基于OPNET的TCP-SYN泛洪攻击设计与仿真
发布时间:2018-12-15 19:04
【摘要】:今天,大多数重要的工作和关键性的服务都依赖于互联网,没有互联网它们将很难正常运转,所以任何网络运行的中断将会带来非常的不便。考虑到互联网最初是针对开放性和可扩展性而设计,并没有太多的考虑到安全性,很显然的,恶意用户可以利用互联网的设计缺陷,破坏大部分服务的运行。在多种网络攻击类型中,拒绝服务(DoS)攻击是当前互联网服务的主要安全威胁,造成大规模的收入损失。分布式拒绝服务(DDoS)攻击是一种大规模合作的DoS攻击,通常由大量被侵占的主机发起。DDoS攻击给世界各地的商业和互联网服务提供商带来日益增长的威胁。TCP-SYN(SYN标志被置位的TCP报文)泛洪攻击是DDoS攻击中最普遍的方式,它影响运行TCP服务进程(三次握手机制建立TCP连接)的主机,现在,尽管它算是比较原始的攻击手段,但仍能看到很多攻击是由它演变过来的,所以TCP-SYN泛洪攻击仍然具有它的研究价值和意义。 本文从DDoS攻击体系入手,分析了攻击者的动机,以及他们攻击的实施过程,包括僵尸网络、直接攻击与反射攻击及常用DDoS攻击工具。随后从协议的角度对DDoS攻击进行分类,并就目前采取的防范措施做了简要的介绍。接着,分析并研究了TCP-SYN泛洪攻击原理和其常见攻击类型,在OPNET仿真环境下对TCP-SYN泛洪攻击进行建模仿真。最后,对得出的仿真结果进行分析,研究了TCP-SYN泛洪攻击的危害程度,验证了所建立的TCP-SYN泛洪攻击模型的正确性。
[Abstract]:Today, most important work and critical services depend on the Internet. Without the Internet, it will be difficult to operate normally, so any interruption of network operation will be very inconvenient. Considering that the Internet was originally designed for openness and extensibility, and not too much security considerations, it is obvious that malicious users can take advantage of the design defects of the Internet to destroy most services. In many types of network attacks, denial of service (DoS) attacks are the main security threats to Internet services, resulting in a large loss of revenue. Distributed denial-of-service (DDoS) attack is a large-scale cooperative DoS attack. DDoS attacks are a growing threat to commercial and Internet service providers around the world. The TCP-SYN (SYN flagged TCP message) flooding attack is the most common form of DDoS attacks. It affects the host running the TCP service process (three handshakes to establish a TCP connection), and now, although it's a relatively primitive attack, you can still see that many attacks evolved from it. So TCP-SYN flooding attack still has its research value and significance. Starting with the DDoS attack system, this paper analyzes the motivation of the attackers and the implementation process of their attacks, including botnet, direct attack and reflection attack and common DDoS attack tools. Then the DDoS attacks are classified from the point of view of protocol, and the current preventive measures are briefly introduced. Then, the principle of TCP-SYN flooding attack and its common attack types are analyzed and studied, and the TCP-SYN flooding attack is modeled and simulated under the OPNET simulation environment. Finally, the simulation results are analyzed, and the harm degree of TCP-SYN flooding attack is studied, and the correctness of the established TCP-SYN flooding attack model is verified.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2381142
[Abstract]:Today, most important work and critical services depend on the Internet. Without the Internet, it will be difficult to operate normally, so any interruption of network operation will be very inconvenient. Considering that the Internet was originally designed for openness and extensibility, and not too much security considerations, it is obvious that malicious users can take advantage of the design defects of the Internet to destroy most services. In many types of network attacks, denial of service (DoS) attacks are the main security threats to Internet services, resulting in a large loss of revenue. Distributed denial-of-service (DDoS) attack is a large-scale cooperative DoS attack. DDoS attacks are a growing threat to commercial and Internet service providers around the world. The TCP-SYN (SYN flagged TCP message) flooding attack is the most common form of DDoS attacks. It affects the host running the TCP service process (three handshakes to establish a TCP connection), and now, although it's a relatively primitive attack, you can still see that many attacks evolved from it. So TCP-SYN flooding attack still has its research value and significance. Starting with the DDoS attack system, this paper analyzes the motivation of the attackers and the implementation process of their attacks, including botnet, direct attack and reflection attack and common DDoS attack tools. Then the DDoS attacks are classified from the point of view of protocol, and the current preventive measures are briefly introduced. Then, the principle of TCP-SYN flooding attack and its common attack types are analyzed and studied, and the TCP-SYN flooding attack is modeled and simulated under the OPNET simulation environment. Finally, the simulation results are analyzed, and the harm degree of TCP-SYN flooding attack is studied, and the correctness of the established TCP-SYN flooding attack model is verified.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前7条
1 唐洪英;付国瑜;;IP源地址伪造问题研究[J];重庆工学院学报;2006年11期
2 孙长华;刘斌;;分布式拒绝服务攻击研究新进展综述[J];电子学报;2009年07期
3 陈浩;张俊瑞;;SYN-Flood攻击的建模与仿真[J];舰船电子对抗;2011年02期
4 杜晓敏;单来祥;;分布式拒绝服务攻击及防御方法[J];计算机教育;2004年04期
5 蒋凌云;王汝传;;基于流量自相似模型的SYN-Flood DDoS攻击防范[J];南京邮电大学学报(自然科学版);2007年02期
6 陈竹;;内联网如何防范分布式拒绝服务攻击[J];华南金融电脑;2009年09期
7 张明清;谢杰;张敏;张星磊;;基于OPNET的拒绝服务攻击建模与仿真[J];系统仿真学报;2008年10期
,本文编号:2381142
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2381142.html
