本文選題：IP溯源 + 網絡攻擊��； 參考：《北京郵電大學》2017年碩士論文

【摘要】：網絡IP地址溯源技術是在網絡攻擊的進行過程中或在網絡攻擊結束之后,通過網絡安全的相關技術來得到網絡攻擊來源,分析當前所獲得的網絡攻擊數據包的相關信息,來追蹤網絡攻擊數據包的真實源IP信息,從而構建攻擊者到受害者之間的攻擊路徑的完整網絡拓撲結構,定位攻擊者物理位置的一種技術。本文提出了一種基于Teredo隧道的IPv4網絡和IPv6網絡共存的過渡網絡環(huán)境中對網絡攻擊流量進行IP地址溯源技術的解決方案。本文采用多哈希BloomFilte算法技術降低了 BloomFilter在存儲過程中的沖突率。本文首先通過報文捕獲模塊將經由路由器之間的網絡IP數據包獲取到當前系統中,然后報文解析模塊提取網絡IP數據包的五元組信息,并對Teredo的網絡數據報文進行解析處理,采用BloomFilter技術實現將五元組信息數據存儲在內存中。當BloomFilter發(fā)生沖突時,則將BloomFilter內存數據保存在本地文件,新開辟一段內存區(qū)存儲新的BloomFilter處理后的數據。當受害者受到了網絡攻擊時,受害者向相鄰的網絡攻擊溯源系統查詢攻擊報文是否流經本節(jié)點,如果流經本節(jié)點,則向上層節(jié)點進行查詢,直到找到網絡攻擊者的網絡節(jié)點,該網絡節(jié)點將攻擊路徑信息發(fā)送給受害者主機,從而完成IP溯源。
[Abstract]:Network IP address tracing technology is to obtain the source of network attack through the related technology of network security during the process of network attack or after the end of network attack, and analyze the relevant information of the current network attack packet. To trace the real source IP information of the network attack data packet, so as to construct the complete network topology of the attack path between the attacker and the victim, and to locate the physical location of the attacker. This paper presents a solution of IP address traceability for network attack traffic in a transitional network environment in which IPv4 network and IPv6 network coexist based on Teredo tunnel. In this paper, the multi-hash BloomFilte algorithm is used to reduce the collision rate of BloomFilter in stored procedures. In this paper, firstly, the IP packets between routers are captured into the current system by the packet capture module, then the five-tuple information of the IP packets is extracted by the packet parsing module, and the network data packets of Teredo are analyzed and processed. The five-tuple information data is stored in memory by BloomFilter technology. When the BloomFilter conflicts, the BloomFilter memory data is saved in the local file, and a new memory area is opened to store the new BloomFilter processed data. When the victim is attacked by a network, the victim queries the adjacent network attack traceability system to see if the attack message flows through the node, if it flows through the node, it queries the upper node until the network node of the network attacker is found. The network node sends the attack path information to the victim host to complete the IP traceability.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前2條

1 朱田;陳濤;馬迪;王利明;毛偉;;基于IPv4向IPv6過渡的IP追溯技術研究[J];計算機應用研究;2011年12期

2 董玲,陳一民,朱正江;DoS攻擊的研究與源地址追蹤[J];計算機工程與科學;2004年03期

相關博士學位論文 前1條

1 李勇輝;IP網絡中基于數據包標記的溯源方法研究[D];北京郵電大學;2011年

，

本文編號：1886986