【摘要】：互聯(lián)網(wǎng)、電子商務(wù)和電子政務(wù)等技術(shù)的迅速發(fā)展,便捷了生活卻也吸引了大量攻擊,如何有效防護大型互聯(lián)網(wǎng)網(wǎng)站的安全成為研究熱點�，F(xiàn)有的安全防御技術(shù)多為被動防御技術(shù),存在措施采取滯后性的缺點,蜜罐技術(shù)作為一種主動防御技術(shù),將誘騙技術(shù)引入安全領(lǐng)域,能主動吸引攻擊、收集分析攻擊行為,根據(jù)分析結(jié)果提前對被保護系統(tǒng)設(shè)防,有效解決了被動防御技術(shù)的不足。其次網(wǎng)站單日訪問量大,用戶查詢、交易等生成的日志信息量劇增,普通數(shù)據(jù)分析技術(shù)易引起延遲防護等問題,使用大數(shù)據(jù)處理技術(shù)將降低處理延遲,提高防護效率。本文首先分析了網(wǎng)站安全防御現(xiàn)狀,將蜜罐技術(shù)應(yīng)用于網(wǎng)站安全防御中,實現(xiàn)網(wǎng)站的主動防御。其次針對網(wǎng)站訪問數(shù)據(jù)量大而普通數(shù)據(jù)處理技術(shù)的延遲問題,將Spark大數(shù)據(jù)處理技術(shù)引入系統(tǒng),將能提高數(shù)據(jù)分析效率。系統(tǒng)的實現(xiàn)架構(gòu)為:在構(gòu)建的局域網(wǎng)和云平臺基礎(chǔ)上,虛擬出四臺虛擬機,其中兩臺分別作為被保護的系統(tǒng)和蜜罐、一臺作為堡壘機實現(xiàn)重定向、一臺作為大數(shù)據(jù)平臺的搭建。當(dāng)用戶訪問時,根據(jù)輸入的域名在DNS服務(wù)器解析出IP地址(堡壘機),接著用戶根據(jù)解析結(jié)果訪問到堡壘機,堡壘機利用Iptables日志功能進行數(shù)據(jù)捕獲,Spark數(shù)據(jù)處理中心調(diào)用捕獲的數(shù)據(jù)進行實時分析,根據(jù)既定的規(guī)則找出潛在威脅的用戶,堡壘機會根據(jù)分析結(jié)果對用戶進行重定向,當(dāng)用戶存在威脅時,重定向到蜜罐中,否則就將其鏈接到被保護系統(tǒng)。再者,系統(tǒng)利用多個安全防護層確保蜜罐不會被非法訪問者攻陷而用于攻擊其他系統(tǒng)。最后,對系統(tǒng)從蜜罐的仿真度、系統(tǒng)的可用性和數(shù)據(jù)分析模塊的性能進行測試。實驗及測試表明,本次設(shè)計用大數(shù)據(jù)技術(shù)對日志文件進行分析,提高了信息的處理速率和系統(tǒng)的防護效率;用相同的網(wǎng)站系統(tǒng)延長了非法訪問者在蜜罐系統(tǒng)中滯留的時間,達到了收集非法訪問者更多信息,便于今后分析與研究的目的。
[Abstract]:With the rapid development of Internet, E-commerce and E-government technology, the convenience of life has attracted a large number of attacks. How to effectively protect the security of large Internet sites has become a research hotspot. Most of the existing security defense technologies are passive defense technologies, which have the disadvantage of lagging measures. Honeypot technology, as an active defense technology, introduces the decoy technology into the security field, which can actively attract attacks and collect and analyze attacks. According to the analysis results, the defenses of the protected system are advanced in advance, which effectively solves the deficiency of the passive defense technology. Secondly, the amount of log information generated by users' inquiries and transactions is greatly increased, and the common data analysis technology is easy to cause problems such as delay protection. Using big data processing technology will reduce processing delay and improve the efficiency of protection. Firstly, this paper analyzes the present situation of website security defense, applies honeypot technology to website security defense, and realizes the active defense of website. Secondly, aiming at the problem of the delay of the common data processing technology, the Spark big data processing technology will be introduced into the system, which will improve the efficiency of data analysis. The architecture of the system is as follows: on the basis of the local area network and cloud platform, four virtual machines are created, two of which are used as protected systems and honeypots, one as fortress machine to redirect, and one as the platform of big data. When the user visits, the IP address is resolved on the DNS server based on the domain name entered, and then the user accesses the fortress machine based on the parsing results. The bastion machine makes use of the Iptables log function to capture the data, the Spark data processing center calls the captured data for real-time analysis, according to the established rules to find out the potential threat users, fortress opportunity to redirect the user according to the analysis results. When the user is threatened, redirect to the honeypot or link it to the protected system. Furthermore, the system uses multiple layers of security to ensure that honeypots are not captured by illegal visitors and used to attack other systems. Finally, the simulation of the system from the honeypot, the availability of the system and the performance of the data analysis module are tested. Experiments and tests show that this design uses big data technology to analyze log files, which improves the processing speed of information and the efficiency of system protection, and prolongs the retention time of illegal visitors in honeypot system with the same website system. It achieves the purpose of collecting more information of illegal visitors and facilitating future analysis and research.
【學(xué)位授予單位】：西安科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 王榕國;;ARP欺騙網(wǎng)絡(luò)安全研究[J];信息通信;2017年01期

