)設計并實現了面向誘捕網絡安全事件流的可視分析平臺,該平臺對實時監(jiān)控誘捕網絡安全事件提供支持,并提供友好的安全事件分析界面。通過實際的案例分析,該平臺可以幫助分析人員發(fā)現和理解攻擊者的攻擊方法以及攻擊意圖。
[Abstract]:With the rapid development of information technology and network technology, human society has entered the information age, and information security is an important topic in this new era. In the face of increasingly serious internal threats, passive defense systems, such as firewall IDS and other defense products, perform poorly. The active defense system with honeypot, honey net, entrapment document and other entrapment resources has become an effective means to defend the internal threat. In the face of a large amount of security log information generated in entrapment network, how to collect these scattered information in time and analyze them is an urgent problem to be solved in the field of trapping network security event analysis. Aiming at the above problems, this paper studies the visual analysis technology of a large number of security events generated by entrapment network, and designs and implements a visual analysis platform for trapping network security events. The specific work is as follows: 1) in view of the diversity of entrapment network security events, this paper presents a unified formal description method of entrapment network security events, which defines trapping network security events as a set of public attributes and extended attributes. It effectively solves the heterogeneous problem of trapping network security events. In the data storage layer, the scalable database is used to solve the storage problem of different security event extension attributes, and the unified storage model of trapping network security events is designed and implemented. It also provides a data access interface for the extended attributes of entrapment network security events. The interface provides the support of automatically generating database SQL and using cache mechanism can greatly improve the efficiency of database access. According to the characteristics of honeypot distributed deployment in trapping network, this paper designs a data collection framework based on publish / subscribe mechanism. The security log information captured by each honeypot can be collected to the back-end server in real time. A visual analysis platform for trapping network security event flow is designed and implemented. The platform supports real-time monitoring of trapping network security events and provides a friendly security event analysis interface. Through practical case analysis, the platform can help analysts to discover and understand the attack method and intention of the attacker.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前3條

1 鄧偉華;;SAAS應用的數據模型研究與設計[J];電腦編程技巧與維護;2009年08期

2 木淼鑫;;從索尼泄密看云計算安全[J];中國傳媒科技;2011年05期

3 朱海嬌;;從“維基解密”事件反思數據信息的保護[J];信息網絡安全;2011年02期

相關博士學位論文 前1條

1 王莉;網絡多步攻擊識別方法研究[D];華中科技大學;2007年

，

本文編號：1838211