基于仿真平台的典型动态路由协议攻击技术研究

发布时间：2018-07-04 19:39

  本文选题：网络安全 + 路由协议　； 参考：《北京邮电大学》2014年硕士论文

【摘要】：当前,相关路由协议的安全性已无法满足日益复杂的互联网环境,导致频繁发生针对路由协议的网络攻击,网络安全形势日趋严峻。为了对抗日益增长的各类新型网络攻击,我们迫切需要对各类技术进行调查研究,以便快速掌握最新、最前沿的攻击技术,并及时给出恰当的预防方案来保护通信安全。然而任何类型的网络攻击都伴随一定的破坏度,再加上网络攻击过程的不可控制性以及结果的不可预估性,导致直接在真实环境下进行调查研究将会对现有系统造成不可恢复的破坏,因此亟需一个与真实环境相互隔离,同时具备一定规模又能真实有效的反应攻击结果的实验环境,在此种实验环境下进行安全、有效、’可靠的攻击研究。 这种实验环境已经有较多的先驱工作和成功经验,其中主要包括硬件测试床、模拟器软件及仿真测试床三种,但搭建一套具备一定规模的硬件测试床需要极大的开销,模拟器软件在真实度方面存有较大的缺陷,而仿真测试床是具备真实性又能缓解开销的一种有效的方式,因此仿真平台也在近年来逐渐被各国所接受并迅速普及开来,故而本文将选取仿真测试床作为实验环境,而后在仿真平台上进行典型动态路由协议的攻击技术研究。本文的具体工作如下： 1.借鉴美国犹他大学Emulab测试床的设计理念和系统架构,利用虚拟化技术、仿真技术并结合相关硬件设施(如二层交换机、服务器、串口服务器、无线AP设备等)设计并实现一套能进行路由协议攻击研究的网络仿真实验平台； 2.选取最为流行的域间路由协议BGP和域内路由协议OSPF作为研究目标,为了研究这两种协议在真实路由设备上的具体实现,并观察最真实的攻击效果,本文在一定程度上结合路由模拟软件来模拟实验中所需的路由节点； 3.在仿真平台上开展针对BGP协议的ZMW攻击研究,通过获取相应的攻击参数,对目标链路发动ZMW攻击,研究其造成的影响,并挖掘发生路由震荡链路的特征参数； 4.在仿真平台上开展针对OSPF协议标准在计算路由表时存在的二义性漏洞攻击,通过伪造相应的LSA报文,来达到影响路由表项的目标,并对比了不同的OSPF实施部署。
[Abstract]:At present, the security of related routing protocols can not meet the increasingly complex Internet environment, resulting in frequent network attacks against routing protocols, and the network security situation is becoming increasingly serious. In order to counter the increasing variety of new network attacks, we urgently need to investigate and study all kinds of technologies in order to quickly grasp the latest and most advanced attack techniques, and to provide appropriate prevention schemes to protect communication security. However, any type of network attack is accompanied by a certain degree of destruction, plus the process of the network attack is not controllable and the result is unpredictable. As a result of direct investigation and research in real environment, the existing system will be damaged irrecoverably. Therefore, an experimental environment that is isolated from real environment and has a certain scale and real and effective response to attack results is urgently needed. In this experimental environment, safe, effective and reliable attack research is carried out. This kind of experimental environment has already had more pioneering work and successful experience, including three kinds of hardware test bed, simulator software and simulation test bed, but building a set of hardware test bed with a certain scale requires a great deal of expense. The simulator software has some defects in the aspect of truthfulness, and the simulation test bed is an effective way to reduce the cost of the simulator. Therefore, the simulation platform has been gradually accepted and popularized by many countries in recent years. Therefore, this paper chooses the simulation test bed as the experimental environment, and then studies the attack technology of the typical dynamic routing protocol on the simulation platform. The specific work of this paper is as follows: 1. Based on the design concept and system architecture of Emulab test bed at the University of Utah, using virtualization technology, simulation technology and related hardware facilities (such as layer 2 switch, server, serial port server, etc.), Design and implement a set of network simulation experiment platform which can carry on the research of routing protocol attack. 2. The most popular inter-domain routing protocol (BGP) and intra-domain routing protocol (OSPF) are selected as the research objectives. In order to study the implementation of the two protocols on the real routing devices, and observe the most real attack effect. In this paper, to some extent combined with the routing simulation software to simulate the required routing nodes; 3. The research of ZMW attack based on BGP protocol is carried out on the simulation platform. By obtaining the corresponding attack parameters, we launch ZMW attack on the target link, study its influence, and mine the characteristic parameters of the routing oscillating link. 4. Based on the simulation platform, the ambiguity vulnerability attack of OSPF protocol standard in calculating routing table is carried out, and the target of affecting routing table items is achieved by forging corresponding LSA packets, and different OSPF implementation deployments are compared.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】

中国期刊全文数据库 前5条

1 何炎祥;刘陶;曹强;熊琦;韩奕;;低速率拒绝服务攻击研究综述[J];计算机科学与探索;2008年01期

2 吴志军;岳猛;;低速率拒绝服务LDoS攻击性能的研究[J];通信学报;2008年06期

3 陈海燕,季仲梅,李鸥,胡捍英;OSPF路由协议安全性分析及其攻击检测[J];微计算机信息;2005年05期

4 何炎祥;刘陶;韩奕;熊琦;曹强;;一种针对LDoS攻击的分布式协同检测方法[J];小型微型计算机系统;2009年03期

5 秦董洪;陈智勇;杨家海;;基于Emulab的网络仿真实验平台研究[J];实验室科学;2013年03期

，

本文编号：2097143