基于内容的网络行为分析
发布时间:2018-11-24 19:30
【摘要】:现代社会,人们的日常生活越来越离不开网络,因特网是我们学习、生活、工作的一部分,它甚至改变了人们的日常生活习惯和生活特性。然而,互联网的发展给人们带来极大便利的同时,它也为病毒、木马、网络攻击等影响网络安全的行为提供了途径,因此如何净化网络环境,保护用户的信息安全成为当务之急。 以前网络安全的研究内容主要是研究怎样保证信息的机密性,而现在网络安全的研究已经发展到了系统服务的安全,比如我们常见的网络安全系统,包括应用防火墙、入侵检测系统、防病毒系统等。这些系统大多数都是应用传统的方法,只对数据包的包头进行分析,可是很多攻击行为都隐藏在数据包的内容之中,鉴于此,本文采用基于内容的网络行为分析方法来完善传统的分析方法。 本文以网络数据包为主要研究对象,通过内容特征分析网络数据包所表现出的网络访问行为。主要研究内容包括四个方面,分别是网络数据包捕获技术的研究,基于内容的异常行为的研究,设计并构建网络行为特征库和网络行为高效匹配的研究。 论文的最后进行了本系统设计方案的测试,实践结果表明,这种基于数据包内容的分析方法能够较为准确地判断数据包是否有异常行为,这对于探测网络漏洞、常见攻击及研究防范措施等都具有十分重要的意义。
[Abstract]:In modern society, people's daily life is more and more inseparable from the network. The Internet is a part of our study, life and work. It even changes people's daily life habits and characteristics. However, the development of the Internet brings great convenience to people, at the same time, it also provides a way for virus, Trojan horse, network attack and so on to affect the network security, so how to purify the network environment, It is urgent to protect the information security of users. In the past, the research on network security mainly focused on how to ensure the confidentiality of information, but now the research on network security has developed to the security of system services, such as our common network security systems, including application firewalls. Intrusion detection system, antivirus system, etc. Most of these systems are based on traditional methods, only analyzing the packet headers, but many attacks are hidden in the contents of the packets. This paper uses the content-based network behavior analysis method to perfect the traditional analysis method. In this paper, the main research object is network data packets, and the network access behavior of network data packets is analyzed by content characteristics. The main research contents include four aspects: the research of network packet capture technology, the research of content-based abnormal behavior, the design and construction of network behavior signature library and the research of efficient matching of network behavior. At the end of the paper, the test of the system design scheme is carried out. The practical results show that the method based on data packet content analysis can accurately judge whether the packet has abnormal behavior, which can detect the network vulnerability. Common attacks and research on preventive measures are of great significance.
【学位授予单位】:北方工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2354771
[Abstract]:In modern society, people's daily life is more and more inseparable from the network. The Internet is a part of our study, life and work. It even changes people's daily life habits and characteristics. However, the development of the Internet brings great convenience to people, at the same time, it also provides a way for virus, Trojan horse, network attack and so on to affect the network security, so how to purify the network environment, It is urgent to protect the information security of users. In the past, the research on network security mainly focused on how to ensure the confidentiality of information, but now the research on network security has developed to the security of system services, such as our common network security systems, including application firewalls. Intrusion detection system, antivirus system, etc. Most of these systems are based on traditional methods, only analyzing the packet headers, but many attacks are hidden in the contents of the packets. This paper uses the content-based network behavior analysis method to perfect the traditional analysis method. In this paper, the main research object is network data packets, and the network access behavior of network data packets is analyzed by content characteristics. The main research contents include four aspects: the research of network packet capture technology, the research of content-based abnormal behavior, the design and construction of network behavior signature library and the research of efficient matching of network behavior. At the end of the paper, the test of the system design scheme is carried out. The practical results show that the method based on data packet content analysis can accurately judge whether the packet has abnormal behavior, which can detect the network vulnerability. Common attacks and research on preventive measures are of great significance.
【学位授予单位】:北方工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 张婷婷;赵京胜;;一种基于神经网络的入侵检测系统研究[J];计算机安全;2010年08期
2 李晶皎;陈勇;许哲万;陆振林;;入侵检测中字符匹配系统的FPGA实现[J];东北大学学报(自然科学版);2013年03期
3 宗常进;毕军涛;董军宇;;基于离散小波变换的信号分解算法研究[J];计算机工程与应用;2009年08期
4 王伟平;李昌;段桂华;;基于正则表示的SQL注入过滤模块设计[J];计算机工程;2011年05期
5 王建国;郑家恒;;BM串匹配算法的一个改进算法[J];计算机工程与科学;2007年05期
6 曾小荟;冷明;刘冬生;李平;金士尧;;一个新的SYN Flood攻击防御模型的研究[J];计算机工程与科学;2011年04期
7 李雪梅,代六玲,童新海,李莉;一种串匹配的快速Boyer-Moore算法[J];计算机应用研究;2005年09期
8 张红梅;范明钰;;模式匹配BM算法改进[J];计算机应用研究;2009年09期
9 潘文婵;章韵;;Wireshark在TCP/IP网络协议教学中的应用[J];计算机教育;2010年06期
10 伊静,刘培玉;入侵检测中模式匹配算法的研究[J];计算机应用与软件;2005年01期
,本文编号:2354771
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2354771.html
