面向多域网络的路由策略和传输协议符合性安全态势感知
发布时间:2019-07-01 20:28
【摘要】:随着计算机网络的规模和复杂性的不断增大,网络空间的安全性越来越受到人们关注。相较于各种网络安全措施各自为战,相互之间极少关联的网络安全体系,网络安全态势感知(Network Security Situation Awareness,简称NSSA)则从宏观角度对整个网络的安全状态进行实时度量,对海量原始安全数据进行数据融合从而辨识网络攻击行为,并及时响应以降低损失。NSSA对网络安全管理的监控能力和应急响应能力都具有积极意义。为了扩大安全检测视角,NSSA需要尽可能全面的收集全网的安全数据,这一点正契合了软件定义网络(Software Defined Network,简称SDN)的全局感知、集中控制的管理特性。SDN最初是致力于加速网络创新、促进网络设备开放、自动化网络配置而提出的新型网络架构,其核心思想是将转发设备的控制功能和转发功能解耦,并开放网络应用程序编程接口,从而赋予用户对网络资源的细粒度、高灵活性的调度能力。SDN为网络安全和网络管理提供了开放而广阔的平台支持。本文结合NSSA对全面安全数据的需求和SDN全局感知的特性,实现了在Open Flow网络(SDN的一种主流实现)下的安全态势感知系统,从整体上对网络安全状况进行把控。本文首先实现了符合性检测系统,即利用Open Flow交换机同时工作在数据链路层、网络层、传输层的扁平化工作模式,实现了对路由策略和传输协议的组合式符合性检查系统,提供了局域网内部的主机对主机、主机对网络等的路由策略,以及主机对传输协议的多粒度的符合性检查功能,该系统除完成对网络访问的符合性检查外,还作为态势感知的数据来源之一。接着,本文实现安全态势感知系统,其工作重点是针对几种典型的网络攻击从Open Flow网络流的角度进行了流量特征分析,并进行异常检测,最后对安全异常检测数据进行加权组合得到全网的安全态势状况。最后,本文介绍了Open Flow网络仿真环境和SDN开发平台,并在此仿真平台上对符合性检查系统、安全态势感知系统进行功能测试。
[Abstract]:With the increasing scale and complexity of computer network, the security of cyberspace has attracted more and more attention. Compared with all kinds of network security measures, which are rarely related to each other, (Network Security Situation Awareness, (Network Security situation Awareness (NSSA) measures the security state of the whole network in real time from a macro point of view, and merges the massive original security data to identify the network attack behavior. And timely response to reduce losses. NSSA is of positive significance to the monitoring ability and emergency response ability of network security management. In order to expand the perspective of security detection, NSSA needs to collect the security data of the whole network as comprehensively as possible, which is in line with the global perception of software-defined network (Software Defined Network, (SDN) and the management characteristics of centralized control. SDN was originally a new network architecture dedicated to accelerating network innovation, promoting the opening of network equipment and automating network configuration. The core idea is to decoupling the control function and forwarding function of the forwarding device, and to open the network application programming interface, so as to give users the fine granularity and high flexibility scheduling ability of the network resources. SDN provides open and broad platform support for network security and network management. Based on the requirements of NSSA for comprehensive security data and the characteristics of SDN global perception, this paper implements a security situational awareness system under Open Flow network (a mainstream implementation of SDN), and controls the network security situation as a whole. In this paper, the conformance detection system is implemented, that is, the flattened working mode of Open Flow switch in data link layer, network layer and transport layer is used to realize the combined conformance checking system of routing policy and transmission protocol, which provides the routing strategy of host to host and host to network in LAN, as well as the multi-granularity conformance checking function of host to transmission protocol. The system not only completes the compliance check of network access, but also serves as one of the data sources of situational awareness. Then, this paper implements the security situation awareness system, its work focuses on several typical network attacks from the point of view of Open Flow network flow analysis, and anomaly detection, and finally weighted combination of security anomaly detection data to obtain the security situation of the whole network. Finally, this paper introduces the Open Flow network simulation environment and SDN development platform, and carries on the function test to the conformity check system and the security situational awareness system on this simulation platform.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2508769
[Abstract]:With the increasing scale and complexity of computer network, the security of cyberspace has attracted more and more attention. Compared with all kinds of network security measures, which are rarely related to each other, (Network Security Situation Awareness, (Network Security situation Awareness (NSSA) measures the security state of the whole network in real time from a macro point of view, and merges the massive original security data to identify the network attack behavior. And timely response to reduce losses. NSSA is of positive significance to the monitoring ability and emergency response ability of network security management. In order to expand the perspective of security detection, NSSA needs to collect the security data of the whole network as comprehensively as possible, which is in line with the global perception of software-defined network (Software Defined Network, (SDN) and the management characteristics of centralized control. SDN was originally a new network architecture dedicated to accelerating network innovation, promoting the opening of network equipment and automating network configuration. The core idea is to decoupling the control function and forwarding function of the forwarding device, and to open the network application programming interface, so as to give users the fine granularity and high flexibility scheduling ability of the network resources. SDN provides open and broad platform support for network security and network management. Based on the requirements of NSSA for comprehensive security data and the characteristics of SDN global perception, this paper implements a security situational awareness system under Open Flow network (a mainstream implementation of SDN), and controls the network security situation as a whole. In this paper, the conformance detection system is implemented, that is, the flattened working mode of Open Flow switch in data link layer, network layer and transport layer is used to realize the combined conformance checking system of routing policy and transmission protocol, which provides the routing strategy of host to host and host to network in LAN, as well as the multi-granularity conformance checking function of host to transmission protocol. The system not only completes the compliance check of network access, but also serves as one of the data sources of situational awareness. Then, this paper implements the security situation awareness system, its work focuses on several typical network attacks from the point of view of Open Flow network flow analysis, and anomaly detection, and finally weighted combination of security anomaly detection data to obtain the security situation of the whole network. Finally, this paper introduces the Open Flow network simulation environment and SDN development platform, and carries on the function test to the conformity check system and the security situational awareness system on this simulation platform.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前6条
1 龚俭;金磊;;基于SDN技术的网络入侵阻断系统设计[J];华中科技大学学报(自然科学版);2016年11期
2 张勇;谭小彬;崔孝林;奚宏生;;基于Markov博弈模型的网络安全态势感知方法[J];软件学报;2011年03期
3 陈秀真;郑庆华;管晓宏;林晨光;;层次化网络安全威胁态势量化评估方法[J];软件学报;2006年04期
4 聂林,张玉清,王闵;入侵防御系统的研究与分析[J];计算机应用研究;2005年09期
5 宿洁,袁军鹏;防火墙技术及其进展[J];计算机工程与应用;2004年09期
6 饶鲜,董春曦,杨绍全;基于支持向量机的入侵检测系统[J];软件学报;2003年04期
相关博士学位论文 前1条
1 张淑英;网络安全事件关联分析与态势评测技术研究[D];吉林大学;2012年
相关硕士学位论文 前4条
1 廖斌;网络安全审计系统的设计与实现[D];中国科学院大学(工程管理与信息技术学院);2015年
2 何龚敏;SDN安全态势评估系统[D];西安电子科技大学;2014年
3 姚东;基于流的大规模网络安全态势感知关键技术研究[D];解放军信息工程大学;2013年
4 韩承钦;基于sFlow和SNMP的网络安全态势融合方法的研究[D];哈尔滨工程大学;2013年
,本文编号:2508769
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2508769.html
