本文選題：網(wǎng)絡安全 + 路由協(xié)議　； 參考：《北京郵電大學》2014年碩士論文

【摘要】：當前,相關路由協(xié)議的安全性已無法滿足日益復雜的互聯(lián)網(wǎng)環(huán)境,導致頻繁發(fā)生針對路由協(xié)議的網(wǎng)絡攻擊,網(wǎng)絡安全形勢日趨嚴峻。為了對抗日益增長的各類新型網(wǎng)絡攻擊,我們迫切需要對各類技術進行調(diào)查研究,以便快速掌握最新、最前沿的攻擊技術,并及時給出恰當?shù)念A防方案來保護通信安全。然而任何類型的網(wǎng)絡攻擊都伴隨一定的破壞度,再加上網(wǎng)絡攻擊過程的不可控制性以及結(jié)果的不可預估性,導致直接在真實環(huán)境下進行調(diào)查研究將會對現(xiàn)有系統(tǒng)造成不可恢復的破壞,因此亟需一個與真實環(huán)境相互隔離,同時具備一定規(guī)模又能真實有效的反應攻擊結(jié)果的實驗環(huán)境,在此種實驗環(huán)境下進行安全、有效、’可靠的攻擊研究。 這種實驗環(huán)境已經(jīng)有較多的先驅(qū)工作和成功經(jīng)驗,其中主要包括硬件測試床、模擬器軟件及仿真測試床三種,但搭建一套具備一定規(guī)模的硬件測試床需要極大的開銷,模擬器軟件在真實度方面存有較大的缺陷,而仿真測試床是具備真實性又能緩解開銷的一種有效的方式,因此仿真平臺也在近年來逐漸被各國所接受并迅速普及開來,故而本文將選取仿真測試床作為實驗環(huán)境,而后在仿真平臺上進行典型動態(tài)路由協(xié)議的攻擊技術研究。本文的具體工作如下： 1.借鑒美國猶他大學Emulab測試床的設計理念和系統(tǒng)架構(gòu),利用虛擬化技術、仿真技術并結(jié)合相關硬件設施(如二層交換機、服務器、串口服務器、無線AP設備等)設計并實現(xiàn)一套能進行路由協(xié)議攻擊研究的網(wǎng)絡仿真實驗平臺； 2.選取最為流行的域間路由協(xié)議BGP和域內(nèi)路由協(xié)議OSPF作為研究目標,為了研究這兩種協(xié)議在真實路由設備上的具體實現(xiàn),并觀察最真實的攻擊效果,本文在一定程度上結(jié)合路由模擬軟件來模擬實驗中所需的路由節(jié)點； 3.在仿真平臺上開展針對BGP協(xié)議的ZMW攻擊研究,通過獲取相應的攻擊參數(shù),對目標鏈路發(fā)動ZMW攻擊,研究其造成的影響,并挖掘發(fā)生路由震蕩鏈路的特征參數(shù)； 4.在仿真平臺上開展針對OSPF協(xié)議標準在計算路由表時存在的二義性漏洞攻擊,通過偽造相應的LSA報文,來達到影響路由表項的目標,并對比了不同的OSPF實施部署。
[Abstract]:At present, the security of related routing protocols can not meet the increasingly complex Internet environment, resulting in frequent network attacks against routing protocols, and the network security situation is becoming increasingly serious. In order to counter the increasing variety of new network attacks, we urgently need to investigate and study all kinds of technologies in order to quickly grasp the latest and most advanced attack techniques, and to provide appropriate prevention schemes to protect communication security. However, any type of network attack is accompanied by a certain degree of destruction, plus the process of the network attack is not controllable and the result is unpredictable. As a result of direct investigation and research in real environment, the existing system will be damaged irrecoverably. Therefore, an experimental environment that is isolated from real environment and has a certain scale and real and effective response to attack results is urgently needed. In this experimental environment, safe, effective and reliable attack research is carried out. This kind of experimental environment has already had more pioneering work and successful experience, including three kinds of hardware test bed, simulator software and simulation test bed, but building a set of hardware test bed with a certain scale requires a great deal of expense. The simulator software has some defects in the aspect of truthfulness, and the simulation test bed is an effective way to reduce the cost of the simulator. Therefore, the simulation platform has been gradually accepted and popularized by many countries in recent years. Therefore, this paper chooses the simulation test bed as the experimental environment, and then studies the attack technology of the typical dynamic routing protocol on the simulation platform. The specific work of this paper is as follows: 1. Based on the design concept and system architecture of Emulab test bed at the University of Utah, using virtualization technology, simulation technology and related hardware facilities (such as layer 2 switch, server, serial port server, etc.), Design and implement a set of network simulation experiment platform which can carry on the research of routing protocol attack. 2. The most popular inter-domain routing protocol (BGP) and intra-domain routing protocol (OSPF) are selected as the research objectives. In order to study the implementation of the two protocols on the real routing devices, and observe the most real attack effect. In this paper, to some extent combined with the routing simulation software to simulate the required routing nodes; 3. The research of ZMW attack based on BGP protocol is carried out on the simulation platform. By obtaining the corresponding attack parameters, we launch ZMW attack on the target link, study its influence, and mine the characteristic parameters of the routing oscillating link. 4. Based on the simulation platform, the ambiguity vulnerability attack of OSPF protocol standard in calculating routing table is carried out, and the target of affecting routing table items is achieved by forging corresponding LSA packets, and different OSPF implementation deployments are compared.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

中國期刊全文數(shù)據(jù)庫 前5條

1 何炎祥;劉陶;曹強;熊琦;韓奕;;低速率拒絕服務攻擊研究綜述[J];計算機科學與探索;2008年01期

2 吳志軍;岳猛;;低速率拒絕服務LDoS攻擊性能的研究[J];通信學報;2008年06期

3 陳海燕,季仲梅,李鷗,胡捍英;OSPF路由協(xié)議安全性分析及其攻擊檢測[J];微計算機信息;2005年05期

4 何炎祥;劉陶;韓奕;熊琦;曹強;;一種針對LDoS攻擊的分布式協(xié)同檢測方法[J];小型微型計算機系統(tǒng);2009年03期

5 秦董洪;陳智勇;楊家海;;基于Emulab的網(wǎng)絡仿真實驗平臺研究[J];實驗室科學;2013年03期

，

本文編號：2097143