【作者】 沈铭；

【导师】 薛质；

【作者基本信息】 上海交通大学 ， 通信与信息系统， 2011， 硕士

【摘要】 随着互联网行业的飞速发展,网络与信息安全的重要性日趋增强,大至军事、国防、政府、银行等关键行业,小至一般的企业乃至个人,都面临着网络攻击,蠕虫泛滥,隐私泄漏等风险。与此同时,网络攻击又呈现手段多样化、技术平民化、周期缩短化的态势,为了不被突如其来的网络攻击弄得手足无措,我们必须要化被动为主动,探究可能存在的网络漏洞,研究黑客们正在或者可能采用的最新的攻击方法。蜜罐技术是一种诱骗入侵者攻击以达到采集黑客攻击方法和保护真实主机目标的技术。不同于大多数传统的安全技术,蜜罐的核心价值在于被探测、被攻击、或者被威胁,以此达到对这些攻击活动的检测与分析,从而了解攻击者的目的,掌握他们的攻击手段、技巧、战术、甚至于心理和习惯等,最终实现从攻击者的行为中学习到更深层次的信息保护的方法。Honeyd是最为常见的一种蜜罐系统,通过在网络上创建和配置虚拟主机,使其看起来是在运行某种特定的操作系统。Honeyd可以用一台主机在局域网中模拟出多个主机及地址以满足网络实验环境的要求,虚拟主机可以被ping通,也可以被路由跟踪。通过对配置文件进行设置可以使之模拟运行各种服务。本文首先对课题的研究背景和意义以及国内外的研究现状进行了介绍,随后对本文所涉及的一些基本技术进行了介绍,包括蜜罐的基本原理和应用,Web体系结构,常见的网络通信协议,常见的网络攻击手段及原理等知识。随后选定了当前最为常见和流行的一款开源蜜罐软件Honeyd作为研究平台,分析其工作原理及体系结构,针对不同的Web攻击手段,研究并设计了相应的诱捕引擎及模块,使之能够实现对各种典型Web攻击做出响应并捕获攻击数据。最后,针对建立在虚拟环境上的诱捕系统进行了实验,验证系统的功能,并提出系统改进的思路和方案。更多还原

【Abstract】 As the fast development of the internet industry, the network information security is playing a more and more important role. From the key industry such as the military, the native defense, the government, and the bank, to the corporation and individuals, are facing the risks of the network attacks. At the same time, the network attacks are diversified with short period and low technical barrier. In case of being confused by the sudden attacking, we must be active instead of passive, to find out the possible weakness, and research the latest attack methods of the hackers.Honeypot technology is used to trap attacks in order to collect the information of the attacks and protect the real host. Unlike the traditional security technologies, the core value of the honeypot is to be detected, attacked and threatened. Through that we can analyze the attacks, know their attack purpose, means and strategies, and finally we can learn deeper information protection methods from that.Honeyd is one of the most popular honeypot systems. By create and configure with the virtual host, it seems that we are running on the specific operating system. Honeyd can create multiple virtual hosts in the local area network to meet with the network experimental environment. We can ping the virtual host and trace the route. With those features, we can simulate varieties of services by making different configuration.This article firstly introduces the research background and meanings, and the current environment of the research throughout the inside and outside of the country. And then, it introduces some basic technologies related with the article, including theory of the honeypot , Web architecture, common network communication protocols and so on. After that, it chooses one of the most popular honeypot program Honeyd as the research platform, studying its detail, designing the trapping engine and module due to different web attack means, so that it can capture the attack information by the typical Web attacks. Last, there is experiment to identify the functions of the trapping system and find out some improvement ideas for the system.更多还原