基于网络流水印的跨域协同追踪技术研究

发布时间：2018-02-06 02:43

本文关键词： 网络安全入侵追踪跨域协同入侵追踪网络流水印时隙质心　出处：《南京理工大学》2017年硕士论文　论文类型：学位论文

【摘要】：随着Internet的迅猛发展,网络规模不断扩大,各类应用日益广泛。计算机网络在规模日益扩大的同时,面临的安全态势却并不乐观。网络安全事件频发不仅扰乱正常的网络秩序还造成巨大的经济损失。入侵追踪技术用于在网络中自动发现攻击者的真实位置,不仅能够及时发现入侵报文在网络中传输的路径,为入侵检测事件处理、入侵响应提供必要的决策依据,还能对攻击者产生强大的威慑作用,有效地减少入侵行为的发生。然而,现有的网络代理、NAT、IP隧道技术和迅速发展的匿名通信系统为攻击者隐藏真实IP提供便利。此外,攻击者通过攻破若干中间系统构成"跳板"链,实施跨多自治域的隐秘入侵攻击,增加入侵追踪的难度。论文对入侵追踪现状和常用入侵追踪技术进行总结分析。针对现有入侵追踪技术无法实现自治域间高效协同入侵追踪的问题,提出跨域协同入侵追踪框架的设计规范,研究高效、安全的跨域协同入侵追踪框架,在不干涉自治域的操作边界、防止域内敏感信息泄漏的同时,实现高效安全的跨域协同入侵追踪。为提高跨域协同入侵追踪框架的域内追踪能力,论文对网络流水印技术进行深入研究。针对现有基于时隙质心流水印技术易受多流攻击威胁的问题,论文提出一种基于时隙直方图规定化的时隙质心水印方法,提升现有技术对多流攻击的抵抗能力并减少水印检测端的时空开销。针对现有时隙质心水印技术的适用性不足的问题,论文提出一种基于时隙均衡化预处理的时隙质心水印方法,增强水印载体的稳定性,提升水印技术的鲁棒性和自适应性。与现有网络流水印技术相比,论文提出的两种方法具有更好的隐秘性、健壮性和自适应能力。
[Abstract]:With the rapid development of Internet, the scale of network is expanding, and all kinds of applications are more and more widely. However, the security situation is not optimistic. The frequent occurrence of network security events not only disturbs the normal network order but also causes huge economic losses. Intrusion tracking technology is used to automatically find the real location of attackers in the network. It can not only find the path of intrusion message transmission in time, provide the necessary decision basis for intrusion detection event processing and intrusion response, but also produce a powerful deterrent to the attacker. However, the existing network agent NATT IP tunneling technology and the rapid development of anonymous communication system provide convenience for attackers to hide real IP. By breaking through a number of intermediate systems to form a "springboard" chain, attackers carry out secret intrusion attacks across multiple autonomous domains. This paper summarizes and analyzes the current situation of intrusion tracking and the commonly used intrusion tracking technology. Aiming at the problem that the existing intrusion tracking technology can not achieve efficient cooperative intrusion tracking among autonomous domains. This paper proposes a design specification for cross-domain collaborative intrusion tracking framework, and studies an efficient and secure cross-domain cooperative intrusion tracking framework, which can not interfere with the operational boundaries of autonomous domains and prevent sensitive information leakage in the domain. In order to improve the intra-domain tracking capability of the cross-domain cooperative intrusion tracking framework, the efficient and secure cross-domain cooperative intrusion tracking is realized. Aiming at the problem that the existing time slot center income printing technology is vulnerable to multi-stream attacks, this paper proposes a slot centroid watermarking method based on slot histogram specification. To improve the resistance of the existing techniques to multi-stream attacks and reduce the space-time overhead of watermark detection, aiming at the lack of applicability of the existing time-slot centroid watermarking technology. In this paper, a time-slot centroid watermarking method based on slot equalization preprocessing is proposed to enhance the stability of watermark carrier, enhance the robustness and self-adaptability of watermarking technology, and compare with the existing network income printing technology. The two methods proposed in this paper have better stealthy, robustness and adaptive ability.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】