节点文献
高交互蜜网系统的设计与实现
Design and Achievement on High-Interaction Honeynet System
【作者】 许建伟;
【导师】 钮心忻;
【作者基本信息】 北京邮电大学 , 信息安全, 2010, 硕士
【摘要】 随着计算机网络的发展,计算机网络开始在人们生活的各个方面扮演越来越重要的角色,开始成为人际互联的重要手段。然而网络安全问题也随着网络的不断发展而日益突显出来,计算机网络的安全问题越来越受到人们的关注。传统安全手段如防火墙等,往往处于被动防御,很难发现最新入侵或攻击手段。当网络,系统被攻陷时,人们对于入侵使用的工具、攻击者的来源、攻击方法、攻击目标都一无所知。蜜网技术就是为了扭转这种局面而提出。蜜网技术可以对攻击行为进行监控和分析,了解攻击者所使用的攻击工具和攻击方法,推测攻击者的意图和动机,从而能够让防御者清晰地了解他们所面对的安全威胁。本文分析了原有蜜网的核心需求,针对不足,给出了一种复合型蜜网捕获模型及基于改进k-medoids算法的数据分析,设计并实现了基于以上改进的高交互蜜网系统。本文首先说明了课题的背景和研究意义,明确了课题中要解决的问题,介绍了蜜罐蜜网技术,分析了高交互蜜网的研究现状,指出了高交互蜜网的优缺点。针对高交互蜜网的关键技术进行研究,给出了一种复合型蜜网数据捕获模型以及基于改进k-medoids算法的数据分析。在高交互蜜网系统的设计与实现部分,详细说明了关键技术的实现方案以及系统的各个模块的功能。最后总结全文,提出展望。
【Abstract】 With the rapid development of computer network, computer network has started playing the more important role in all aspects of people’s lives. However, with the development, network security problems are exposed. More and more people pay attention to the computer network security. Traditional security tools such as firewalls and IDS, often in a passive defense, are hard to find new intrusion or attack. When the network and systems are compromised, invasion tools, the sources of the attacker, attack methods, targets are unknown.Honeynet technology is proposed in order to reverse this situation. Honeynet technology can monitor and analyze attacks, understand the attack tools and attack methods used by the attackers, and speculate the attacker’s intentions and motives. The defenders will have a clear understanding of the security threats. The core requirements of the original honeynet are analyzed in this paper. For the shortage, a complex honeynet capture model and data analysis based on improved k-medoids algorithm is given. Based on the above improvement the high-interaction honeynet system is designed and implemented.Firstly, the paper explains the project’s background and significance, and then confirms the problems to be settled. It analyzes honeynet techniques and high-interaction honeynet research status. Point out the advantages and disadvantages of high-interaction honeynet. A complex honeynet capture model and data analysis based on improved k-medoids algorithm is given for high-interaction honeynet key technology research. In the part of design and implementation in high-interaction honeynet system, this paper describes key technology implementations and every module’s function. At last, summarize this paper and give forward-looking views.