【摘要】：隨著傳統(tǒng)互聯(lián)網(wǎng)加速向移動(dòng)互聯(lián)網(wǎng)轉(zhuǎn)型,接入網(wǎng)絡(luò)的節(jié)點(diǎn)也從以往的臺(tái)式機(jī)或筆記本轉(zhuǎn)變?yōu)楦蟊娀闹悄苁謾C(jī)。人們只需使用手機(jī)即可體驗(yàn)網(wǎng)絡(luò)帶來(lái)的各種便利性,足不出戶(hù)就能在網(wǎng)上商城購(gòu)買(mǎi)自己心儀的產(chǎn)品,或通過(guò)在線(xiàn)視頻網(wǎng)站觀看自己喜歡的影視作品等。正因?yàn)榇?網(wǎng)絡(luò)與日常生活之間的緊密性越來(lái)越強(qiáng),網(wǎng)絡(luò)服務(wù)的可用性也逐漸成為網(wǎng)絡(luò)用戶(hù)關(guān)注的焦點(diǎn)。計(jì)算機(jī)網(wǎng)絡(luò)的運(yùn)行看似穩(wěn)定、可靠,實(shí)則非常容易遭受攻擊進(jìn)而導(dǎo)致網(wǎng)絡(luò)服務(wù)癱瘓。在種類(lèi)繁雜的攻擊中,DDo S(Distributed Denial-of-service,分布式拒絕服務(wù))是一種極具破壞性、隱蔽性且易于實(shí)施的攻擊手段。它可以另被攻擊的網(wǎng)絡(luò)服務(wù)在一段時(shí)間內(nèi)無(wú)法使用,這會(huì)給用戶(hù)的網(wǎng)絡(luò)體驗(yàn)帶來(lái)極大的影響。因此,如何防御DDo S攻擊保證網(wǎng)絡(luò)服務(wù)持續(xù)可用依然是當(dāng)前互聯(lián)網(wǎng)安全中一個(gè)不可忽視的重要研究方向。首先,針對(duì)目前無(wú)法有效區(qū)分正常流量與攻擊流量的問(wèn)題,本文提出一種基于用戶(hù)行為模式的DDo S檢測(cè)方法。先以多個(gè)維度對(duì)用戶(hù)訪(fǎng)問(wèn)網(wǎng)絡(luò)資源的行為進(jìn)行建模,定義出用于判斷用戶(hù)行為是否正常的判定因子,并根據(jù)判定因子收集網(wǎng)絡(luò)中的相關(guān)統(tǒng)計(jì)數(shù)據(jù)。然后,將收集的數(shù)據(jù)利用Word2Vec向量化后使用CNN進(jìn)行分類(lèi),再利用LSTM將統(tǒng)計(jì)數(shù)據(jù)進(jìn)行深度學(xué)習(xí),以時(shí)間為單位得出正常用戶(hù)的行為模式。此后根據(jù)用戶(hù)的行為模式判斷是否發(fā)生DDo S攻擊。再者,針對(duì)現(xiàn)有許多DDo S防御研究無(wú)法適用于傳統(tǒng)網(wǎng)絡(luò)架構(gòu)的問(wèn)題,本文提出一種基于SDN的DDo S防御架構(gòu)。從攻擊預(yù)防、攻擊感知、攻擊響應(yīng)三個(gè)階段進(jìn)行全方位防御。整個(gè)架構(gòu)包括:節(jié)點(diǎn)準(zhǔn)入、行為感知、行為判定、策略管理、策略響應(yīng)等模塊。其中,節(jié)點(diǎn)準(zhǔn)入與策略管理負(fù)責(zé)網(wǎng)絡(luò)準(zhǔn)入控制,行為感知與行為判定判斷此刻網(wǎng)絡(luò)中是否存在DDo S攻擊行為,策略響應(yīng)對(duì)攻擊流量進(jìn)行相關(guān)處理。緣于SDN的控制平面與數(shù)據(jù)平面解耦和,本架構(gòu)可以與傳統(tǒng)架構(gòu)混合使用并可實(shí)現(xiàn)平滑過(guò)渡。最后本文根據(jù)上述理論研究構(gòu)建一個(gè)基于SDN的DDo S原型防御系統(tǒng),通過(guò)該系統(tǒng)驗(yàn)證、測(cè)試防御框架的可行性、可靠性以及準(zhǔn)確性。
[Abstract]:As the traditional Internet accelerates to the mobile Internet, the nodes connected to the network have changed from desktop computers or laptops to more popular smartphones. People can only use mobile phones to experience all kinds of convenience brought by the network. They can buy their favorite products in online shopping mall or watch their favorite movies and TV works through online video websites. Because of this, the closeness between the network and daily life is becoming stronger and stronger, and the usability of network services has gradually become the focus of attention of network users. The operation of computer network seems stable and reliable, but it is very vulnerable to attack and lead to network service paralysis. DDO S (Distributed Denial-of-service, distributed denial of Service (DDoS) is a very destructive, hidden and easy to implement attack method. It can not be used for a period of time, which will have a great impact on the user's network experience. Therefore, how to protect against DDo S attacks to ensure the continuous availability of network services is still an important research direction in Internet security. First of all, aiming at the problem that normal traffic and attack traffic can not be effectively distinguished at present, a DDo S detection method based on user behavior mode is proposed in this paper. Firstly, the user's behavior of accessing network resources is modeled with multiple dimensions, and the decision factors are defined to judge whether the user's behavior is normal or not, and the relevant statistical data in the network are collected according to the decision factors. Then, the collected data is classified by using Word2Vec vectorization and CNN, and then the statistical data is deeply studied by LSTM, and the normal user's behavior pattern is obtained by time unit. Then the DDo S attack is judged according to the user's behavior mode. Furthermore, to solve the problem that many existing DDo S defense research can not be applied to the traditional network architecture, this paper proposes a DDo S defense architecture based on SDN. From the attack prevention, attack perception, attack response three stages to carry on the omni-directional defense. The whole architecture includes: node access, behavior perception, behavior determination, policy management, policy response and so on. Among them, the node access and policy management is responsible for network access control, behavior perception and behavior judge whether there is an DDo S attack behavior in the network at the moment, and the policy response to deal with the attack traffic. Due to the decoupling of control plane and data plane of SDN, this architecture can be mixed with traditional architecture and can realize smooth transition. Finally, a prototype defense system of DDo S based on SDN is constructed according to the above theory. The feasibility, reliability and accuracy of the defense framework are tested by the system.
【學(xué)位授予單位】：杭州電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李?lèi)?ài)華;肖金鳳;邱朋;;粒子群算法追蹤DDoS攻擊源技術(shù)研究[J];沈陽(yáng)理工大學(xué)學(xué)報(bào);2016年02期

