恶意代码捕获技术研究

发布时间：2018-05-06 16:12

本文选题：网络安全 + 恶意代码　；参考：《北京邮电大学》2014年硕士论文

【摘要】：在互联网技术出现之后,社会的发展逐渐步入了网络时代,网络的普及促进了信息的传播,加快了社会发展的步伐。随着互联网技术的繁荣发展,网络用户数量激增,各类互联网技术的应用给人们的生活带来了诸多便利。与此同时,互联网的安全问题也暴露出来,恶意代码的威胁尤为突出。本文主要针对基于蜜罐技术的恶意代码捕获技术进行了研究。首先,介绍了蜜罐技术的概况,并且按照蜜罐捕获恶意代码的手段方式的不同以及蜜罐与网络攻击进行交互的程度不同,将蜜罐分为了高交互蜜罐与低交互蜜罐,并对典型的蜜罐进行了详细分析,研究了典型蜜罐的技术原理、工作流程以及蜜罐结构本文尝试提出了一种基于高交互、低交互两类蜜罐相结合的恶意代码捕获方案。通过对高交互蜜罐技术和低交互蜜罐技术的优势与不足进行分析对比,对当前主流恶意代码的传播方式进行研究和分析,提出了一种将高交互蜜罐与低交互蜜罐相结合、蜜罐集群部署、分布式部署的恶意代码捕获方案。该方案分别分析了基于低交互蜜罐和基于高交互蜜罐的两种恶意代码捕获方案。针对基于高交互蜜罐的恶意代码捕获方案,扩展了利用爬虫技术的具有主动性的恶意代码捕获技术。最后,本文设计并实现了一套基于蜜罐技术的恶意代码捕获系统,对该系统的系统框架设计以及主要模块的功能进行了阐述。系统被分别部署在局域网与校园网中进行了系统测试实验,针对实验数据进行了分析,对整体方案以及系统设计进行了分析和总结。
[Abstract]:After the emergence of Internet technology, the development of society has gradually stepped into the network era. The popularization of the network promotes the dissemination of information and speeds up the pace of social development. With the development of Internet technology, the number of Internet users has increased rapidly, and the application of various Internet technologies has brought a lot of convenience to people's life. At the same time, the security of the Internet also exposed, the threat of malicious code is particularly prominent. This paper mainly focuses on the malicious code capture technology based on honeypot technology. Firstly, the general situation of honeypot technology is introduced, and according to the different ways of honeypot capturing malicious code and the degree of interaction between honeypot and network attack, honeypot is divided into high interactive honeypot and low interactive honeypot. The typical honeypot is analyzed in detail, and the technical principle, workflow and honeypot structure of the typical honeypot are studied. This paper attempts to propose a malicious code capture scheme based on high interaction and low interaction honeypot. By analyzing and comparing the advantages and disadvantages of high interactive honeypot technology and low interactive honeypot technology, this paper studies and analyzes the communication mode of current mainstream malicious code, and proposes a combination of high interactive honeypot and low interactive honeypot. Honeypot cluster deployment, distributed deployment of malicious code capture scheme. Two kinds of malicious code capture schemes based on low interactive honeypot and high interactive honeypot are analyzed respectively. Aiming at the malicious code capture scheme based on high interactive honeypot, the active malicious code capture technology based on crawler technology is extended. Finally, this paper designs and implements a malicious code acquisition system based on honeypot technology, and describes the system framework design and the functions of the main modules. The system is deployed in the LAN and the campus network to carry out the system test experiment, the experimental data are analyzed, the overall scheme and the system design are analyzed and summarized.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】