面向虚实结合环境的IP溯源系统的设计与实现

发布时间：2018-04-17 03:34

本文选题：网络安全 + 拒绝服务攻击　；参考：《北京邮电大学》2014年硕士论文

【摘要】：目前,互联网的高速发展和成功已经对社会各方面基础服务的运作方式产生了深刻的影响和改变。在当前的社会中,世界已经对互联网有着极大的依赖,互联网也逐渐成为了信息社会中的主要基础设施。因此,互联网的安全性对社会的经济正常运行和发展具有非常关键的作用。然而,由于互联网架构本身所具有的缺陷以及随着云计算的兴起,特别是虚拟网络的出现,导致许多以互联网设施和服务为目标的网络攻击有了可乘之机。在各种攻击当中,拒绝服务攻击是较为常见,且危害较大的一种,这种攻击对互联网安全有着非常大的威胁。本文针对在物理网络和虚拟网络相结合的环境当中对拒绝服务攻击进行溯源这一特定需求,设计和实现了面向虚实结合环境的IP溯源系统,该系统致力于提高在虚实结合网络当中溯源的准确性,适应性,降低溯源成本,提高溯源速度。文章通过对物理网络和虚拟网络相结合下的特点进行分析,并对目前已有的溯源算法的优缺点进行了分析和比较,明确了系统设计的总体和功能需求。根据需求,将系统划分为三个层次,分别是跨虚实结合网络溯源,虚拟域状态溯源以及虚拟域内溯源。跨虚实结合网络溯源被用于完成确定虚实网络间溯源方向,并对虚拟网络和物理网络的溯源结果进行整合。虚拟域状态溯源采用一种域状态算法,对虚拟网络在攻击过程中所处的角色进行判断,为上层溯源模块提供结果参考以节省溯源资源。虚拟域内溯源使用虚拟机状态更新机制对活动虚拟机的状态进行维护,并采用一种包摘要标记混合算法对虚拟域内进行溯源,能够对虚拟网络内部的拓扑进行动态维护和实施高效溯源。三个层次的溯源模块组成整个虚实结合网络环境下的溯源系统,共同完成溯源任务。最后,在实验网络中搭建了攻击环境对系统进行测试,系统的单元功能和整体性溯源能力在测试中获得了验证。
[Abstract]:At present, the rapid development and success of the Internet has had a profound impact and changes on the operation of basic services in all aspects of society.In the current society, the world has been greatly dependent on the Internet, the Internet has gradually become the main infrastructure in the information society.Therefore, the security of the Internet plays a key role in the normal operation and development of social economy.However, due to the defects of the Internet architecture and the emergence of cloud computing, especially the virtual network, many network attacks targeting Internet facilities and services are available.Among all kinds of attacks, denial of service attack is one of the most common and harmful attacks, which pose a great threat to Internet security.Aiming at the specific requirement of traceability of denial-of-service attack in the environment of physical network and virtual network, this paper designs and implements IP traceability system for virtual reality environment.The system aims to improve the accuracy and adaptability of traceability, reduce traceability cost and improve traceability speed.This paper analyzes the characteristics of the combination of physical network and virtual network, analyzes and compares the advantages and disadvantages of the existing traceability algorithms, and clarifies the overall and functional requirements of the system design.According to the requirements, the system is divided into three levels, namely, cross-virtual network traceability, virtual domain state traceability and virtual domain traceability.Cross-virtual network traceability is used to determine the traceability direction between virtual network and physical network, and the traceability results of virtual network and physical network are integrated.Virtual domain state tracing uses a domain state algorithm to judge the role of virtual network in the process of attack and to provide a result reference for the upper traceability module to save traceability resources.Virtual domain traceability uses virtual machine state update mechanism to maintain the state of active virtual machine, and uses a packet digest tag hybrid algorithm to trace the source of virtual domain.It can dynamically maintain and implement efficient traceability to the internal topology of virtual network.The three levels of traceability module constitute the whole traceability system under the network environment, and complete the traceability task together.Finally, the attack environment is built in the experimental network to test the system. The unit function and the integrity traceability of the system are verified in the test.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP311.52;TP393.08

【参考文献】