基于可信路由器的OSPF攻击和异常检测系统
发布时间:2018-12-15 11:40
【摘要】:在路由器的可信和安全越来越受到重视的环境下,为了保证路由器和OSPF路由协议能够安全、可信、稳定的提供服务,本文提出了一种基于可信路由器的OSPF攻击和异常检测系统,具体研究工作如下: 首先,对可信网络、动态完整性度量和OSPF协议安全性的研究进行了综述,并介绍了当前主流的完整性度量方法和OSPF协议中防止攻击和异常的方法,给出了各类方法的优缺点分析。在学习前人的研究后,结合课题背景,提出了基于可信路由器的OSPF攻击和异常检测系统。 其次,本文提出了一个基于DIMA模型的可信路由器动态完整性度量模型。该模型利用路由器上的TPM模块将可信链传递到整个路由器系统和本文提出的各功能模块,保证了路由器自身的可信,并且在运行过程中提供动态度量。 然后,本文提出了OSPF攻击检测和异常监控模块。攻击检测模块通过较少的存储开销来存储可疑的攻击报文,并结合攻击检测流程判断路由器是否遭受攻击,以此大大降低了采用数字签名来保证协议报文完整性所需的计算开销,并解决了数字签名方式无法将age字段纳入签名的不足和其他方法在实时性上的不足。异常监控模块可以在监控到协议内部出现异常情况时(如异常状态转换),在日志中进行记录并向动态完整性度量模块发起度量申请,进行路由器动态完整性度量,来检测路由器是否遭到恶意篡改。 最后,本文借助XORP开源软件路由器系统,对本文提出的各个模块进行了实现和实验。经过实验验证,本文提出的攻击检测模块可以在占用极低计算开销的情况下拦截持续的攻击;异常监控模块可以有效的监控到OSPF内部发生的异常状态转换和异常泛洪行为,,并在日志中做出记录和发出警告。
[Abstract]:In order to ensure that the router and OSPF routing protocol can provide services safely, reliably and stably, a OSPF attack and anomaly detection system based on trusted router is proposed in this paper. The specific research work is as follows: firstly, the research on trusted network, dynamic integrity metric and OSPF protocol security is reviewed, and the current mainstream integrity measurement methods and the methods to prevent attacks and exceptions in OSPF protocol are introduced. The advantages and disadvantages of various methods are analyzed. After studying the previous research and combining with the background of the project, a OSPF attack and anomaly detection system based on trusted router is proposed. Secondly, this paper presents a dynamic integrity measurement model of trusted routers based on DIMA model. The model uses the TPM module on the router to transfer the trusted chain to the whole router system and the function modules proposed in this paper, which ensures the router's own trustworthiness and provides the dynamic measurement in the running process. Then, this paper proposes OSPF attack detection and exception monitoring module. The attack detection module stores suspicious attack packets through less storage overhead, and combines the attack detection process to determine whether the router is attacked or not. In this way, the computational cost of using digital signature to ensure the integrity of protocol packets is greatly reduced, and the deficiency of digital signature which can not incorporate age field into signature and the deficiency of other methods in real-time performance are solved. The exception monitoring module can record the abnormal condition inside the protocol (such as abnormal state transition), record it in the log and apply to the dynamic integrity measurement module to measure the dynamic integrity of the router. To detect malicious tampering with the router. Finally, with the help of XORP open source software router system, the modules proposed in this paper are implemented and experimented. After experimental verification, the attack detection module proposed in this paper can intercept the continuous attack in the case of very low computational overhead. Exception monitoring module can effectively monitor the abnormal state transition and abnormal flood behavior in OSPF, and record and issue warnings in the log.
【学位授予单位】:北京工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2380574
[Abstract]:In order to ensure that the router and OSPF routing protocol can provide services safely, reliably and stably, a OSPF attack and anomaly detection system based on trusted router is proposed in this paper. The specific research work is as follows: firstly, the research on trusted network, dynamic integrity metric and OSPF protocol security is reviewed, and the current mainstream integrity measurement methods and the methods to prevent attacks and exceptions in OSPF protocol are introduced. The advantages and disadvantages of various methods are analyzed. After studying the previous research and combining with the background of the project, a OSPF attack and anomaly detection system based on trusted router is proposed. Secondly, this paper presents a dynamic integrity measurement model of trusted routers based on DIMA model. The model uses the TPM module on the router to transfer the trusted chain to the whole router system and the function modules proposed in this paper, which ensures the router's own trustworthiness and provides the dynamic measurement in the running process. Then, this paper proposes OSPF attack detection and exception monitoring module. The attack detection module stores suspicious attack packets through less storage overhead, and combines the attack detection process to determine whether the router is attacked or not. In this way, the computational cost of using digital signature to ensure the integrity of protocol packets is greatly reduced, and the deficiency of digital signature which can not incorporate age field into signature and the deficiency of other methods in real-time performance are solved. The exception monitoring module can record the abnormal condition inside the protocol (such as abnormal state transition), record it in the log and apply to the dynamic integrity measurement module to measure the dynamic integrity of the router. To detect malicious tampering with the router. Finally, with the help of XORP open source software router system, the modules proposed in this paper are implemented and experimented. After experimental verification, the attack detection module proposed in this paper can intercept the continuous attack in the case of very low computational overhead. Exception monitoring module can effectively monitor the abnormal state transition and abnormal flood behavior in OSPF, and record and issue warnings in the log.
【学位授予单位】:北京工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前2条
1 刘毅;毛军捷;;一种可信计算平台及信任链传递验证方法[J];信息安全与通信保密;2012年02期
2 高丽;秦晰;常朝稳;陈新;;基于嵌入式可信系统的可容忍非信任组件的计算平台[J];武汉大学学报(信息科学版);2010年05期
本文编号:2380574
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2380574.html
