本文選題：網(wǎng)絡(luò)攻擊 + 入侵檢測系統(tǒng)�。� 參考：《北京郵電大學(xué)》2017年碩士論文

【摘要】：網(wǎng)絡(luò)攻擊現(xiàn)象的頻發(fā)性使得網(wǎng)絡(luò)安全問題變得不容小覷,針對網(wǎng)絡(luò)攻擊行為,傳統(tǒng)的防御手段大部分采用被動防御策略,由網(wǎng)絡(luò)管理員制定一定的安全策略,并在此基礎(chǔ)上建立支撐策略的安全模型,例如防火墻技術(shù)等。但實際上,我們需要全面深入了解并分析不法分子的攻擊行為,爭取從被動防御到主動遏制,而網(wǎng)絡(luò)攻擊樣本生成技術(shù)正是一種主動遏制手段。現(xiàn)階段的攻擊樣本生成技術(shù)大多是搭建攻擊場景,并使用攻擊工具或惡意代碼等發(fā)起攻擊,從而生成攻擊流量,最后將流量保存下來作為攻擊樣本文件。但這種方式受限于攻擊場景的搭建,往往缺少攻擊方式多樣性以及真實性。因此,本文提出并實現(xiàn)了一種基于入侵檢測技術(shù)的攻擊樣本生成系統(tǒng),系統(tǒng)能夠高速捕獲網(wǎng)絡(luò)數(shù)據(jù)包并將其緩存,然后對數(shù)據(jù)包準(zhǔn)確進(jìn)行分析檢測,將攻擊流生成樣本。本文介紹的攻擊樣本生成系統(tǒng)以入侵檢測技術(shù)為攻擊檢測平臺,實現(xiàn)了數(shù)據(jù)流預(yù)處理、數(shù)據(jù)報文緩存、完整數(shù)據(jù)流保存等功能。攻擊樣本生成系統(tǒng)將捕獲的數(shù)據(jù)包按照五元組信息即源IP、目的IP、協(xié)議、源端口、目的端口組合成數(shù)據(jù)流,對網(wǎng)絡(luò)數(shù)據(jù)流進(jìn)行預(yù)處理,并使用HASH函數(shù)對數(shù)據(jù)流五元組內(nèi)容進(jìn)行哈希映射,將數(shù)據(jù)流存放到哈希表結(jié)構(gòu)中,然后對捕獲的數(shù)據(jù)包進(jìn)行攻擊檢測,當(dāng)系統(tǒng)檢測到某個數(shù)據(jù)包攜帶攻擊特征后,把哈希表結(jié)構(gòu)中當(dāng)前數(shù)據(jù)流緩存的所有網(wǎng)絡(luò)數(shù)據(jù)報文寫入到樣本文件中,生成攻擊樣本。同時為了避免無用流占用哈希表內(nèi)存資源,系統(tǒng)使用最近最久未使用的超時策略對哈希表的數(shù)據(jù)流進(jìn)行管理,并使用守護(hù)線程對數(shù)據(jù)流進(jìn)行超時檢測,若發(fā)現(xiàn)哈希表中存在超時數(shù)據(jù)流,則將數(shù)據(jù)流移除哈希表。
[Abstract]:The frequent occurrence of network attack makes the network security problem not to be underestimated. In view of the network attack behavior, most of the traditional defense methods adopt passive defense strategy, and the network administrator formulates a certain security policy. On this basis, the security model of supporting policy, such as firewall technology, is established. However, in fact, we need to understand and analyze the attacking behavior of the illegal elements thoroughly and deeply, and strive for the passive defense to the active containment, and the network attack sample generation technology is a kind of active containment means. At this stage, most of the attack sample generation techniques are to set up attack scenarios, and use attack tools or malicious code to launch attacks to generate attack traffic, and finally save the traffic as attack sample files. However, this approach is limited by the construction of attack scenes, and often lacks the diversity and authenticity of attack methods. Therefore, this paper proposes and implements an attack sample generation system based on intrusion detection technology. The system can capture and cache the network data packets at high speed, and then analyze and detect the packets accurately and generate the samples from the attack flow. The attack sample generation system introduced in this paper takes the intrusion detection technology as the attack detection platform and realizes the functions of data stream preprocessing data message cache and complete data stream preservation. The attack sample generation system combines the captured data packets into data streams according to the five-tuple information, namely source IPs, destination IPs, protocols, source ports and destination ports, and preprocesses the network data streams. The hash function is used to hash the five-tuple contents of the data stream, and the data stream is stored in the hash table structure. Then, the captured packets are detected for attack. When the system detects the attack characteristics of a packet, the system detects the attack characteristics of the data packet. All network data packets cached from the current data stream in the hash table structure are written to the sample file to generate attack samples. At the same time, in order to avoid the unwanted stream occupying the hash table memory resource, the system uses the most recent unused timeout policy to manage the data flow of the hash table, and uses the daemon thread to detect the timeout of the data stream. Remove the hash table if a timeout data stream is found in the hash table.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 王率;;網(wǎng)絡(luò)欺騙和嗅探技術(shù)研究[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2013年09期

2 楊新宇;楊樹森;李娟;;基于非線性預(yù)處理網(wǎng)絡(luò)流量預(yù)測方法的泛洪型DDoS攻擊檢測算法[J];計算機(jī)學(xué)報;2011年02期

3 孫知信;姜舉良;焦琳;;DDOS攻擊檢測和防御模型[J];軟件學(xué)報;2007年09期

4 閆麗麗;涂天祿;周興濤;;Libpcap數(shù)據(jù)包捕獲機(jī)制剖析與研究[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2006年04期

5 楊嶸,張國清,韋衛(wèi),李仰耀;基于NetFlow流量分析的網(wǎng)絡(luò)攻擊行為發(fā)現(xiàn)[J];計算機(jī)工程;2005年13期

6 蔣衛(wèi)華,李偉華,杜君;緩沖區(qū)溢出攻擊:原理,防御及檢測[J];計算機(jī)工程;2003年10期

7 蔣建春,馬恒太,任黨恩,卿斯?jié)h;網(wǎng)絡(luò)安全入侵檢測:研究綜述[J];軟件學(xué)報;2000年11期

相關(guān)碩士學(xué)位論文 前3條

1 徐友強;異常網(wǎng)絡(luò)行為樣本自動提取技術(shù)研究[D];北方工業(yè)大學(xué);2015年

2 喬思遠(yuǎn);基于DMA_ring的高速網(wǎng)絡(luò)報文捕獲機(jī)制的實現(xiàn)及應(yīng)用[D];山東大學(xué);2007年

3 董萌;面向攻擊樣本捕獲的蜜場技術(shù)研究[D];哈爾濱工業(yè)大學(xué);2006年

，

本文編號：2102548