警用專網(wǎng)中的DoS攻擊檢測技術(shù)研究
發(fā)布時間:2018-11-18 17:34
【摘要】:近年來,網(wǎng)絡(luò)安全問題得到了很多科研院所的關(guān)注,公網(wǎng)方面的安全問題已經(jīng)逐漸得到重視及改善,但集群專網(wǎng)領(lǐng)域的網(wǎng)絡(luò)安全問題并沒有得到充分的重視。警用專網(wǎng)是應(yīng)對突發(fā)狀況、保證人民生命財產(chǎn)安全的重要通信方式,安全問題應(yīng)該被視為重中之重來考慮,拒絕服務(wù)(Denial of Service,Do S)攻擊一直是給集群專網(wǎng)帶來嚴(yán)重危害的威脅之一。組播技術(shù)由于其高效的群組呼叫特點,在警用專網(wǎng)中得到了廣泛應(yīng)用,但組播傳輸?shù)陌踩珕栴}一直限制著集群通信的發(fā)展和應(yīng)用。專網(wǎng)領(lǐng)域的Do S攻擊主要是利用網(wǎng)絡(luò)協(xié)議及應(yīng)用模式的固有缺陷發(fā)起的,由于網(wǎng)絡(luò)協(xié)議無法做到絕對完善,因此這種攻擊方式將會隨著互聯(lián)網(wǎng)技術(shù)的發(fā)展而繼續(xù)存在。本文針對在警用專網(wǎng)的組播場景中最為常見的幾種Do S攻擊方式開展研究。首先分析了攻擊的原理及特點,通過對發(fā)生不同類型DoS攻擊時的網(wǎng)絡(luò)流動作的特點分析總結(jié),建立了系統(tǒng)活躍熵狀態(tài)模型(Dynamic Entropy Model,DEM)。最后以實際的網(wǎng)絡(luò)連接過程為例計算了在不同狀況下,網(wǎng)絡(luò)連接過程的活躍熵變化。隨后,結(jié)合建立的系統(tǒng)活躍熵狀態(tài)模型,本文又建立了基于活躍熵的拒絕服務(wù)攻擊監(jiān)測算法。通過對警用專網(wǎng)中最常見的幾種Do S攻擊的深入分析可知,不同的攻擊類型在網(wǎng)絡(luò)流層面具有不同的動作特點,這些不同的動作特點將會引起系統(tǒng)活躍熵的變化,因此根據(jù)活躍熵的變化情況可以大致判斷出網(wǎng)絡(luò)數(shù)據(jù)是否是惡意行為。仿真結(jié)果表明,該機(jī)制能夠?qū)W(wǎng)絡(luò)中的活躍熵進(jìn)行實時檢測,并區(qū)分惡意的網(wǎng)絡(luò)攻擊行為。最后,本文提出了一種基于DEM的安全防護(hù)機(jī)制,通過對系統(tǒng)活躍熵的計算,安全機(jī)制能夠很好地識別異常網(wǎng)絡(luò)行為,并通過禁止其數(shù)據(jù)通道的方式終止攻擊者對網(wǎng)絡(luò)造成的持續(xù)傷害。
[Abstract]:In recent years, many scientific research institutes have paid close attention to the problem of network security, and the security problem of public network has been gradually paid attention to and improved, but the network security problem in the field of cluster private network has not been paid enough attention to. Police special network is an important communication way to deal with unexpected situation and ensure the safety of people's life and property. The security problem should be considered as the top priority and refuse to serve (Denial of Service,. Do S) attack is one of the threats to the cluster network. Multicast technology has been widely used in police private networks because of its high efficiency of group call. However, the security of multicast transmission has been restricting the development and application of trunked communication. The Do S attacks in the area of private networks are mainly initiated by the inherent defects of the network protocols and application modes. Because the network protocols cannot be absolutely perfect, this attack will continue to exist with the development of Internet technology. In this paper, the most common Do S attack methods in police network multicast scenarios are studied. Firstly, the principle and characteristics of the attack are analyzed, and the active entropy state model (Dynamic Entropy Model,DEM) of the system is established by analyzing and summarizing the characteristics of the network flow action when different types of DoS attacks occur. Finally, the active entropy changes of the network connection process under different conditions are calculated by taking the actual network connection process as an example. Then, combined with the system active entropy state model, an active entropy based denial-of-service attack monitoring algorithm is proposed in this paper. Through the in-depth analysis of the most common Do S attacks in the special police network, it can be seen that different types of attacks have different action characteristics at the network flow level, and these different action characteristics will cause the change of the active entropy of the system. Therefore, according to the change of active entropy, we can roughly determine whether the network data is malicious. Simulation results show that the mechanism can detect the active entropy in the network in real time and distinguish the malicious network attack behavior. Finally, this paper proposes a security protection mechanism based on DEM. By calculating the active entropy of the system, the security mechanism can identify the abnormal network behavior well. And by banning its data channels, the continued damage caused by the attacker to the network is terminated.