2 李秀娟;;探析網(wǎng)絡(luò)主動防御系統(tǒng)的設(shè)計與實現(xiàn)[J];電子設(shè)計工程;2017年01期

3 董永明;浦志崗;;計算機網(wǎng)絡(luò)防火墻的安全設(shè)計與實現(xiàn)[J];電子設(shè)計工程;2016年22期

4 張駿;;Honeypot中數(shù)據(jù)捕獲的設(shè)計與實現(xiàn)[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2016年11期

5 孔慶春;;基于Spark大數(shù)據(jù)平臺日志審計系統(tǒng)的設(shè)計與實現(xiàn)[J];電腦知識與技術(shù);2016年15期

6 崔嘉;;蜜罐技術(shù)用于網(wǎng)絡(luò)安全的分析與研究[J];網(wǎng)絡(luò)空間安全;2016年06期

7 王艷;;大數(shù)據(jù)時代網(wǎng)絡(luò)安全主動防御系統(tǒng)應(yīng)用與設(shè)計[J];湖北函授大學(xué)學(xué)報;2016年09期

8 馬小雨;;防火墻和IDS聯(lián)動技術(shù)在網(wǎng)絡(luò)安全管理中的有效應(yīng)用[J];現(xiàn)代電子技術(shù);2016年02期

9 陳陽;;基于蜜罐的網(wǎng)站安全防御系統(tǒng)的設(shè)計[J];價值工程;2016年01期

10 汶向東;;基于蜜罐技術(shù)的電子政務(wù)安全系統(tǒng)的研究與設(shè)計[J];微型電腦應(yīng)用;2015年10期

相關(guān)碩士學(xué)位論文 前10條

1 張超;WEB網(wǎng)站安全檢測系統(tǒng)設(shè)計與實現(xiàn)[D];東南大學(xué);2015年

2 楊朋;基于Hadoop的網(wǎng)絡(luò)節(jié)點行為分析[D];北京郵電大學(xué);2015年

3 周昆;一種基于Honeyd的過程控制蜜罐系統(tǒng)的平臺搭建研究[D];華東理工大學(xué);2015年

4 張龍生;虛擬蜜罐網(wǎng)關(guān)鍵技術(shù)研究與實現(xiàn)[D];北京郵電大學(xué);2015年

5 許雯;基于分布式蜜罐的云端安全機制研究[D];江蘇科技大學(xué);2014年

6 呂峰;基于Hadoop海量數(shù)據(jù)微博系統(tǒng)的設(shè)計與實現(xiàn)[D];北京工業(yè)大學(xué);2013年

7 陳顥;蜜罐技術(shù)在網(wǎng)絡(luò)安全中的設(shè)計與應(yīng)用[D];電子科技大學(xué);2012年

8 王龍江;基于蜜網(wǎng)技術(shù)的校園網(wǎng)安全系統(tǒng)的研究與實現(xiàn)[D];安徽大學(xué);2011年

9 何榮波;MapReduce模型在Hadoop中的性能優(yōu)化及改進[D];北京化工大學(xué);2011年

10 徐明明;蜜罐技術(shù)在網(wǎng)絡(luò)安全中應(yīng)用研究[D];南京信息工程大學(xué);2011年

，

本文編號：2275733