网络攻击行为及蜜罐技术研究

【作者】 陈伟；

【导师】 秦志光；

【作者基本信息】 电子科技大学 ， 计算机应用技术， 2004， 硕士

【摘要】 随着信息时代的来临,网络和通信技术飞速发展,计算机网络和操作系统本身的漏洞与安全隐患也日益暴露在人们面前,计算机网络成了破坏者的乐园和滋养黑客的温床,形形色色的网络罪犯充斥在Internet的各个角落,各类网络安全事件频频见诸报端,同时国际互联网也成为了国内外敌对势力对我进行颠覆、渗透的战场,规模不等的网络攻防对抗随时都在悄无声息地上演。网络信息安全状况的日益恶化给人们的生活带来巨大的财产和经济损失,给人们的心理造成了巨大的恐慌,威胁到了国家的安全与社会的稳定。网络信息安全正面临着极大的威胁和挑战。兵家有言,知己知彼,百战不殆,对网络安全状态进行合理地评估,对网络攻击行为进行充分的了解和透彻的研究是在网络攻防对抗中保持主动的关键。传统的安全防护手段防火墙、入侵检测、安全漏洞扫描、虚拟专用网等在同网络黑客进行斗争的过程中发挥了巨大的作用,但是在层出不穷的网络攻击(尤其是未知攻击)面前这些传统的安全防御手段显得有些力不从心,渐渐处于被动的境地。蜜罐又叫攻击诱骗系统,是一种新的安全工具,在对攻击的检测、分析、研究,尤其是对未知攻击的检测方面日益显示了其优越性。蜜罐技术的研究已经成为了目前信息安全领域的又一研究热点。蜜罐是一个定制的“牢笼”系统,其主要作用是诱捕黑客(入侵者)的活动,收集网络攻击信息,同时,分担受保护系统承受的安全风险,对系统进行保护。蜜罐更积极的意义在于通过分析收集到的信息,掌握网络系统的安全状况,进一步学习和研究黑客发起网络攻击的目的、动机和其运用的技术手段,主动调整网络系统的安全策略和配置,采取积极有效的措施防患于未然。蜜罐不能明显改善信息网络系统的安全状况,它的出现很好地填补了防火墙和入侵检测在未知攻击的检测和响应上的不足,受到人们越来越多的关注,发展迅速。本文首先对网络攻击行为进行了简要介绍,并进一步对网络攻击行为的分类进行了探讨,然后对蜜罐进行了研究,介绍了蜜罐的原理、结构、实现及其部署方案,与网络攻击相关的后续研究包括网络攻击行为建模、网络攻击破坏力分析、网络入侵响应等,本文的研究是网络攻击相关研究的基础。信息安全,任重道远,运用蜜罐研究网络攻击行为是网络信息安全的一个切入点。更多还原

【Abstract】 With the coming of the information era, the faster the technology of network and communication develops , the more vulnerability of the network and operating system exposures to people. The internet become the paradise and hothouse of hacker and cracker, all kinds of network criminals flood all corner of the Internet, all sorts of network security incident frequently appears on some newspapers and media. At the same time, Internet becomes the battlefield where many domestic and overseas hostile infiltrate and overthrow our nation. Different scale Network attacking and defending war break out quietly. The status of network security increasingly worsen, it take huge lose at possession and economy, also take huge panic to people , even threaten safety and stabilization of nation. The security of information is confronted with huge threat and challenge.Ancient Chinese militarist concluded that if you want to secure yourself against the enemy, you have to first know who your enemy is. This military doctrine readily applies to the world of network security. Just like the military, you have resources that you are trying to protect. The traditional information security solution such as firewall, Intrusion Detection System, security vulnerability scan, virtual private networking play the important role against hacker, but these solution gradually are laborsome in front of more and more network attack ,especially unknown attack. A honeypots is used in the area of computer and Internet security. It is a resource which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. It can also be used to attract and divert an attacker from the real targets. One goal of this paper is to show the possibilities of honeypots and their use in an educational as well as productive environment. Compared to an intrusion detection system, honeypots have the big advantage that they do not generate false alerts as each trace is suspicious, because no productive components are running on the system. This fact enables the system to log every byte and to correlate this data with other sources to draw a picture of an attack and the attacker.First, this work discusses network attack, then evaluates different available taxonomy of computer and network attacks and compares them to each other. In a second part, theoretical aspects of a honeypots are developed, compared and rated. As a consequence, an implementation will be presented. In comparison to the few existing <WP=6>solutions, multiple improvements could be achieved. In future, the network attack modeling and response to network attack will be researched. After all, there are many things to do for the security of information, research of honeypots and network is a shortcut.更多还原