【摘要】：隨著傳統(tǒng)互聯(lián)網(wǎng)加速向移動(dòng)互聯(lián)網(wǎng)轉(zhuǎn)型,接入網(wǎng)絡(luò)的節(jié)點(diǎn)也從以往的臺式機(jī)或筆記本轉(zhuǎn)變?yōu)楦蟊娀闹悄苁謾C(jī)。人們只需使用手機(jī)即可體驗(yàn)網(wǎng)絡(luò)帶來的各種便利性,足不出戶就能在網(wǎng)上商城購買自己心儀的產(chǎn)品,或通過在線視頻網(wǎng)站觀看自己喜歡的影視作品等。正因?yàn)榇?網(wǎng)絡(luò)與日常生活之間的緊密性越來越強(qiáng),網(wǎng)絡(luò)服務(wù)的可用性也逐漸成為網(wǎng)絡(luò)用戶關(guān)注的焦點(diǎn)。計(jì)算機(jī)網(wǎng)絡(luò)的運(yùn)行看似穩(wěn)定、可靠,實(shí)則非常容易遭受攻擊進(jìn)而導(dǎo)致網(wǎng)絡(luò)服務(wù)癱瘓。在種類繁雜的攻擊中,DDo S(Distributed Denial-of-service,分布式拒絕服務(wù))是一種極具破壞性、隱蔽性且易于實(shí)施的攻擊手段。它可以另被攻擊的網(wǎng)絡(luò)服務(wù)在一段時(shí)間內(nèi)無法使用,這會給用戶的網(wǎng)絡(luò)體驗(yàn)帶來極大的影響。因此,如何防御DDo S攻擊保證網(wǎng)絡(luò)服務(wù)持續(xù)可用依然是當(dāng)前互聯(lián)網(wǎng)安全中一個(gè)不可忽視的重要研究方向。首先,針對目前無法有效區(qū)分正常流量與攻擊流量的問題,本文提出一種基于用戶行為模式的DDo S檢測方法。先以多個(gè)維度對用戶訪問網(wǎng)絡(luò)資源的行為進(jìn)行建模,定義出用于判斷用戶行為是否正常的判定因子,并根據(jù)判定因子收集網(wǎng)絡(luò)中的相關(guān)統(tǒng)計(jì)數(shù)據(jù)。然后,將收集的數(shù)據(jù)利用Word2Vec向量化后使用CNN進(jìn)行分類,再利用LSTM將統(tǒng)計(jì)數(shù)據(jù)進(jìn)行深度學(xué)習(xí),以時(shí)間為單位得出正常用戶的行為模式。此后根據(jù)用戶的行為模式判斷是否發(fā)生DDo S攻擊。再者,針對現(xiàn)有許多DDo S防御研究無法適用于傳統(tǒng)網(wǎng)絡(luò)架構(gòu)的問題,本文提出一種基于SDN的DDo S防御架構(gòu)。從攻擊預(yù)防、攻擊感知、攻擊響應(yīng)三個(gè)階段進(jìn)行全方位防御。整個(gè)架構(gòu)包括:節(jié)點(diǎn)準(zhǔn)入、行為感知、行為判定、策略管理、策略響應(yīng)等模塊。其中,節(jié)點(diǎn)準(zhǔn)入與策略管理負(fù)責(zé)網(wǎng)絡(luò)準(zhǔn)入控制,行為感知與行為判定判斷此刻網(wǎng)絡(luò)中是否存在DDo S攻擊行為,策略響應(yīng)對攻擊流量進(jìn)行相關(guān)處理。緣于SDN的控制平面與數(shù)據(jù)平面解耦和,本架構(gòu)可以與傳統(tǒng)架構(gòu)混合使用并可實(shí)現(xiàn)平滑過渡。最后本文根據(jù)上述理論研究構(gòu)建一個(gè)基于SDN的DDo S原型防御系統(tǒng),通過該系統(tǒng)驗(yàn)證、測試防御框架的可行性、可靠性以及準(zhǔn)確性。
[Abstract]:As the traditional Internet accelerates to the mobile Internet, the nodes connected to the network have changed from desktop computers or laptops to more popular smartphones. People can only use mobile phones to experience all kinds of convenience brought by the network. They can buy their favorite products in online shopping mall or watch their favorite movies and TV works through online video websites. Because of this, the closeness between the network and daily life is becoming stronger and stronger, and the usability of network services has gradually become the focus of attention of network users. The operation of computer network seems stable and reliable, but it is very vulnerable to attack and lead to network service paralysis. DDO S (Distributed Denial-of-service, distributed denial of Service (DDoS) is a very destructive, hidden and easy to implement attack method. It can not be used for a period of time, which will have a great impact on the user's network experience. Therefore, how to protect against DDo S attacks to ensure the continuous availability of network services is still an important research direction in Internet security. First of all, aiming at the problem that normal traffic and attack traffic can not be effectively distinguished at present, a DDo S detection method based on user behavior mode is proposed in this paper. Firstly, the user's behavior of accessing network resources is modeled with multiple dimensions, and the decision factors are defined to judge whether the user's behavior is normal or not, and the relevant statistical data in the network are collected according to the decision factors. Then, the collected data is classified by using Word2Vec vectorization and CNN, and then the statistical data is deeply studied by LSTM, and the normal user's behavior pattern is obtained by time unit. Then the DDo S attack is judged according to the user's behavior mode. Furthermore, to solve the problem that many existing DDo S defense research can not be applied to the traditional network architecture, this paper proposes a DDo S defense architecture based on SDN. From the attack prevention, attack perception, attack response three stages to carry on the omni-directional defense. The whole architecture includes: node access, behavior perception, behavior determination, policy management, policy response and so on. Among them, the node access and policy management is responsible for network access control, behavior perception and behavior judge whether there is an DDo S attack behavior in the network at the moment, and the policy response to deal with the attack traffic. Due to the decoupling of control plane and data plane of SDN, this architecture can be mixed with traditional architecture and can realize smooth transition. Finally, a prototype defense system of DDo S based on SDN is constructed according to the above theory. The feasibility, reliability and accuracy of the defense framework are tested by the system.
【學(xué)位授予單位】：杭州電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李愛華;肖金鳳;邱朋;;粒子群算法追蹤DDoS攻擊源技術(shù)研究[J];沈陽理工大學(xué)學(xué)報(bào);2016年02期

