网络拓扑隐蔽自动探测技术的研究

【作者】 连碧应；

【导师】 张小松；

【作者基本信息】 电子科技大学 ， 计算机应用技术， 2010， 硕士

【摘要】 从上世纪90年代以来,Internet和网络技术得到了长足的发展,网络安全问题变得日益严峻,自动网络拓扑发现作为网络安全管理的一项关键技术也得到了人们的重视。近年的研究表明,网络拓扑自动发现技术仍然存在一系列问题:网络拓扑数学模型不够准确,不能很好的反映真实网络结构;对网络中影响网络拓扑探测的因素过度简化,没有考虑实际网络中防火墙、代理服务器等对拓扑信息收集的影响,导致拓扑发现的完整性不高;拓扑发现算法不通用,没有统一接口,很难进行移植和第二次开发。以自治系统为对象,本文对网络拓扑自动探测技术进行了研究,取得了以下几个方面的成果:1.提出了一种分层的网络拓扑数学模型,用于准确地反映网络拓扑结构。在该模型中,网络层采用图模型,链路层采用树模型。2.首次将穿墙、穿代理和通信隐藏等技术应用于网络拓扑探测。一方面,网络环境中部署的防火墙和代理设备对网络拓扑的探测起到了很强的干扰作用,给拓扑检测工作带来了很大的困难,将穿透防火墙和穿透代理服务器技术应用于网络拓扑发现中,可以提高拓扑发现的效率和完备性。另一方面,网络拓扑发现是一种积极的网络管理方式,不应该对现有网络造成比较大的影响,也不能让探测到的拓扑信息被恶意程序利用,于是拓扑发现中的通信隐藏处理也很必要。3.研究并实现了一种联动的网络层拓扑发现算法。算法涵盖了ICMP、UDP、TCP等通用协议检测方法和SNMP协议检测方法。各检测模块独立工作,将获取的拓扑信息传送给拓扑发现管理模块,由拓扑管理模块分发整理后的拓扑信息,让各个拓扑检测模块进行自适应调整,达到了整体联动的效果。该算法能够很好的发现网络层拓扑,具有相当好的通用性。4.研究并实现一种新型的链路层拓扑发现算法。一方面,利用生成树协议STP来进行拓扑发现;另一方面,通过地址转发表信息来辅助确定子网中交换机与共享网段、不可网管交换机之间的连接关系。本算法综合了生成树发现算法和地址转发表发现算法的优点,具有良好的通用性。5.提出了一种多探测节点的分布式网络拓扑综合发现框架。该框架融合了网络层拓扑发现技术、链路层拓扑发现技术和拓扑显示技术,不仅可以有效的发现网络拓扑信息,还可以将这些拓扑信息以拓扑图的方式表达出来。设计并实现了其原型系统,仿真实验表明可以有效的进行网络拓扑发现。更多还原

【Abstract】 Technology of internet and network has attained great development since 1990. Network security has become a more and more severe problem as well. At the same time, as a crucial technology of secure management in network, the technology of auto topology discovery in network is concerned by people. Studies in the recent years show that there are still some issues in the network topology auto-discovery technology. Network topology model is not accurate enough to reflect the real network structure; Over-simplified the factors that affect the detection to network topology, without considering the firewall, proxy server in the actual network and etc, leading to low integrity of topology discovery; Topology discovery algorithm is not universal, and there is not uniform interface in it, so it is difficult to transplant the algorithm and make second development.This paper focus on network topology auto-discovery technology, as autonomous system for researching object, there are the following five primary contributions.1. This thesis presents a layered mathematical model in network topology for accurately reflect the network topology structure. In this model, the network layer is described by graph model; the link layer is described by tree model.2. For the first time, we apply the technology of passing through firewall, passing through proxy, communication hiding, and other windows kernel technology to the detection of network topology. On the one hand, the deployment of firewall and proxy devices in the network environment produce bad effect on the detection of network topology, leading to great difficulties for network topology detecting. The technology of passing through firewall and proxy can be used to increase the efficiency and completeness of topology discovery. On the other hand, as an active approach in network management, the discovery of network topology should not make large impact on the existing network, nor allow malicious programs to make use of the topology information of topology discovery, so it is necessary to hide network communication in topology discovery.3. In this paper, we study and implement a linkage network layer topology discovery algorithm. It covers general protocols discovery method, containing ICMP protocol, UDP protocol and TCP protocol, and SNMP protocol detecting method. All detection modules work independently, and transfer the topology information which they get to the management module of topology discovery. Topology discovery management module distributes the topology information to the detection modules, so that all detection modules can adapt themselves to achieve the overall linkage effect. The algorithm is a good way to discover network layer topology with a very good versatility.4. We propose a novel link layer topology discovery algorithm. On the one hand, the algorithm uses the spanning tree protocol (STP) to discover topology; On the other hand, it determines the connection among the switches, sharing network segment, and non-managerial switches with the FDB. The algorithm combines the spanning-tree discovery algorithm and the forwarding discovery algorithm, so it offers good versatility.5. In the thesis, we propose a multi-node-distributed network topology discovery framework. The framework combines the network layer topology discovery techniques, link layer topology discovery techniques and the displaying technology. It can not only discover network topology information effectively, but also make topology maps express topology information. We design and implement the prototype system of the framework, simulation experiments show that it can work well.更多还原