高交互蜜网系统的设计与实现
|
摘要
随着计算机网络的发展,计算机网络开始在人们生活的各个方面扮演越来越重要的角色,开始成为人际互联的重要手段。然而网络安全问题也随着网络的不断发展而日益突显出来,计算机网络的安全问题越来越受到人们的关注。传统安全手段如防火墙等,往往处于被动防御,很难发现最新入侵或攻击手段。当网络,系统被攻陷时,人们对于入侵使用的工具、攻击者的来源、攻击方法、攻击目标都一无所知。
蜜网技术就是为了扭转这种局面而提出。蜜网技术可以对攻击行为进行监控和分析,了解攻击者所使用的攻击工具和攻击方法,推测攻击者的意图和动机,从而能够让防御者清晰地了解他们所面对的安全威胁。本文分析了原有蜜网的核心需求,针对不足,给出了一种复合型蜜网捕获模型及基于改进k-medoids算法的数据分析,设计并实现了基于以上改进的高交互蜜网系统。
本文首先说明了课题的背景和研究意义,明确了课题中要解决的问题,介绍了蜜罐蜜网技术,分析了高交互蜜网的研究现状,指出了高交互蜜网的优缺点。针对高交互蜜网的关键技术进行研究,给出了一种复合型蜜网数据捕获模型以及基于改进k-medoids算法的数据分析。在高交互蜜网系统的设计与实现部分,详细说明了关键技术的实现方案以及系统的各个模块的功能。最后总结全文,提出展望。
With the rapid development of computer network, computer network has started playing the more important role in all aspects of people's lives. However, with the development, network security problems are exposed. More and more people pay attention to the computer network security. Traditional security tools such as firewalls and IDS, often in a passive defense, are hard to find new intrusion or attack. When the network and systems are compromised, invasion tools, the sources of the attacker, attack methods, targets are unknown.
Honeynet technology is proposed in order to reverse this situation. Honeynet technology can monitor and analyze attacks, understand the attack tools and attack methods used by the attackers, and speculate the attacker's intentions and motives. The defenders will have a clear understanding of the security threats. The core requirements of the original honeynet are analyzed in this paper. For the shortage, a complex honeynet capture model and data analysis based on improved k-medoids algorithm is given. Based on the above improvement the high-interaction honeynet system is designed and implemented.
Firstly, the paper explains the project's background and significance, and then confirms the problems to be settled. It analyzes honeynet techniques and high-interaction honeynet research status. Point out the advantages and disadvantages of high-interaction honeynet. A complex honeynet capture model and data analysis based on improved k-medoids algorithm is given for high-interaction honeynet key technology research. In the part of design and implementation in high-interaction honeynet system, this paper describes key technology implementations and every module's function. At last, summarize this paper and give forward-looking views.
蜜网技术就是为了扭转这种局面而提出。蜜网技术可以对攻击行为进行监控和分析,了解攻击者所使用的攻击工具和攻击方法,推测攻击者的意图和动机,从而能够让防御者清晰地了解他们所面对的安全威胁。本文分析了原有蜜网的核心需求,针对不足,给出了一种复合型蜜网捕获模型及基于改进k-medoids算法的数据分析,设计并实现了基于以上改进的高交互蜜网系统。
本文首先说明了课题的背景和研究意义,明确了课题中要解决的问题,介绍了蜜罐蜜网技术,分析了高交互蜜网的研究现状,指出了高交互蜜网的优缺点。针对高交互蜜网的关键技术进行研究,给出了一种复合型蜜网数据捕获模型以及基于改进k-medoids算法的数据分析。在高交互蜜网系统的设计与实现部分,详细说明了关键技术的实现方案以及系统的各个模块的功能。最后总结全文,提出展望。
With the rapid development of computer network, computer network has started playing the more important role in all aspects of people's lives. However, with the development, network security problems are exposed. More and more people pay attention to the computer network security. Traditional security tools such as firewalls and IDS, often in a passive defense, are hard to find new intrusion or attack. When the network and systems are compromised, invasion tools, the sources of the attacker, attack methods, targets are unknown.
Honeynet technology is proposed in order to reverse this situation. Honeynet technology can monitor and analyze attacks, understand the attack tools and attack methods used by the attackers, and speculate the attacker's intentions and motives. The defenders will have a clear understanding of the security threats. The core requirements of the original honeynet are analyzed in this paper. For the shortage, a complex honeynet capture model and data analysis based on improved k-medoids algorithm is given. Based on the above improvement the high-interaction honeynet system is designed and implemented.
Firstly, the paper explains the project's background and significance, and then confirms the problems to be settled. It analyzes honeynet techniques and high-interaction honeynet research status. Point out the advantages and disadvantages of high-interaction honeynet. A complex honeynet capture model and data analysis based on improved k-medoids algorithm is given for high-interaction honeynet key technology research. In the part of design and implementation in high-interaction honeynet system, this paper describes key technology implementations and every module's function. At last, summarize this paper and give forward-looking views.
