网络攻击重放技术研究
发布时间:2019-03-16 18:22
【摘要】:网络攻击一直是影响网络安全性的最主要原因之一,网络攻击时时刻刻都在发生着,尤其针对商业,工业,国家的政治,军事等部门以及高价值个人等,其造成的危害不容忽视。很多网络攻击具有极其重要的价值,人们在看到其威胁的同时也应该看到其潜在的用途。这些网络攻击如果可以被再次利用,则将会对渗透测试以及国家级的网络对抗等方面提供巨大的帮助。故本文的主要工作集中于网络攻击的再次利用,即网络攻击重放技术的研究。 本文首先介绍了网络攻击的种类,分析了各种类型网络攻击的特点,并针对其中两大主要类型:恶意代码攻击和漏洞攻击,提出了重放的思路和方法。 之后,本文分析了目前已有工具在网络重放分析时存在的低效问题,确定了影响攻击重放效率的关键因素,并在此基础上设计并实现了名为ADef网络攻击过程快速分析工具。ADef具有主机入侵防御系统(HIPS)的进程,文件,注册表以及网络的记录与监控等基本功能,同时在内核层面实现了针对全系统的攻击载荷静态与动态的自动化替换功能。 最后,本文选取了一系列典型的网络攻击样本,通过对这些样本的重放验证了攻击重放基本方法的正确性和针对全系统的攻击载荷自动替换功能的实用性,同时也验证了ADef系统在攻击重放过程中的高效性和此系统在理论研究和工程实践中的重要参考价值。
[Abstract]:Cyber attacks have always been one of the most important factors affecting network security, and cyber attacks are taking place all the time, especially against commercial, industrial, political, military and other sectors of the country, as well as high-value individuals, and so on. The harm caused by it should not be ignored. Many cyber attacks are of great value, and people should see their potential uses as well as their threats. If these attacks can be re-exploited, they will be of great help to penetration testing and national-level cyber warfare. Therefore, the main work of this paper focuses on the reuse of network attack, that is, the research of network attack replay technology. In this paper, the types of network attacks are introduced, the characteristics of various types of network attacks are analyzed, and two main types of network attacks, malicious code attack and vulnerability attack, are put forward, and the ideas and methods of replay are put forward. After that, this paper analyzes the inefficiency of existing tools in network replay analysis, and determines the key factors that affect the replay efficiency of attack. ADef has the basic functions of the host intrusion prevention system (HIPS), such as process, file, registry, network record and monitoring, and so on, which is called ADef network attack process analysis tool, which is called ADef fast analysis tool, which is called ADef network attack process analysis tool. At the same time, the static and dynamic automatic replacement function of attack load for the whole system is realized at the kernel level. Finally, this paper selects a series of typical network attack samples, and verifies the correctness of the basic method of attack replay and the practicability of the automatic replacement function of attack load for the whole system through the replay of these samples. At the same time, the efficiency of ADef system in attack replay process and the important reference value of this system in theory research and engineering practice are also verified.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2441851
[Abstract]:Cyber attacks have always been one of the most important factors affecting network security, and cyber attacks are taking place all the time, especially against commercial, industrial, political, military and other sectors of the country, as well as high-value individuals, and so on. The harm caused by it should not be ignored. Many cyber attacks are of great value, and people should see their potential uses as well as their threats. If these attacks can be re-exploited, they will be of great help to penetration testing and national-level cyber warfare. Therefore, the main work of this paper focuses on the reuse of network attack, that is, the research of network attack replay technology. In this paper, the types of network attacks are introduced, the characteristics of various types of network attacks are analyzed, and two main types of network attacks, malicious code attack and vulnerability attack, are put forward, and the ideas and methods of replay are put forward. After that, this paper analyzes the inefficiency of existing tools in network replay analysis, and determines the key factors that affect the replay efficiency of attack. ADef has the basic functions of the host intrusion prevention system (HIPS), such as process, file, registry, network record and monitoring, and so on, which is called ADef network attack process analysis tool, which is called ADef fast analysis tool, which is called ADef network attack process analysis tool. At the same time, the static and dynamic automatic replacement function of attack load for the whole system is realized at the kernel level. Finally, this paper selects a series of typical network attack samples, and verifies the correctness of the basic method of attack replay and the practicability of the automatic replacement function of attack load for the whole system through the replay of these samples. At the same time, the efficiency of ADef system in attack replay process and the important reference value of this system in theory research and engineering practice are also verified.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前3条
1 孙乐昌;夏阳;陆余良;;网络主机脆弱性分析[J];计算机工程与科学;2006年12期
2 项国富;金海;邹德清;陈学广;;基于虚拟化的安全监控[J];软件学报;2012年08期
3 王宜阳;刘家豪;;Conficker蠕虫的分析与防范[J];信息网络安全;2010年10期
,本文编号:2441851
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2441851.html
