【作者】 张亚平；

【导师】 孙济洲；

【作者基本信息】 天津大学 ， 计算机应用技术， 2005， 博士

【摘要】 随着信息技术的发展,网络安全日益成为全社会关注的重大问题。本文对网络安全模型、分布式拒绝服务攻击防御技术、聚类算法在异常检测中的应用、信息加密技术及自动响应技术等网络安全中的关键问题进行了系统、深入和较为全面的研究。本文的主要创新之处在于:在现有环境下,融合当前网络安全技术,提出了基于智能代理技术的自保护系统模型,并对自保护系统的构成和工作模式进行了详细的描述。分布式拒绝服务攻击是Internet所面临的最严峻的挑战之一,目前提出的防御方法在DDoS攻击特征随机变化时无法有效区分正常流量和攻击流,本文提出了一种动态分流选择通过的DDoS防御方法,在检测到DDoS攻击时动态变更路由信息,将发送到受害主机的正常业务流和攻击流转移到分流器,然后利用攻击数据包IP和端口的随机性阻挡攻击流,保证正常网络业务的顺利进行。借助数据挖掘技术对网络中海量数据进行分析发现入侵行为是异常检测研究的重点,本文提出了一种改进的围绕中心点的分割算法IPAM(ImprovedPartitioning Around Medoids),并通过实验证明了IPAM算法能够有效的检测真实网络数据中的入侵行为。加密技术是最基本的网络安全技术,被誉为信息安全的核心,本文运用序列密码和分组密码相互融合和渗透的思想,提出了一种基于传统分组加密算法的伪序列密码加密算法,即以分组加密算法为核心,通过S盒和反馈等方式变换分组加密模块每次加密时所使用的明文和密钥,生成随机密钥流,从而提高了信息传输的安全性。自动响应是保障网络安全的重要环节,本文提出了基于可信度的成本敏感模型;提出了基于多源数据关联的自动响应技术,将动态检测与静态防御技术相结合,提高了系统的主动防御能力。更多还原

【Abstract】 With the development of Information technology, Network security is gettingmore and more important. Several key technologies of network security are studiedand analyzed systematically in this dissertation. They are network security model, themechanism of Distributed Denial of Service (DDoS) Attack defending, clusteringalgorithms for network intrusion detection, information encryption algorithm, andautonomic intrusion response.Some innovations have been achieved and presented in this dissertation:Having studied the currently network security and agent technology, thisdissertation presents a self-protection model based on multi-agent and describes thecomponents and property of this model in detail.DDoS is one of the greatest menaces to Internet. The existed mechanism fordefending DDoS can’t distinguish normal network packets and attack network packetswhen the contents of network packets of DDoS are randomized. This dissertationpresents a mechanism for defending distributed denial of service attack which candetect the presence of a potential DDoS attack and divert attack traffic destined for thenetwork being monitored without affecting the flow of legitimate traffic. Emulationshows that this mechanism for defending DDoS is effective and feasible.Data mining has unique advantages in acquiring unknown knowledge. So,intrusion detection based on data mining becomes a hot issue. This dissertationpresents an Improved Partitioning Around Medoids (IPAM) algorithm and evaluated itperformance on the network connection data sets. Experiment studies show that thisalgorithm is feasible and effective for unknown intrusion detection.In this dissertation a new word-oriented stream cipher which based onconventional encryption algorithm is presented. A complete description of thealgorithm, an evaluation of its security properties, performance and implementationaspects are given. The cryptanalysis of this algorithm does not reveal an attack betterthan exhaustive key search. The Speed of this algorithm is as fast as commonly blockciphers.At last, a cost-sensitive model based on reliability degree is proposed. Then anautomated intrusion response technique that is based on multi-source Eventscorrelation is introduced and a prototype of automated intrusion response has beenimplemented.更多还原