引文
[1]Lance Spitzner. Honeypot-Definition and Value of Honeypots. http://www.enteract.com/lspitz/honeypot.html,2001.10
[2]诸葛建伟.蜜罐及蜜网技术简介.http://www.icst.pku.edu.cn/honeynetweb/honeynetcn/,2004.9,3
[3]殷联甫.主动防护网络入侵的蜜罐技术.计算机应用,2004.7,2
[4]Lance Spitzner. The Honeynet Project:Trapping the Hackers. IEEE Security & Privacy, Vol.1,2003,15-23
[5]熊华.网络安全——取证与蜜罐.人民邮电出版社,2003.7,41-43
[6]The Honeynet Project. Honeynet Definitions, Requirements, and Standards. http://project.honeynet.org/alliance/requirements.html,2004
[7]王荣强.网络安全体系中蜜网系统的研究与设计.兰州大学硕士学位论文,2005.5,14
[8]杨永双,张少波,张晶晶.蜜网系统的研究与设计.计算机与网络,2007.2,3
[9]诸葛建伟,吴智发,张芳芳.利用蜜网技术深入剖析互联网安全威胁.中国计算机大会,2005.2,3
[10]汤阳春,陆余良,汪永益.Honeynet系统在网络安全中的应用.2004.1,3
[11]阮航,张梅琼,许榕生.第三代蜜网体系研究与分析.2006.2,3
[12]The Honeynet Project. Know Your Enemy:Honeynets. http://project.honeynet.org/papers/honeynet/,2003.11
[13]The Honeynet Project. Know Your Enemy Genii Honeynets. http://project.honeynet.org/papers/gen2/index.html,2005.2,29
[14]贺庆涛.蜜罐技术研究及蜜网设计.西南交通大学硕士学位论文,2005.5,17-19
[15]Ryan Talabis. The GenⅡ & GenⅢ Honeynet Architecture. The Philippine Honeynet Project,2006
[16]snort. http://www.snort.org/docs,2009.5
[17]sebek. http://www.honeynet.org/project/sebek/,2008.7
[18]韩家炜.数据挖掘:概念与技术.机械工业出版社,2007.3,196-205
[19]肖立中.网络入侵检测中的自动决定聚类数算法.Journal of software, 2007.5,2-6
[20]使用netfilter/iptables为linux配置防火墙.http:// www-900.ibm.com/developerWorks/cn/linux/network/s-netip/index.shtml,2002
[21]snort. http://www.snort.org/,2009.5
[22]杨锋.基于数据挖掘的入侵检测技术研究.哈尔滨工程大学硕士学位论文,2006.3,45-51
[2]诸葛建伟.蜜罐及蜜网技术简介.http://www.icst.pku.edu.cn/honeynetweb/honeynetcn/,2004.9,3
[3]殷联甫.主动防护网络入侵的蜜罐技术.计算机应用,2004.7,2
[4]Lance Spitzner. The Honeynet Project:Trapping the Hackers. IEEE Security & Privacy, Vol.1,2003,15-23
[5]熊华.网络安全——取证与蜜罐.人民邮电出版社,2003.7,41-43
[6]The Honeynet Project. Honeynet Definitions, Requirements, and Standards. http://project.honeynet.org/alliance/requirements.html,2004
[7]王荣强.网络安全体系中蜜网系统的研究与设计.兰州大学硕士学位论文,2005.5,14
[8]杨永双,张少波,张晶晶.蜜网系统的研究与设计.计算机与网络,2007.2,3
[9]诸葛建伟,吴智发,张芳芳.利用蜜网技术深入剖析互联网安全威胁.中国计算机大会,2005.2,3
[10]汤阳春,陆余良,汪永益.Honeynet系统在网络安全中的应用.2004.1,3
[11]阮航,张梅琼,许榕生.第三代蜜网体系研究与分析.2006.2,3
[12]The Honeynet Project. Know Your Enemy:Honeynets. http://project.honeynet.org/papers/honeynet/,2003.11
[13]The Honeynet Project. Know Your Enemy Genii Honeynets. http://project.honeynet.org/papers/gen2/index.html,2005.2,29
[14]贺庆涛.蜜罐技术研究及蜜网设计.西南交通大学硕士学位论文,2005.5,17-19
[15]Ryan Talabis. The GenⅡ & GenⅢ Honeynet Architecture. The Philippine Honeynet Project,2006
[16]snort. http://www.snort.org/docs,2009.5
[17]sebek. http://www.honeynet.org/project/sebek/,2008.7
[18]韩家炜.数据挖掘:概念与技术.机械工业出版社,2007.3,196-205
[19]肖立中.网络入侵检测中的自动决定聚类数算法.Journal of software, 2007.5,2-6
[20]使用netfilter/iptables为linux配置防火墙.http:// www-900.ibm.com/developerWorks/cn/linux/network/s-netip/index.shtml,2002
[21]snort. http://www.snort.org/,2009.5
[22]杨锋.基于数据挖掘的入侵检测技术研究.哈尔滨工程大学硕士学位论文,2006.3,45-51
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |