【摘要】：隨著計算機網(wǎng)絡(luò)的規(guī)模和復(fù)雜性的不斷增大,網(wǎng)絡(luò)空間的安全性越來越受到人們關(guān)注。相較于各種網(wǎng)絡(luò)安全措施各自為戰(zhàn),相互之間極少關(guān)聯(lián)的網(wǎng)絡(luò)安全體系,網(wǎng)絡(luò)安全態(tài)勢感知(Network Security Situation Awareness,簡稱NSSA)則從宏觀角度對整個網(wǎng)絡(luò)的安全狀態(tài)進行實時度量,對海量原始安全數(shù)據(jù)進行數(shù)據(jù)融合從而辨識網(wǎng)絡(luò)攻擊行為,并及時響應(yīng)以降低損失。NSSA對網(wǎng)絡(luò)安全管理的監(jiān)控能力和應(yīng)急響應(yīng)能力都具有積極意義。為了擴大安全檢測視角,NSSA需要盡可能全面的收集全網(wǎng)的安全數(shù)據(jù),這一點正契合了軟件定義網(wǎng)絡(luò)(Software Defined Network,簡稱SDN)的全局感知、集中控制的管理特性。SDN最初是致力于加速網(wǎng)絡(luò)創(chuàng)新、促進網(wǎng)絡(luò)設(shè)備開放、自動化網(wǎng)絡(luò)配置而提出的新型網(wǎng)絡(luò)架構(gòu),其核心思想是將轉(zhuǎn)發(fā)設(shè)備的控制功能和轉(zhuǎn)發(fā)功能解耦,并開放網(wǎng)絡(luò)應(yīng)用程序編程接口,從而賦予用戶對網(wǎng)絡(luò)資源的細粒度、高靈活性的調(diào)度能力。SDN為網(wǎng)絡(luò)安全和網(wǎng)絡(luò)管理提供了開放而廣闊的平臺支持。本文結(jié)合NSSA對全面安全數(shù)據(jù)的需求和SDN全局感知的特性,實現(xiàn)了在Open Flow網(wǎng)絡(luò)(SDN的一種主流實現(xiàn))下的安全態(tài)勢感知系統(tǒng),從整體上對網(wǎng)絡(luò)安全狀況進行把控。本文首先實現(xiàn)了符合性檢測系統(tǒng),即利用Open Flow交換機同時工作在數(shù)據(jù)鏈路層、網(wǎng)絡(luò)層、傳輸層的扁平化工作模式,實現(xiàn)了對路由策略和傳輸協(xié)議的組合式符合性檢查系統(tǒng),提供了局域網(wǎng)內(nèi)部的主機對主機、主機對網(wǎng)絡(luò)等的路由策略,以及主機對傳輸協(xié)議的多粒度的符合性檢查功能,該系統(tǒng)除完成對網(wǎng)絡(luò)訪問的符合性檢查外,還作為態(tài)勢感知的數(shù)據(jù)來源之一。接著,本文實現(xiàn)安全態(tài)勢感知系統(tǒng),其工作重點是針對幾種典型的網(wǎng)絡(luò)攻擊從Open Flow網(wǎng)絡(luò)流的角度進行了流量特征分析,并進行異常檢測,最后對安全異常檢測數(shù)據(jù)進行加權(quán)組合得到全網(wǎng)的安全態(tài)勢狀況。最后,本文介紹了Open Flow網(wǎng)絡(luò)仿真環(huán)境和SDN開發(fā)平臺,并在此仿真平臺上對符合性檢查系統(tǒng)、安全態(tài)勢感知系統(tǒng)進行功能測試。
[Abstract]:With the increasing scale and complexity of computer network, the security of cyberspace has attracted more and more attention. Compared with all kinds of network security measures, which are rarely related to each other, (Network Security Situation Awareness, (Network Security situation Awareness (NSSA) measures the security state of the whole network in real time from a macro point of view, and merges the massive original security data to identify the network attack behavior. And timely response to reduce losses. NSSA is of positive significance to the monitoring ability and emergency response ability of network security management. In order to expand the perspective of security detection, NSSA needs to collect the security data of the whole network as comprehensively as possible, which is in line with the global perception of software-defined network (Software Defined Network, (SDN) and the management characteristics of centralized control. SDN was originally a new network architecture dedicated to accelerating network innovation, promoting the opening of network equipment and automating network configuration. The core idea is to decoupling the control function and forwarding function of the forwarding device, and to open the network application programming interface, so as to give users the fine granularity and high flexibility scheduling ability of the network resources. SDN provides open and broad platform support for network security and network management. Based on the requirements of NSSA for comprehensive security data and the characteristics of SDN global perception, this paper implements a security situational awareness system under Open Flow network (a mainstream implementation of SDN), and controls the network security situation as a whole. In this paper, the conformance detection system is implemented, that is, the flattened working mode of Open Flow switch in data link layer, network layer and transport layer is used to realize the combined conformance checking system of routing policy and transmission protocol, which provides the routing strategy of host to host and host to network in LAN, as well as the multi-granularity conformance checking function of host to transmission protocol. The system not only completes the compliance check of network access, but also serves as one of the data sources of situational awareness. Then, this paper implements the security situation awareness system, its work focuses on several typical network attacks from the point of view of Open Flow network flow analysis, and anomaly detection, and finally weighted combination of security anomaly detection data to obtain the security situation of the whole network. Finally, this paper introduces the Open Flow network simulation environment and SDN development platform, and carries on the function test to the conformity check system and the security situational awareness system on this simulation platform.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前6條

1 龔儉;金磊;;基于SDN技術(shù)的網(wǎng)絡(luò)入侵阻斷系統(tǒng)設(shè)計[J];華中科技大學(xué)學(xué)報(自然科學(xué)版);2016年11期

2 張勇;譚小彬;崔孝林;奚宏生;;基于Markov博弈模型的網(wǎng)絡(luò)安全態(tài)勢感知方法[J];軟件學(xué)報;2011年03期

3 陳秀真;鄭慶華;管曉宏;林晨光;;層次化網(wǎng)絡(luò)安全威脅態(tài)勢量化評估方法[J];軟件學(xué)報;2006年04期

4 聶林,張玉清,王閔;入侵防御系統(tǒng)的研究與分析[J];計算機應(yīng)用研究;2005年09期

5 宿潔,袁軍鵬;防火墻技術(shù)及其進展[J];計算機工程與應(yīng)用;2004年09期

6 饒鮮,董春曦,楊紹全;基于支持向量機的入侵檢測系統(tǒng)[J];軟件學(xué)報;2003年04期

相關(guān)博士學(xué)位論文 前1條

1 張淑英;網(wǎng)絡(luò)安全事件關(guān)聯(lián)分析與態(tài)勢評測技術(shù)研究[D];吉林大學(xué);2012年

相關(guān)碩士學(xué)位論文 前4條

1 廖斌;網(wǎng)絡(luò)安全審計系統(tǒng)的設(shè)計與實現(xiàn)[D];中國科學(xué)院大學(xué)(工程管理與信息技術(shù)學(xué)院);2015年

2 何龔敏;SDN安全態(tài)勢評估系統(tǒng)[D];西安電子科技大學(xué);2014年

3 姚東;基于流的大規(guī)模網(wǎng)絡(luò)安全態(tài)勢感知關(guān)鍵技術(shù)研究[D];解放軍信息工程大學(xué);2013年

4 韓承欽;基于sFlow和SNMP的網(wǎng)絡(luò)安全態(tài)勢融合方法的研究[D];哈爾濱工程大學(xué);2013年

，

本文編號：2508769