【摘要】：隨著互聯(lián)網(wǎng)技術在各領域的廣泛應用,信息安全問題也隨之而來,且越來越受到關注。以高級滲透和傳播技術為手段,具有極強隱蔽性以及持久性特點的APT(高級持續(xù)性威脅)攻擊已成為目前威脅網(wǎng)絡安全的極大隱患。針對APT這一信息安全領域的熱點問題,本文以APT攻擊中各階段所使用的典型隱蔽通信為研究對象,設計實現(xiàn)若干種隱蔽通信方法,并進行試驗驗證和分析,所研究方法可為APT數(shù)據(jù)流建模與分析提供技術支持。論文開展的主要研究工作如下:(1)根據(jù)APT攻擊的特點,借鑒已有的攻擊鏈模型,對APT攻擊各階段潛在的隱蔽通信方法進行深入分析;(2)CC(控制和命令服務器)地址獲取是潛入網(wǎng)絡的惡意節(jié)點實施隱蔽通信所需要解決的首要問題。本文首先對傳統(tǒng)地址獲取方法進行了詳細的介紹,接著介紹了常用的DGA(域名生成算法)方法原理及現(xiàn)有檢測方法。在此基礎上,指出DGA安全性上的不足,設計實現(xiàn)了一種基于網(wǎng)頁信息隱藏的CC地址獲取方法;(3)數(shù)據(jù)搬運主要依靠偽裝通信技術,偽裝分為基于行為的偽裝以及基于協(xié)議的偽裝。針對基于行為的偽裝,本文提出了一種基于門限密碼的多網(wǎng)盤分存數(shù)據(jù)搬運方法,該方法包括了數(shù)據(jù)分塊算法的設計和數(shù)據(jù)分存協(xié)議的設計,分塊算法主要采用的基于門限秘密共享的方法,分存協(xié)議實現(xiàn)了攻擊節(jié)點與網(wǎng)盤的交互,最后基于網(wǎng)盤的開源API設計搭建系統(tǒng),驗證了本文所提出方法的可行性和有效性。(4)針對協(xié)議偽裝隱蔽通信,本文設計實現(xiàn)了一種基于SSL協(xié)議的偽裝通信。該方法在原有SSL協(xié)議基礎上,針對典型應用從數(shù)據(jù)包的行為序列、長度序列、時間序列進行分析和建模,使得所構建偽裝通信與正常通信具有較高的相似度。論文最后對全文進行了總結,并對未來進一步值得研究的問題進行了展望。
[Abstract]:With the wide application of Internet technology in various fields, the problem of information security has been paid more and more attention. APT (Advanced persistent threat) attack, which takes advanced penetration and communication technology as the means, has the characteristics of strong concealment and persistence, which has become a great hidden danger to the network security at present. Aiming at the hot issue of APT in the field of information security, this paper takes the typical covert communication used in each stage of APT attack as the research object, designs and implements a number of covert communication methods, and carries out experimental verification and analysis. The method can provide technical support for modeling and analysis of APT data stream. The main research work of this paper is as follows: (1) according to the characteristics of APT attack, the existing attack chain model is used for reference. The potential covert communication methods in each stage of APT attack are deeply analyzed. (2) CC (control and command server address acquisition is the most important problem to be solved for malicious nodes sneaking into the network to implement covert communication. In this paper, the traditional address acquisition method is introduced in detail, and then the principle of DGA (Domain name Generation algorithm) and the existing detection methods are introduced. On this basis, this paper points out the shortcomings of DGA security, designs and implements a CC address acquisition method based on web page information hiding. (3) data handling mainly depends on camouflage communication technology, camouflage is divided into Behavior-based camouflage and Protocol-based camouflage. Aiming at the behavior based camouflage, this paper proposes a threshold cipher based data handling method for multi-disk sharing, which includes the design of the data partitioning algorithm and the design of the data sharing protocol. The partition algorithm is mainly based on the threshold secret sharing method. The sharing protocol realizes the interaction between the attack node and the network disk. Finally, the open source API based on the network disk is designed to build the system. The feasibility and effectiveness of the proposed method are verified. (4) A camouflage communication based on SSL protocol is designed and implemented for the camouflage covert communication. Based on the original SSL protocol, this method analyzes and models the behavior sequence, length sequence and time series of the typical applications, which makes the camouflage communication have a high similarity with the normal communication. At the end of the paper, the paper summarizes the whole paper and looks forward to the problems worth further study in the future.
【學位授予單位】：江蘇科技大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 鄭威;蘭少華;樹雅倩;朱書宏;;基于HTTP請求行為的組合式隱蔽信道的構造研究[J];計算機應用與軟件;2016年11期

2 張小松;牛偉納;楊國武;卓中流;呂鳳毛;;基于樹型結構的APT攻擊預測方法[J];電子科技大學學報;2016年04期

3 梁亦清;林嘉靖;孫嘉敏;;反彈端口在遠程控制軟件中的應用與實現(xiàn)[J];電腦知識與技術;2016年06期

4 吳成茂;;直方圖均衡化的數(shù)學模型研究[J];電子學報;2013年03期

5 楊岳湘;鄧文平;鄧勁生;李陽;;基于云存儲的網(wǎng)盤系統(tǒng)架構及關鍵技術研究[J];電信科學;2012年10期

6 谷傳征;王軼駿;薛質(zhì);;基于DNS協(xié)議的隱蔽信道研究[J];信息安全與通信保密;2011年12期

7 劉資茂;李芝棠;李戰(zhàn)春;李冬;方平;;基于代理控制力的Fast-Flux僵尸網(wǎng)絡檢測方法[J];廣西大學學報(自然科學版);2011年S1期

8 侯文濱;吳成茂;;基于Arnold變換的圖像分存加密方法[J];計算機應用;2011年10期

9 朱奎龍;侯麗敏;;抗解壓縮/壓縮攻擊的MP3壓縮域音頻水印[J];上海大學學報(自然科學版);2008年04期

10 游韻;喻占武;;基于橢圓曲線公鑰算法的SSL協(xié)議分析和實現(xiàn)[J];微計算機信息;2006年30期

相關博士學位論文 前1條

1 焦棟;門限秘密共享策略及其應用研究[D];大連理工大學;2014年

相關碩士學位論文 前5條

1 佟海奇;面向未知木馬的APT攻擊檢測方法研究[D];北京郵電大學;2015年

2 章思宇;基于DNS流量的惡意軟件域名挖掘[D];上海交通大學;2014年

3 康樂;基于DNS數(shù)據(jù)流的僵尸網(wǎng)絡檢測技術研究[D];哈爾濱工業(yè)大學;2011年

4 王立彥;HTTPS協(xié)議中間人攻擊的實現(xiàn)與防御[D];東北大學;2011年

5 文志軍;基于ICMP協(xié)議的控守系統(tǒng)研究與實現(xiàn)[D];解放軍信息工程大學;2009年

，

本文編號：2186560