本文選題：IPv6攻擊圖 + 滲透測試　； 參考：《北京郵電大學》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)信息技術的發(fā)展,越來越多的用戶加入了互聯(lián)網(wǎng),使得原本緊缺的IPv4地址變得更加匱乏。因此,目前大面積的部署IPv6網(wǎng)絡用以解決IPv4地址匱乏的趨勢越來越明顯。然而,基于IPv6網(wǎng)絡的安全技術研究卻跟不上時代的步伐,而傳統(tǒng)IPv4網(wǎng)絡的安全評估技術也無法復制運用在IPv6網(wǎng)絡上。為此,對IPv6網(wǎng)絡安全問題研究、IPv6網(wǎng)絡的安全評估技術研究成了一個更新的話題。經(jīng)調(diào)研發(fā)現(xiàn),日本、歐洲、美國早在90年代初期就已經(jīng)對IPv6網(wǎng)絡安全進行研究。同時,我國作為互聯(lián)網(wǎng)發(fā)展的大國,也在不斷對IPv6網(wǎng)絡發(fā)展進行跟進,譬如已經(jīng)把高校網(wǎng)絡建立成IPv6網(wǎng)絡,作為研究和實驗的基地。 本文以高校IPv6網(wǎng)絡為依托,研究了面向IPv6網(wǎng)絡的安全評估技術,主要包括對IPv6網(wǎng)絡滲透測試方法的研究,解決IPv6主機發(fā)現(xiàn)問題和滲透測試步驟的方案設計；對IPv6網(wǎng)絡特有攻擊方式的研究,了解了IPv6網(wǎng)絡存在的特有脆弱點問題；對IPv6網(wǎng)絡攻擊圖的研究,解決了IPv6網(wǎng)絡下攻擊圖自動化生成的問題；對IPv6網(wǎng)絡風險評估方法的研究,解決IPv6網(wǎng)絡評估和風險值計算的問題；以及面向IPv6網(wǎng)絡的安全態(tài)勢分析,對IPv6機構(gòu)層面、地域?qū)用妗I(yè)務系統(tǒng)層面以及威脅弱點層面的進行多層次安全態(tài)勢展示。 在實踐中,本文為了對所研究的安全評估技術進行實驗驗證,開發(fā)了面向IPv6網(wǎng)絡安全評估系統(tǒng),有助于在實戰(zhàn)中對IPv6網(wǎng)絡下的系統(tǒng)進行安全評估。系統(tǒng)包含了滲透測試模塊、弱點知識庫模塊、攻擊圖生成模塊、評估結(jié)果導出模塊以及安全態(tài)勢分析模塊。本文基于校園網(wǎng)絡搭建的模擬評估實驗環(huán)境,演示了在IPv6網(wǎng)絡下,對IPv6網(wǎng)絡下被評估主機進行掃描發(fā)現(xiàn)、滲透測試和弱點驗證,完成后將安全評估技術文檔上傳至系統(tǒng)實現(xiàn)自動化解析,之后存儲到IPv6弱點知識庫中的過程。最后,利用系統(tǒng)演示了如何進行攻擊圖的自動化生成和最終安全評估結(jié)果的導出,以及基于評估的結(jié)果對IPv6網(wǎng)絡下的弱點情況實現(xiàn)安全態(tài)勢展示。
[Abstract]:With the development of Internet information technology, more and more users join the Internet, which makes the scarce IPv4 address more scarce. Therefore, the trend of large area deployment of IPv6 network to solve the shortage of IPv4 addresses is becoming more and more obvious. However, the research of security technology based on IPv6 network can not keep up with the pace of the times, and the traditional security evaluation technology of IPv4 network can not be duplicated and applied to IPv6 network. Therefore, the research on the security evaluation technology of IPv6 network has become a new topic. After investigation, Japan, Europe, the United States as early as the early 90's on IPv6 network security has been studied. At the same time, as a big country of Internet development, our country is constantly following up the development of IPv6 network. For example, the university network has been established as a IPv6 network, as a research and experimental base. Based on the IPv6 network in colleges and universities, this paper studies the security evaluation technology for IPv6 network, including the research of the IPv6 network penetration test method, the solution to the problem of IPv6 host computer discovery and the scheme design of the penetration test steps. In this paper, we study the unique attack mode of IPv6 network, understand the unique vulnerability of IPv6 network, solve the problem of automatic generation of attack graph in IPv6 network by studying the attack graph of IPv6 network, and study the risk assessment method of IPv6 network. To solve the problems of IPv6 network evaluation and risk calculation, and the security situation analysis for IPv6 network, the multi-level security situation display of IPv6 organization level, regional level, business system level and threat vulnerability level is carried out. In practice, in order to verify the security assessment technology, a security evaluation system for IPv6 network is developed, which is helpful to evaluate the security of the system under IPv6 network in actual combat. The system includes penetration test module, vulnerability knowledge base module, attack graph generation module, evaluation result export module and security situation analysis module. Based on the simulation and evaluation experimental environment of campus network, this paper demonstrates how to scan and discover, penetrate and verify the vulnerability of the evaluated host in IPv6 network under IPv6 network. The process of uploading the technical documents of security evaluation to the system for automatic parsing and storing them in the IPv6 vulnerability knowledge base is completed. Finally, the system is used to demonstrate how to automatically generate the attack graph and derive the final security evaluation results, and realize the security situation display based on the evaluation results to the weakness situation under the IPv6 network.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08;TP393.04

【參考文獻】

相關期刊論文 前7條

1 肖道舉,楊素娟,周開鋒,陳曉蘇;網(wǎng)絡安全評估模型研究[J];華中科技大學學報(自然科學版);2002年04期

2 盧繼軍,黃劉生,吳樹峰;基于攻擊樹的網(wǎng)絡攻擊建模方法[J];計算機工程與應用;2003年27期

3 肖剛;信息技術安全評價標準的現(xiàn)狀和發(fā)展[J];計算機工程;2001年07期

4 孫亮;李東;張濤;;網(wǎng)絡攻擊圖的自動生成[J];計算機應用研究;2006年03期

5 王永杰;鮮明;劉進;王國玉;;基于攻擊圖模型的網(wǎng)絡安全評估研究[J];通信學報;2007年03期

6 陳秀真,鄭慶華,管曉宏,林晨光;網(wǎng)絡化系統(tǒng)安全態(tài)勢評估的研究[J];西安交通大學學報;2004年04期

7 吳龍生;IPv6及其相關技術[J];現(xiàn)代通信;2003年04期

，

本文編號：1910814