基于蜜罐网络的入侵检测系统的研究

【作者】 王雷；

【导师】 苏兵；

【作者基本信息】 华东师范大学 ， 软件工程， 2007， 硕士

【摘要】 分布式拒绝服务DDoS(Distributed Denial of Service)攻击，是拒绝服务攻击DoS的集群攻击方式。与DoS攻击类似，DDoS攻击通过使受害主机处理数据过大而导致系统资源或网络带宽资源耗竭，使其不能提供正常的服务。由于是通过多台计算机同时向受害主机发起攻击，DDoS攻击危害更大、防范更难。虽然目前针对DDoS攻击的防范研究在广泛地进行，但因DDoS攻击手段的独特性，所提出的防范方法还不能从根本上抑制这种攻击。本文在系统分析DDoS攻击的基本原理与特点、目前常用的DDoS防范方法并总结现有方法，特别是基于蜜罐技术的DDoS防范方法的不足等基础上，设计并实现了一个新型的基于蜜罐的DDoS防范模型系统。该模型在有效检测到DDoS攻击时，利用蜜罐子网转接攻击服务器的网络流，既能保护服务器主机又能迷惑黑客，同时还记录其详细的攻击信息。模型的特色之处是使用远程日志服务器存储蜜罐系统所收集的黑客攻击信息，保护日志信息的安全与可信。模型系统的具体设计与实现方法在本文有详细描述，包括模型的框架设计、蜜罐作用定位、DDoS防范功能分析、攻击转向技术实现、远程日志系统设计与实现等。更多还原

【Abstract】 Distributed Denial of Service (DDoS) attacks against Internet security is one of the attacks that most harm and difficult to prevent. While the research for defending against DDoS attacks be took in a wide range, since DDoS attacks’ means uniqueness, the current methods are not fundamentally to defending against such attacks. This paper analysis of the DDoS attack principles and the current methods used to defending against the DDoS, and summed up its shortcomings also; This paper has also analyzed the shortcoming of current model, which based on honeypot technology. For improve these short comings, this paper designed and implemented a model based on honeypot technology to defending against DDoS. Honeypot technology is a new technology for network security; Its main role is to confuse hackers and records attacks. This model using honeypot sub-network to receive attacks flow that switching from server, it can protect host server and confuse hackers, also can records hackers information in detail. Log information for analysis and evidence of attack is very important, In order to ensure the security and credible of honyepot systems collected log information, this paper also designed and realized a program to store log information in a long-distance server. This model adopts the way of judging then transmitting the attacks flows to the honeypot, have protected the server and guaranteed the normal access of the important customer at the same time .The model that this paper puts forward has the following advantages: Use the distance server to store the log information that the honeypot system collects the attacking, protect the security of the information of the log and can be believed.Concrete design and realization of the model system in detail describe in this paper , including the frame of the model, honeypot function in the model, the function analysis of the model prevent against DDoS attacking, realization of the redirection technology of the attacking flows, the realization and design of the distance log storing system etc.更多还原