网络攻击溯源系统的设计与实现

发布时间：2018-05-14 07:42

本文选题：IP溯源 + 网络攻击　；参考：《北京邮电大学》2017年硕士论文

【摘要】：网络IP地址溯源技术是在网络攻击的进行过程中或在网络攻击结束之后,通过网络安全的相关技术来得到网络攻击来源,分析当前所获得的网络攻击数据包的相关信息,来追踪网络攻击数据包的真实源IP信息,从而构建攻击者到受害者之间的攻击路径的完整网络拓扑结构,定位攻击者物理位置的一种技术。本文提出了一种基于Teredo隧道的IPv4网络和IPv6网络共存的过渡网络环境中对网络攻击流量进行IP地址溯源技术的解决方案。本文采用多哈希BloomFilte算法技术降低了 BloomFilter在存储过程中的冲突率。本文首先通过报文捕获模块将经由路由器之间的网络IP数据包获取到当前系统中,然后报文解析模块提取网络IP数据包的五元组信息,并对Teredo的网络数据报文进行解析处理,采用BloomFilter技术实现将五元组信息数据存储在内存中。当BloomFilter发生冲突时,则将BloomFilter内存数据保存在本地文件,新开辟一段内存区存储新的BloomFilter处理后的数据。当受害者受到了网络攻击时,受害者向相邻的网络攻击溯源系统查询攻击报文是否流经本节点,如果流经本节点,则向上层节点进行查询,直到找到网络攻击者的网络节点,该网络节点将攻击路径信息发送给受害者主机,从而完成IP溯源。
[Abstract]:Network IP address tracing technology is to obtain the source of network attack through the related technology of network security during the process of network attack or after the end of network attack, and analyze the relevant information of the current network attack packet. To trace the real source IP information of the network attack data packet, so as to construct the complete network topology of the attack path between the attacker and the victim, and to locate the physical location of the attacker. This paper presents a solution of IP address traceability for network attack traffic in a transitional network environment in which IPv4 network and IPv6 network coexist based on Teredo tunnel. In this paper, the multi-hash BloomFilte algorithm is used to reduce the collision rate of BloomFilter in stored procedures. In this paper, firstly, the IP packets between routers are captured into the current system by the packet capture module, then the five-tuple information of the IP packets is extracted by the packet parsing module, and the network data packets of Teredo are analyzed and processed. The five-tuple information data is stored in memory by BloomFilter technology. When the BloomFilter conflicts, the BloomFilter memory data is saved in the local file, and a new memory area is opened to store the new BloomFilter processed data. When the victim is attacked by a network, the victim queries the adjacent network attack traceability system to see if the attack message flows through the node, if it flows through the node, it queries the upper node until the network node of the network attacker is found. The network node sends the attack path information to the victim host to complete the IP traceability.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】