警用专网中的DoS攻击检测技术研究

发布时间：2018-11-18 17:34

【摘要】：近年来,网络安全问题得到了很多科研院所的关注,公网方面的安全问题已经逐渐得到重视及改善,但集群专网领域的网络安全问题并没有得到充分的重视。警用专网是应对突发状况、保证人民生命财产安全的重要通信方式,安全问题应该被视为重中之重来考虑,拒绝服务(Denial of Service,Do S)攻击一直是给集群专网带来严重危害的威胁之一。组播技术由于其高效的群组呼叫特点,在警用专网中得到了广泛应用,但组播传输的安全问题一直限制着集群通信的发展和应用。专网领域的Do S攻击主要是利用网络协议及应用模式的固有缺陷发起的,由于网络协议无法做到绝对完善,因此这种攻击方式将会随着互联网技术的发展而继续存在。本文针对在警用专网的组播场景中最为常见的几种Do S攻击方式开展研究。首先分析了攻击的原理及特点,通过对发生不同类型DoS攻击时的网络流动作的特点分析总结,建立了系统活跃熵状态模型(Dynamic Entropy Model,DEM)。最后以实际的网络连接过程为例计算了在不同状况下,网络连接过程的活跃熵变化。随后,结合建立的系统活跃熵状态模型,本文又建立了基于活跃熵的拒绝服务攻击监测算法。通过对警用专网中最常见的几种Do S攻击的深入分析可知,不同的攻击类型在网络流层面具有不同的动作特点,这些不同的动作特点将会引起系统活跃熵的变化,因此根据活跃熵的变化情况可以大致判断出网络数据是否是恶意行为。仿真结果表明,该机制能够对网络中的活跃熵进行实时检测,并区分恶意的网络攻击行为。最后,本文提出了一种基于DEM的安全防护机制,通过对系统活跃熵的计算,安全机制能够很好地识别异常网络行为,并通过禁止其数据通道的方式终止攻击者对网络造成的持续伤害。
[Abstract]:In recent years, many scientific research institutes have paid close attention to the problem of network security, and the security problem of public network has been gradually paid attention to and improved, but the network security problem in the field of cluster private network has not been paid enough attention to. Police special network is an important communication way to deal with unexpected situation and ensure the safety of people's life and property. The security problem should be considered as the top priority and refuse to serve (Denial of Service,. Do S) attack is one of the threats to the cluster network. Multicast technology has been widely used in police private networks because of its high efficiency of group call. However, the security of multicast transmission has been restricting the development and application of trunked communication. The Do S attacks in the area of private networks are mainly initiated by the inherent defects of the network protocols and application modes. Because the network protocols cannot be absolutely perfect, this attack will continue to exist with the development of Internet technology. In this paper, the most common Do S attack methods in police network multicast scenarios are studied. Firstly, the principle and characteristics of the attack are analyzed, and the active entropy state model (Dynamic Entropy Model,DEM) of the system is established by analyzing and summarizing the characteristics of the network flow action when different types of DoS attacks occur. Finally, the active entropy changes of the network connection process under different conditions are calculated by taking the actual network connection process as an example. Then, combined with the system active entropy state model, an active entropy based denial-of-service attack monitoring algorithm is proposed in this paper. Through the in-depth analysis of the most common Do S attacks in the special police network, it can be seen that different types of attacks have different action characteristics at the network flow level, and these different action characteristics will cause the change of the active entropy of the system. Therefore, according to the change of active entropy, we can roughly determine whether the network data is malicious. Simulation results show that the mechanism can detect the active entropy in the network in real time and distinguish the malicious network attack behavior. Finally, this paper proposes a security protection mechanism based on DEM. By calculating the active entropy of the system, the security mechanism can identify the abnormal network behavior well. And by banning its data channels, the continued damage caused by the attacker to the network is terminated.
【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】