【作者】 肖丹；

【导师】 杨英杰；

【作者基本信息】 解放军信息工程大学 ， 军事装备学， 2007， 硕士

【摘要】 网络攻防对抗日益加剧，攻击者不论是水平还是手法都有了较大地提升与转变，面对当前复杂的网络环境，及时响应、主动防御成为持续动态维护网络安全的重要保障。网络攻击追踪技术作为主动防御关键组成技术之一，以其独特的攻击源定位、攻击路径重构、网络犯罪威慑等技术优势，成为当前网络安全领域研究的热点。网络攻击追踪技术以往的研究主要侧重于对单一算法思想的提出，比较经典的算法有数据包标记法、路由记录、休眠水印追踪方法等。这些方法各具优势，给当前网络中伪造IP攻击和连接链攻击的追踪提供了解决思路。当前，多样化的网络复合攻击成为发展的趋势，使得网络攻击追踪更需要引入智能分析和增强追踪时效等特征。论文以可控域为实例，分别提出了跨越多级跳板攻击追踪和分布式拒绝服务攻击追踪的算法思想，并设计了攻击路径重构算法。为便于追踪功能的实现，论文在可控域中引入了多级监测粒度自适应调整机制和双层聚生协同网络攻击追踪机制相结合的方法，通过对攻击行为的纵深监控和攻击来源的协同分析定位，为防御策略的制定提供指导。同时，根据追踪系统设计方案，在可控域内搭建了网络攻击追踪原型系统。论文研究的主要贡献：1、借鉴国内外经典攻击追踪算法，提出了单可控域内跨越多级跳板攻击追踪的算法思想和多级可控域内分布式拒绝服务攻击追踪的算法思想，设计了可控域内的攻击路径重构算法。2、提出了支持多个可控域协同的分布式网络攻击追踪技术框架，该技术框架加强了系统纵横双向灵活拓展的设计，便于追踪系统规模的合适选取与部署。3、基于协同追踪思想，论文设计出一种双层聚生协同网络攻击追踪机制，运用自适应协同聚生追踪协议在各同级实体间建立及时合作、拆除关系，提高追踪定位时效。4、设计出一种多级监测粒度自适应调整机制，提高了监测的自适应性，对追踪系统中关键实体和主要功能模块进行了分析设计。5、综合以上研究成果，对追踪系统中关键实体和主要功能模块进行了研究分析，设计实现了基于可控域的分布式网络攻击追踪原型系统。实验结果表明，该方法能够在可控域网络内较准确地识别跳板攻击、拒绝服务攻击等，并及时协作查找出攻击源，降低了系统的漏报、误报率，达到了对可控域网络主动实施智能安全防护的作用。更多还原

【Abstract】 As the increasingly heating of the antagonism between the network attack and network defense, no matter how and what is changed in attack level or techniques, active defence is becoming the most important safeguard of network security nowadays. Network attack tracing as the techniques of active defence have already turned into the hotspot of research.Network attack tracing mostly put emphasis on the ideas of arithmetic, such as Packet Marking, Router Log, Sleeping Watermark Traceback, and so on. These methods have thrown light on the problems of IP traceback and traceback across stepping-stone. The developing tendency of defending made it necessary that we should turn to the intelligent analysis and efficiency. In this paper, the traceback ideas of crossing stepping-stones and distributed denial of service attack have been put forward meanwhile the attack path reconstruction arithmetic has been designed. The method of combining multilevel granularity self-adapting monitoring mechanism and double-aggregative-collaborative tracing mechanism has been applied to the controlled network. By this the tracing prototype system, we could efficiently locate the source of attack and then carry on the active defence. Eventually we have built the traceback prototype in controlled network. The paper offers as follows:1. Offered the traceback across stepping-stones method and distributed denial of service tracing method, and moreover, designed the attack path reconstruction arithmetic.2. The framework of distributed network traceback which undertakes double-direction extending design is convenient for system extending.3. Designed a kind of double-aggregative-collaborative tracing mechanism. Exchanging a new self-adapted cooperative assembled protocol between the tracing entities which actually could promote the tracing efficiency.4. Offered a kind of multilevel granularity self-adapting monitoring mechanism which has promoted the adaptability of the tracing system. In addition, we designed the function modules.5. Combining the hereinbefore research, we have built a tracing prototype system.Experiment results show that the method could traceback across stepping-stone and denialof service in the controlled network etc. The tracing techniques could reduce the fault rates while promoted the network active defence更多还原