2 王秀磊;陳鳴;邢長(zhǎng)友;孫志;吳泉峰;;一種防御DDoS攻擊的軟件定義安全網(wǎng)絡(luò)機(jī)制[J];軟件學(xué)報(bào);2016年12期

3 王蒙蒙;劉建偉;陳杰;毛劍;毛可飛;;軟件定義網(wǎng)絡(luò):安全模型、機(jī)制及研究進(jìn)展[J];軟件學(xué)報(bào);2016年04期

4 張世軒;劉靜;賴(lài)英旭;何運(yùn);楊盼;;基于SDN構(gòu)架的DoS/DDoS攻擊檢測(cè)與防御體系[J];電子技術(shù)應(yīng)用;2015年12期

5 方峰;蔡志平;肇啟佳;林加潤(rùn);朱明;;使用Spark Streaming的自適應(yīng)實(shí)時(shí)DDoS檢測(cè)和防御技術(shù)[J];計(jì)算機(jī)科學(xué)與探索;2016年05期

6 肖甫;馬俊青;黃洵松;王汝傳;;SDN環(huán)境下基于KNN的DDoS攻擊檢測(cè)方法[J];南京郵電大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年01期

7 崔競(jìng)松;郭遲;陳龍;張雅娜;Dijiang HUANG;;創(chuàng)建軟件定義網(wǎng)絡(luò)中的進(jìn)程級(jí)縱深防御體系結(jié)構(gòu)[J];軟件學(xué)報(bào);2014年10期

8 許建真;何丹;;基于多閾值包過(guò)濾策略的DDoS防范機(jī)制研究[J];南京郵電大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年05期

9 張永錚;肖軍;云曉春;王風(fēng)宇;;DDoS攻擊檢測(cè)和控制方法[J];軟件學(xué)報(bào);2012年08期

10 胡尊美;;分布式拒絕服務(wù)攻擊防御技術(shù)研究[J];計(jì)算機(jī)安全;2010年04期

相關(guān)碩士學(xué)位論文 前1條

1 常麗娜;分布式拒絕服務(wù)攻擊分析與防范技術(shù)研究[D];中國(guó)海洋大學(xué);2011年

，

本文編號(hào)：2248349