【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的日益發(fā)展,越來越多的終端設(shè)備加入到了網(wǎng)絡(luò)空間中,網(wǎng)絡(luò)攝像頭、網(wǎng)絡(luò)打印機、數(shù)字媒體設(shè)備、智能家電等新興設(shè)備使網(wǎng)絡(luò)空間變得繽紛復(fù)雜。對終端設(shè)備進(jìn)行精準(zhǔn)識別,不僅能幫助網(wǎng)絡(luò)管理員及時核查網(wǎng)絡(luò)資產(chǎn),還可以將設(shè)備信息與漏洞信息相關(guān)聯(lián),及時地發(fā)現(xiàn)潛在的安全風(fēng)險,避免被不法分子攻擊。因此設(shè)備識別對網(wǎng)絡(luò)安全預(yù)警與安全評估有著重要的意義。本文主要描述一款基于設(shè)備識別的網(wǎng)絡(luò)掃描工具Kscan的設(shè)計與實現(xiàn)。Kscan網(wǎng)絡(luò)掃描工具通過主動探測的手段,對未知網(wǎng)絡(luò)終端設(shè)備進(jìn)行掃描,獲取目標(biāo)設(shè)備的端口開放情況,使用應(yīng)用層協(xié)議和服務(wù)組件信息,操作系統(tǒng)信息,設(shè)備的產(chǎn)品信息等進(jìn)行探測。掃描的數(shù)據(jù)將存儲在公司重要產(chǎn)品威脅情報平臺的后端數(shù)據(jù)中心。Kscan根據(jù)不同的應(yīng)用層協(xié)議或者服務(wù)組件,發(fā)送不同的數(shù)據(jù)包來獲取目標(biāo)設(shè)備的應(yīng)答B(yǎng)anner數(shù)據(jù),根據(jù)Banner中的特征字段與指紋庫中的設(shè)備指紋的匹配結(jié)果來完成設(shè)備識別。Kscan在探測操作系統(tǒng)時,利用TCP/IP協(xié)議棧指紋技術(shù),通過發(fā)送一系列特殊的網(wǎng)絡(luò)探測包來獲取目標(biāo)操作系統(tǒng)的TCP/IP協(xié)議棧特征,之后將其特征與操作系統(tǒng)指紋庫中的指紋相匹配并得出結(jié)果。本文從Kscan掃描工具的掃描需求出發(fā),詳細(xì)描述了 Kscan的總體架構(gòu)設(shè)計與各個模塊的詳細(xì)設(shè)計與關(guān)鍵的實現(xiàn)細(xì)節(jié)。在詳細(xì)設(shè)計中,針對五種設(shè)備識別率較高的應(yīng)用層協(xié)議和三種網(wǎng)絡(luò)組件進(jìn)行了分析,給出如何通過它們來進(jìn)行設(shè)備識別的方法。此外還詳細(xì)介紹了 Kscan所使用的探測技術(shù)和掃描策略。目前Kscan支持對56種不同的應(yīng)用層協(xié)議和服務(wù)組件的掃描以及50種類型的終端設(shè)備的識別。Kscan目前正在向工控設(shè)備識別領(lǐng)域的方向擴(kuò)展,指紋庫也將不斷地被擴(kuò)充。
[Abstract]:With the development of Internet technology, more and more terminal devices are added to the network space. The network camera, network printer, digital media equipment, intelligent home appliances and other new devices make the network space colorful and complex. The accurate identification of terminal equipment can not only help the network administrator to check the network assets in time, but also can link the equipment information with the vulnerability information, discover the potential security risk in time, and avoid being attacked by illegal elements. Therefore, equipment identification plays an important role in network security early warning and security assessment. This paper describes the design and implementation of Kscan, a network scanning tool based on device identification. By means of active detection, the unknown network terminal equipment is scanned, and the port opening of the target device is obtained. Use application layer protocol and service component information, operating system information, equipment product information and so on. The scanned data will be stored in the back-end data center of the company's critical product threat intelligence platform. Kscan sends different packets to obtain the target device's response Banner data based on different application layer protocols or service components. According to the matching result between the characteristic fields in Banner and the fingerprint of devices in fingerprint database, the device identification. Kscan is realized by using TCP/IP protocol stack fingerprint technology when detecting the operating system. The TCP/IP stack features of the target operating system are obtained by sending a series of special network detection packets, which are then matched with the fingerprints in the operating system fingerprint database and the results are obtained. Based on the scanning requirements of Kscan scanning tools, this paper describes in detail the overall architecture design of Kscan, the detailed design of each module and the key implementation details. In the detailed design, five kinds of application layer protocols with high recognition rate and three kinds of network components are analyzed, and the methods of device identification through them are given. In addition, the detection technology and scanning strategy used by Kscan are introduced in detail. At present, Kscan supports the scanning of 56 different application layer protocols and service components and the identification of 50 types of terminal devices. KScan is currently expanding to the field of industrial control equipment identification, and the fingerprint database will be continuously expanded.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 蔣衛(wèi)華,李偉華,杜君;網(wǎng)絡(luò)掃描隱蔽性分析[J];計算機應(yīng)用研究;2003年12期

2 趙漢云;陸松年;齊開悅;;網(wǎng)絡(luò)掃描技術(shù)的智能化研究[J];計算機應(yīng)用與軟件;2008年03期

3 劉敏,過曉冰,伍衛(wèi)國,錢德沛;針對網(wǎng)絡(luò)掃描的監(jiān)測系統(tǒng)[J];計算機工程;2002年07期

4 宣蕾,蘇金樹,盧錫城;網(wǎng)絡(luò)掃描權(quán)限證書機制研究[J];計算機工程與科學(xué);2003年04期

5 葉成緒;關(guān)于網(wǎng)絡(luò)掃描及對應(yīng)的監(jiān)測系統(tǒng)[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2003年09期

6 喻飛 ,安吉堯 ,李仁發(fā) ,徐成;以太網(wǎng)中網(wǎng)絡(luò)掃描原理與檢測[J];微型機與應(yīng)用;2004年07期

7 王毅;;網(wǎng)絡(luò)掃描技術(shù)的分析及實現(xiàn)[J];洛陽師范學(xué)院學(xué)報;2007年05期

8 謝健;;視頻服務(wù)體系中網(wǎng)絡(luò)掃描系統(tǒng)的設(shè)計[J];能源技術(shù)與管理;2008年02期

9 潘軍;曹煦;;淺談網(wǎng)絡(luò)掃描技術(shù)[J];硅谷;2010年09期

10 汪慶蓮;;網(wǎng)絡(luò)掃描系統(tǒng)的設(shè)計與實現(xiàn)[J];湖北第二師范學(xué)院學(xué)報;2010年08期

相關(guān)會議論文 前1條

1 李晨e，

本文編號：2160111