本文選題：IP溯源 + 網(wǎng)絡(luò)攻擊��； 參考：《北京郵電大學(xué)》2017年碩士論文

【摘要】：網(wǎng)絡(luò)IP地址溯源技術(shù)是在網(wǎng)絡(luò)攻擊的進(jìn)行過(guò)程中或在網(wǎng)絡(luò)攻擊結(jié)束之后,通過(guò)網(wǎng)絡(luò)安全的相關(guān)技術(shù)來(lái)得到網(wǎng)絡(luò)攻擊來(lái)源,分析當(dāng)前所獲得的網(wǎng)絡(luò)攻擊數(shù)據(jù)包的相關(guān)信息,來(lái)追蹤網(wǎng)絡(luò)攻擊數(shù)據(jù)包的真實(shí)源IP信息,從而構(gòu)建攻擊者到受害者之間的攻擊路徑的完整網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu),定位攻擊者物理位置的一種技術(shù)。本文提出了一種基于Teredo隧道的IPv4網(wǎng)絡(luò)和IPv6網(wǎng)絡(luò)共存的過(guò)渡網(wǎng)絡(luò)環(huán)境中對(duì)網(wǎng)絡(luò)攻擊流量進(jìn)行IP地址溯源技術(shù)的解決方案。本文采用多哈希BloomFilte算法技術(shù)降低了 BloomFilter在存儲(chǔ)過(guò)程中的沖突率。本文首先通過(guò)報(bào)文捕獲模塊將經(jīng)由路由器之間的網(wǎng)絡(luò)IP數(shù)據(jù)包獲取到當(dāng)前系統(tǒng)中,然后報(bào)文解析模塊提取網(wǎng)絡(luò)IP數(shù)據(jù)包的五元組信息,并對(duì)Teredo的網(wǎng)絡(luò)數(shù)據(jù)報(bào)文進(jìn)行解析處理,采用BloomFilter技術(shù)實(shí)現(xiàn)將五元組信息數(shù)據(jù)存儲(chǔ)在內(nèi)存中。當(dāng)BloomFilter發(fā)生沖突時(shí),則將BloomFilter內(nèi)存數(shù)據(jù)保存在本地文件,新開(kāi)辟一段內(nèi)存區(qū)存儲(chǔ)新的BloomFilter處理后的數(shù)據(jù)。當(dāng)受害者受到了網(wǎng)絡(luò)攻擊時(shí),受害者向相鄰的網(wǎng)絡(luò)攻擊溯源系統(tǒng)查詢(xún)攻擊報(bào)文是否流經(jīng)本節(jié)點(diǎn),如果流經(jīng)本節(jié)點(diǎn),則向上層節(jié)點(diǎn)進(jìn)行查詢(xún),直到找到網(wǎng)絡(luò)攻擊者的網(wǎng)絡(luò)節(jié)點(diǎn),該網(wǎng)絡(luò)節(jié)點(diǎn)將攻擊路徑信息發(fā)送給受害者主機(jī),從而完成IP溯源。
[Abstract]:Network IP address tracing technology is to obtain the source of network attack through the related technology of network security during the process of network attack or after the end of network attack, and analyze the relevant information of the current network attack packet. To trace the real source IP information of the network attack data packet, so as to construct the complete network topology of the attack path between the attacker and the victim, and to locate the physical location of the attacker. This paper presents a solution of IP address traceability for network attack traffic in a transitional network environment in which IPv4 network and IPv6 network coexist based on Teredo tunnel. In this paper, the multi-hash BloomFilte algorithm is used to reduce the collision rate of BloomFilter in stored procedures. In this paper, firstly, the IP packets between routers are captured into the current system by the packet capture module, then the five-tuple information of the IP packets is extracted by the packet parsing module, and the network data packets of Teredo are analyzed and processed. The five-tuple information data is stored in memory by BloomFilter technology. When the BloomFilter conflicts, the BloomFilter memory data is saved in the local file, and a new memory area is opened to store the new BloomFilter processed data. When the victim is attacked by a network, the victim queries the adjacent network attack traceability system to see if the attack message flows through the node, if it flows through the node, it queries the upper node until the network node of the network attacker is found. The network node sends the attack path information to the victim host to complete the IP traceability.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 朱田;陳濤;馬迪;王利明;毛偉;;基于IPv4向IPv6過(guò)渡的IP追溯技術(shù)研究[J];計(jì)算機(jī)應(yīng)用研究;2011年12期

2 董玲,陳一民,朱正江;DoS攻擊的研究與源地址追蹤[J];計(jì)算機(jī)工程與科學(xué);2004年03期

相關(guān)博士學(xué)位論文 前1條

1 李勇輝;IP網(wǎng)絡(luò)中基于數(shù)據(jù)包標(biāo)記的溯源方法研究[D];北京郵電大學(xué);2011年

，

本文編號(hào)：1886986