面向服务架构的虚拟蜜网主动防御技术研究

发布时间：2018-03-19 17:38

本文选题：面向服务的体系架构　切入点：蜜罐　出处：《沈阳理工大学》2017年硕士论文　论文类型：学位论文

【摘要】：面向服务的体系架构(Service Oriented Architecture,SOA)作为近年来IT业界的焦点,已经逐渐成为影响中国IT系统构建的主导思想。近年来发展迅速的Web服务技术具有的平台无关、标准中立等特点,成为了现今构建SOA系统的首选技术。SOA使分布式应用集成更加快捷灵活,但同时也使得应用系统的安全更加难以实现。SOA系统不仅会受到传统的网络攻击(基于TCP/IP),而且会受到基于Web服务所使用的SOAP消息的攻击,如XML注入攻击、重放攻击以及各种DoS攻击。对于上述攻击,现在所采用的防御方式是传统的防火墙和入侵检测系统,以及基于安全标准(WS-Security)框架的实现,包括XML签名、XML加密、认证与授权等。这些防御都是被动的对攻击进行响应处理,并且对于SOA系统新的攻击无法检测与预防。为此本文研究面向服务架构的虚拟蜜网主动防御技术。在现有对于SOA的Web服务安全防御基础上,结合主动防御技术及传统的安全防御技术,以第三代蜜网部署拓扑为架构,对SOA服务及应用进行有效部署,设计并实现了面向服务架构的虚拟蜜网主动防御体系,重点开展了基于虚拟蜜网的数据控制、数据捕获及攻击检测技术研究。首先,结合IPTables防火墙和Snort入侵检测,构建连接数限制与数据流量控制的数据控制组件;其次,分析蜜罐的数据捕获方式及网络封包截获技术,建立基于虚拟蜜网的内核级数据捕获组件;在此基础上,结合K均值聚类检测算法,将聚类方法应用于虚拟蜜网的主动防御架构,构建了基于合适K值的入侵检测应用方法。最后通过实验平台仿真测试进行验证,表明了面向服务架构的虚拟蜜网主动防御系统能够对于进出蜜网的数据进行有效控制、捕获以及攻击数据的检测与分类。
[Abstract]:Service Oriented Architecture (SOA), as the focus of IT industry in recent years, has gradually become the dominant idea affecting the construction of IT systems in China. The rapidly developing Web services technology has the characteristics of platform-independent and standard-neutral in recent years. It has become the preferred technology for building SOA systems today. SOA makes distributed application integration faster and more flexible. However, it also makes the security of application system more difficult to implement. SOA system will not only be attacked by traditional network attack (based on TCP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP / IP. Replay attacks and various DoS attacks. For these attacks, the current defense methods are the traditional firewall and intrusion detection system, as well as the implementation of WS-Security framework based on security standard, including XML signature and XML encryption. Authentication, authorization, etc. These defenses are passive responses to attacks, And the new attack of SOA system can not be detected and prevented. Therefore, this paper studies the active defense technology of virtual Honeynet based on the service oriented architecture. On the basis of the existing Web service security defense against SOA, Combined with active defense technology and traditional security defense technology, the third generation honeynet deployment topology is used as the framework to effectively deploy SOA services and applications, and a virtual Honeynet active defense architecture based on service-oriented architecture is designed and implemented. The research on data control, data capture and attack detection based on virtual Honeynet is carried out. Firstly, the data control components of connection number limitation and data flow control are constructed by combining IPTables firewall and Snort intrusion detection. Based on the analysis of honeypot data capture method and network packet capture technology, the kernel level data capture component based on virtual honey net is established, and the K-means clustering detection algorithm is combined with the kernel data capture module. The clustering method is applied to the active defense architecture of virtual Honeynet, and an intrusion detection application method based on appropriate K value is constructed. It is shown that the virtual Honeynet active defense system based on the service-oriented architecture can effectively control, capture, detect and classify the incoming and outgoing Honeynet data.
【学位授予单位】：沈阳理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】