2 王秀磊;陳鳴;邢長友;孫志;吳泉峰;;一種防御DDoS攻擊的軟件定義安全網(wǎng)絡(luò)機(jī)制[J];軟件學(xué)報(bào);2016年12期

3 王蒙蒙;劉建偉;陳杰;毛劍;毛可飛;;軟件定義網(wǎng)絡(luò):安全模型、機(jī)制及研究進(jìn)展[J];軟件學(xué)報(bào);2016年04期

4 張世軒;劉靜;賴英旭;何運(yùn);楊盼;;基于SDN構(gòu)架的DoS/DDoS攻擊檢測與防御體系[J];電子技術(shù)應(yīng)用;2015年12期

5 方峰;蔡志平;肇啟佳;林加潤;朱明;;使用Spark Streaming的自適應(yīng)實(shí)時(shí)DDoS檢測和防御技術(shù)[J];計(jì)算機(jī)科學(xué)與探索;2016年05期

6 肖甫;馬俊青;黃洵松;王汝傳;;SDN環(huán)境下基于KNN的DDoS攻擊檢測方法[J];南京郵電大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年01期

7 崔競松;郭遲;陳龍;張雅娜;Dijiang HUANG;;創(chuàng)建軟件定義網(wǎng)絡(luò)中的進(jìn)程級縱深防御體系結(jié)構(gòu)[J];軟件學(xué)報(bào);2014年10期

8 許建真;何丹;;基于多閾值包過濾策略的DDoS防范機(jī)制研究[J];南京郵電大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年05期

9 張永錚;肖軍;云曉春;王風(fēng)宇;;DDoS攻擊檢測和控制方法[J];軟件學(xué)報(bào);2012年08期

10 胡尊美;;分布式拒絕服務(wù)攻擊防御技術(shù)研究[J];計(jì)算機(jī)安全;2010年04期

相關(guān)碩士學(xué)位論文 前1條

1 常麗娜;分布式拒絕服務(wù)攻擊分析與防范技術(shù)研究[D];中國海洋大學(xué);2011年

，

本文編號：2248349