【學(xué)位授予單位】:哈爾濱工業(yè)大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP393.08
[Abstract]:In recent years, many scientific research institutes have paid close attention to the problem of network security, and the security problem of public network has been gradually paid attention to and improved, but the network security problem in the field of cluster private network has not been paid enough attention to. Police special network is an important communication way to deal with unexpected situation and ensure the safety of people's life and property. The security problem should be considered as the top priority and refuse to serve (Denial of Service,. Do S) attack is one of the threats to the cluster network. Multicast technology has been widely used in police private networks because of its high efficiency of group call. However, the security of multicast transmission has been restricting the development and application of trunked communication. The Do S attacks in the area of private networks are mainly initiated by the inherent defects of the network protocols and application modes. Because the network protocols cannot be absolutely perfect, this attack will continue to exist with the development of Internet technology. In this paper, the most common Do S attack methods in police network multicast scenarios are studied. Firstly, the principle and characteristics of the attack are analyzed, and the active entropy state model (Dynamic Entropy Model,DEM) of the system is established by analyzing and summarizing the characteristics of the network flow action when different types of DoS attacks occur. Finally, the active entropy changes of the network connection process under different conditions are calculated by taking the actual network connection process as an example. Then, combined with the system active entropy state model, an active entropy based denial-of-service attack monitoring algorithm is proposed in this paper. Through the in-depth analysis of the most common Do S attacks in the special police network, it can be seen that different types of attacks have different action characteristics at the network flow level, and these different action characteristics will cause the change of the active entropy of the system. Therefore, according to the change of active entropy, we can roughly determine whether the network data is malicious. Simulation results show that the mechanism can detect the active entropy in the network in real time and distinguish the malicious network attack behavior. Finally, this paper proposes a security protection mechanism based on DEM. By calculating the active entropy of the system, the security mechanism can identify the abnormal network behavior well. And by banning its data channels, the continued damage caused by the attacker to the network is terminated.
【學(xué)位授予單位】:哈爾濱工業(yè)大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 顏軍;張暉;王明久;;數(shù)字集群通信發(fā)展趨勢[J];通訊世界;2015年21期
2 王侖;;LTE寬帶集群專網(wǎng)的行業(yè)應(yīng)用[J];移動通信;2014年01期
3 周穎杰;焦程波;陳慧楠;馬力;胡光岷;;基于流量行為特征的DoS&DDoS攻擊檢測與異常流識別[J];計算機(jī)應(yīng)用;2013年10期
4 鄒有;邱成;吳青;;基于虛擬化技術(shù)的網(wǎng)絡(luò)攻防平臺設(shè)計[J];電腦知識與技術(shù);2013年21期
5 江超;;無線傳感器網(wǎng)絡(luò)中基于免疫原理的DoS攻擊檢測算法[J];傳感器與微系統(tǒng);2013年01期
6 張新有;曾華q,
本文編號:2340673
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2340673.html
最近更新
教材專著
