面向IPv6网络安全评估技术研究和系统实现

发布时间：2018-05-19 16:30

  本文选题：IPv6攻击图 + 渗透测试　； 参考：《北京邮电大学》2014年硕士论文

【摘要】：随着互联网信息技术的发展,越来越多的用户加入了互联网,使得原本紧缺的IPv4地址变得更加匮乏。因此,目前大面积的部署IPv6网络用以解决IPv4地址匮乏的趋势越来越明显。然而,基于IPv6网络的安全技术研究却跟不上时代的步伐,而传统IPv4网络的安全评估技术也无法复制运用在IPv6网络上。为此,对IPv6网络安全问题研究、IPv6网络的安全评估技术研究成了一个更新的话题。经调研发现,日本、欧洲、美国早在90年代初期就已经对IPv6网络安全进行研究。同时,我国作为互联网发展的大国,也在不断对IPv6网络发展进行跟进,譬如已经把高校网络建立成IPv6网络,作为研究和实验的基地。 本文以高校IPv6网络为依托,研究了面向IPv6网络的安全评估技术,主要包括对IPv6网络渗透测试方法的研究,解决IPv6主机发现问题和渗透测试步骤的方案设计；对IPv6网络特有攻击方式的研究,了解了IPv6网络存在的特有脆弱点问题；对IPv6网络攻击图的研究,解决了IPv6网络下攻击图自动化生成的问题；对IPv6网络风险评估方法的研究,解决IPv6网络评估和风险值计算的问题；以及面向IPv6网络的安全态势分析,对IPv6机构层面、地域层面、业务系统层面以及威胁弱点层面的进行多层次安全态势展示。 在实践中,本文为了对所研究的安全评估技术进行实验验证,开发了面向IPv6网络安全评估系统,有助于在实战中对IPv6网络下的系统进行安全评估。系统包含了渗透测试模块、弱点知识库模块、攻击图生成模块、评估结果导出模块以及安全态势分析模块。本文基于校园网络搭建的模拟评估实验环境,演示了在IPv6网络下,对IPv6网络下被评估主机进行扫描发现、渗透测试和弱点验证,完成后将安全评估技术文档上传至系统实现自动化解析,之后存储到IPv6弱点知识库中的过程。最后,利用系统演示了如何进行攻击图的自动化生成和最终安全评估结果的导出,以及基于评估的结果对IPv6网络下的弱点情况实现安全态势展示。
[Abstract]:With the development of Internet information technology, more and more users join the Internet, which makes the scarce IPv4 address more scarce. Therefore, the trend of large area deployment of IPv6 network to solve the shortage of IPv4 addresses is becoming more and more obvious. However, the research of security technology based on IPv6 network can not keep up with the pace of the times, and the traditional security evaluation technology of IPv4 network can not be duplicated and applied to IPv6 network. Therefore, the research on the security evaluation technology of IPv6 network has become a new topic. After investigation, Japan, Europe, the United States as early as the early 90's on IPv6 network security has been studied. At the same time, as a big country of Internet development, our country is constantly following up the development of IPv6 network. For example, the university network has been established as a IPv6 network, as a research and experimental base. Based on the IPv6 network in colleges and universities, this paper studies the security evaluation technology for IPv6 network, including the research of the IPv6 network penetration test method, the solution to the problem of IPv6 host computer discovery and the scheme design of the penetration test steps. In this paper, we study the unique attack mode of IPv6 network, understand the unique vulnerability of IPv6 network, solve the problem of automatic generation of attack graph in IPv6 network by studying the attack graph of IPv6 network, and study the risk assessment method of IPv6 network. To solve the problems of IPv6 network evaluation and risk calculation, and the security situation analysis for IPv6 network, the multi-level security situation display of IPv6 organization level, regional level, business system level and threat vulnerability level is carried out. In practice, in order to verify the security assessment technology, a security evaluation system for IPv6 network is developed, which is helpful to evaluate the security of the system under IPv6 network in actual combat. The system includes penetration test module, vulnerability knowledge base module, attack graph generation module, evaluation result export module and security situation analysis module. Based on the simulation and evaluation experimental environment of campus network, this paper demonstrates how to scan and discover, penetrate and verify the vulnerability of the evaluated host in IPv6 network under IPv6 network. The process of uploading the technical documents of security evaluation to the system for automatic parsing and storing them in the IPv6 vulnerability knowledge base is completed. Finally, the system is used to demonstrate how to automatically generate the attack graph and derive the final security evaluation results, and realize the security situation display based on the evaluation results to the weakness situation under the IPv6 network.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP393.04

【参考文献】

相关期刊论文 前7条

1 肖道举,杨素娟,周开锋,陈晓苏;网络安全评估模型研究[J];华中科技大学学报(自然科学版);2002年04期

2 卢继军,黄刘生,吴树峰;基于攻击树的网络攻击建模方法[J];计算机工程与应用;2003年27期

3 肖刚;信息技术安全评价标准的现状和发展[J];计算机工程;2001年07期

4 孙亮;李东;张涛;;网络攻击图的自动生成[J];计算机应用研究;2006年03期

5 王永杰;鲜明;刘进;王国玉;;基于攻击图模型的网络安全评估研究[J];通信学报;2007年03期

6 陈秀真,郑庆华,管晓宏,林晨光;网络化系统安全态势评估的研究[J];西安交通大学学报;2004年04期

7 吴龙生;IPv6及其相关技术[J];现代通信;2003年04期

，

本文编号：1910814