【摘要】：網(wǎng)絡(luò)攻擊一直是影響網(wǎng)絡(luò)安全性的最主要原因之一,網(wǎng)絡(luò)攻擊時(shí)時(shí)刻刻都在發(fā)生著,尤其針對(duì)商業(yè),工業(yè),國家的政治,軍事等部門以及高價(jià)值個(gè)人等,其造成的危害不容忽視。很多網(wǎng)絡(luò)攻擊具有極其重要的價(jià)值,人們?cè)诳吹狡渫{的同時(shí)也應(yīng)該看到其潛在的用途。這些網(wǎng)絡(luò)攻擊如果可以被再次利用,則將會(huì)對(duì)滲透測(cè)試以及國家級(jí)的網(wǎng)絡(luò)對(duì)抗等方面提供巨大的幫助。故本文的主要工作集中于網(wǎng)絡(luò)攻擊的再次利用,即網(wǎng)絡(luò)攻擊重放技術(shù)的研究。 本文首先介紹了網(wǎng)絡(luò)攻擊的種類,分析了各種類型網(wǎng)絡(luò)攻擊的特點(diǎn),并針對(duì)其中兩大主要類型：惡意代碼攻擊和漏洞攻擊,提出了重放的思路和方法。 之后,本文分析了目前已有工具在網(wǎng)絡(luò)重放分析時(shí)存在的低效問題,確定了影響攻擊重放效率的關(guān)鍵因素,并在此基礎(chǔ)上設(shè)計(jì)并實(shí)現(xiàn)了名為ADef網(wǎng)絡(luò)攻擊過程快速分析工具。ADef具有主機(jī)入侵防御系統(tǒng)(HIPS)的進(jìn)程,文件,注冊(cè)表以及網(wǎng)絡(luò)的記錄與監(jiān)控等基本功能,同時(shí)在內(nèi)核層面實(shí)現(xiàn)了針對(duì)全系統(tǒng)的攻擊載荷靜態(tài)與動(dòng)態(tài)的自動(dòng)化替換功能。 最后,本文選取了一系列典型的網(wǎng)絡(luò)攻擊樣本,通過對(duì)這些樣本的重放驗(yàn)證了攻擊重放基本方法的正確性和針對(duì)全系統(tǒng)的攻擊載荷自動(dòng)替換功能的實(shí)用性,同時(shí)也驗(yàn)證了ADef系統(tǒng)在攻擊重放過程中的高效性和此系統(tǒng)在理論研究和工程實(shí)踐中的重要參考價(jià)值。
[Abstract]:Cyber attacks have always been one of the most important factors affecting network security, and cyber attacks are taking place all the time, especially against commercial, industrial, political, military and other sectors of the country, as well as high-value individuals, and so on. The harm caused by it should not be ignored. Many cyber attacks are of great value, and people should see their potential uses as well as their threats. If these attacks can be re-exploited, they will be of great help to penetration testing and national-level cyber warfare. Therefore, the main work of this paper focuses on the reuse of network attack, that is, the research of network attack replay technology. In this paper, the types of network attacks are introduced, the characteristics of various types of network attacks are analyzed, and two main types of network attacks, malicious code attack and vulnerability attack, are put forward, and the ideas and methods of replay are put forward. After that, this paper analyzes the inefficiency of existing tools in network replay analysis, and determines the key factors that affect the replay efficiency of attack. ADef has the basic functions of the host intrusion prevention system (HIPS), such as process, file, registry, network record and monitoring, and so on, which is called ADef network attack process analysis tool, which is called ADef fast analysis tool, which is called ADef network attack process analysis tool. At the same time, the static and dynamic automatic replacement function of attack load for the whole system is realized at the kernel level. Finally, this paper selects a series of typical network attack samples, and verifies the correctness of the basic method of attack replay and the practicability of the automatic replacement function of attack load for the whole system through the replay of these samples. At the same time, the efficiency of ADef system in attack replay process and the important reference value of this system in theory research and engineering practice are also verified.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 孫樂昌;夏陽;陸余良;;網(wǎng)絡(luò)主機(jī)脆弱性分析[J];計(jì)算機(jī)工程與科學(xué);2006年12期

2 項(xiàng)國富;金海;鄒德清;陳學(xué)廣;;基于虛擬化的安全監(jiān)控[J];軟件學(xué)報(bào);2012年08期

3 王宜陽;劉家豪;;Conficker蠕蟲的分析與防范[J];信息網(wǎng)絡(luò)安全;2010年10期

，

本文編號(hào)：2441851