物理隔离网络下分布式无线入侵检测系统的研究
发布时间:2018-10-31 10:41
【摘要】:当前,物理隔离技术已成为网络安全保密体系中不可或缺的重要手段。然而美国国防部提出的“离线攻击”技术,让与互联网物理隔离的局域网系统不再高枕无忧。稳定安全的物理隔离网络入侵检测系统是保密工作者迫切需要的,对于网络安全保密体系也具有重要的理论与实际意义。 本文通过分析入侵检测等已有的网络防护技术的不足以及对新型“离线攻击”手段进行了分析和研究,提出了通过对关键主机节点及周边通信链路数据包流量、无线电频谱等数据的监测,,建立一种新型的分布式无线入侵检测系统。首先,本文引入无线电多频点监测干扰网络,将其部署在物理隔离网络外围,起到外层监测以及后期干扰作用。其次,引入关键节点概念,文中设计方案中对物理隔离网络中各节点量化后按照重要性采取不同的策略,提出新的监测算法策略,对攻击行为进行等级划分,计算出潜在损失值,而本方案将监测重点放在关键节点上,能够在收集到更有针对性数据的同时降低自身能耗。最后,论文将通过仿真技术验证双层网络中基于关键节点监测的分布式入侵检测方案具有更高的检测正确率,很好地实现了对网络攻击监测的功能。
[Abstract]:At present, physical isolation technology has become an indispensable and important means in network security and security system. However, the "offline attack" technology proposed by the US Department of Defense makes the LAN system physically isolated from the Internet no longer rest easy. The stable and secure physical isolation network intrusion detection system is urgently needed by the security workers, and also has important theoretical and practical significance for the network security system. By analyzing the shortcomings of the existing network protection technology, such as intrusion detection, and analyzing and researching the new "off-line attack" method, this paper puts forward that the packet traffic of the key host node and its surrounding communication link is analyzed and studied. A new distributed wireless intrusion detection system is established by monitoring radio spectrum and other data. Firstly, the radio multi-frequency monitoring jamming network is introduced and deployed on the periphery of the physical isolation network, which plays the role of outer monitoring and late interference. Secondly, the concept of key nodes is introduced. After quantization of each node in the physical isolation network, different strategies are adopted in the design scheme, and a new strategy of monitoring algorithm is put forward to classify the attack behavior. The potential loss value is calculated, and the monitoring is focused on the key nodes, which can reduce the energy consumption while collecting more targeted data. Finally, the paper verifies that the distributed intrusion detection scheme based on critical node monitoring in double-layer network has higher detection accuracy, and realizes the function of network attack monitoring.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2301872
[Abstract]:At present, physical isolation technology has become an indispensable and important means in network security and security system. However, the "offline attack" technology proposed by the US Department of Defense makes the LAN system physically isolated from the Internet no longer rest easy. The stable and secure physical isolation network intrusion detection system is urgently needed by the security workers, and also has important theoretical and practical significance for the network security system. By analyzing the shortcomings of the existing network protection technology, such as intrusion detection, and analyzing and researching the new "off-line attack" method, this paper puts forward that the packet traffic of the key host node and its surrounding communication link is analyzed and studied. A new distributed wireless intrusion detection system is established by monitoring radio spectrum and other data. Firstly, the radio multi-frequency monitoring jamming network is introduced and deployed on the periphery of the physical isolation network, which plays the role of outer monitoring and late interference. Secondly, the concept of key nodes is introduced. After quantization of each node in the physical isolation network, different strategies are adopted in the design scheme, and a new strategy of monitoring algorithm is put forward to classify the attack behavior. The potential loss value is calculated, and the monitoring is focused on the key nodes, which can reduce the energy consumption while collecting more targeted data. Finally, the paper verifies that the distributed intrusion detection scheme based on critical node monitoring in double-layer network has higher detection accuracy, and realizes the function of network attack monitoring.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 李慧芬;;网络入侵检测技术浅析[J];电脑知识与技术;2011年04期
2 胡静;;基于OPNET的无线传感器网络仿真[J];电气电子教学学报;2006年06期
3 禹晓庆;网络物理隔离安全防御技术[J];中国电子出版;2000年06期
4 张伟伟;王俊;秦琳琳;吴刚;;基于NS2的无线传感器网络仿真平台设计[J];电子技术;2009年10期
5 张金存;乔欣;;试论“计算机中心战”[J];国防科技;2013年03期
6 薛楠;周贤伟;辛晓瑜;李丹;杨桢;;一种解决认知无线电网络模仿主用户攻击问题的方案[J];计算机科学;2009年08期
7 胡华平,陈海涛,黄辰林,唐勇;入侵检测系统研究现状及发展趋势[J];计算机工程与科学;2001年02期
8 毛剑琳;吴智铭;;无线传感器网络仿真系统的设计与实现[J];计算机仿真;2006年06期
9 刘发龙;;计算机网络入侵检测技术概述[J];科技广场;2010年06期
10 陈佩剑;杨岳湘;唐川;;基于信任度量机制的分布式入侵检测系统[J];山东大学学报(理学版);2011年09期
相关博士学位论文 前2条
1 白媛;分布式网络入侵检测防御关键技术的研究[D];北京邮电大学;2010年
2 余修武;矿井安全智能监测无线传感器网络关键技术研究[D];武汉理工大学;2013年
本文编号:2301872
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2301872.html
