节点文献

基于蜜罐系统的网络行为模式分析

Research on Analysis Pattern of Network Behaviour Based-on Honeypots

【作者】 黄毅青

【导师】 张士军;

【作者基本信息】 华中科技大学 , 通信与信息系统, 2009, 硕士

【摘要】 随着互联网的日益普及,人们的生活由于互联网的发展变得便利的同时,互联网的安全威胁问题也日益给人们的生活带来各种各样的隐患。例如各种机构的网站受到的攻击、个人网上密码被盗等事件时有发生。因此,发展各种网络安全技术以改善现有的网络安全欠佳的现状是互联网的当务之急。本文首先通过对蜜罐技术,序列模式挖掘在网络安全领域的应用以及序列模式挖掘算法进行详细的研究,了解数据挖掘技术在蜜罐相关和网络安全应用中被广泛应用。然后根据网络安全设备以及蜜罐数据量大,而且网络行为存在着先后序列顺序的特点,设计了一种基于蜜罐技术的网络行为模式分析系统的网络架构与系统模块结构,并且详细的阐述了本系统模块的具体功能。该系统的目的是使用基于蜜罐技术的方式对网络行为进行捕获与分析,并且设计了网络行为模式分析系统的具体流程。根据本系统蜜罐捕获的行为数据之间同时有不同来源的数据相互交错的特点,讨论了一种根据行为数据的特征属性:来源地址、操作文件与进程进行关联的方法,以防止多个来源的数据交错时对数据分析的影响。并且对蜜罐捕获的数据使用序列模式挖掘算法提取网络的行为模式,另外将根据行为数据中属性权重存在差异的特性与序列模式挖掘的特点进行分析,选择使用基于垂直数据格式的序列模式挖掘算法,给出对序列模式挖掘算法的修改思想,设计相关算法并通过实验进行分析。最后讨论行为关联模块与序列模式挖掘模块的实验结果,将修改的序列挖掘算法的结果与原算法进行比较分析,显示其改善了挖掘结果的准确性与效率。最后提出了下一步的工作方向,期望使用向量空间模型等方法对行为数据集使用其行为特征作为特征向量,使用向量空间中的相似性方法对行为数据集之间的关联性进行分析。

【Abstract】 With the increasing popularity of the Internet, when people’s lives have become convenient as a result of the development of the Internet to facilitate, the issue of Internet security threats has effected to the lives of people kinds of hidden dangers also. Such as various agencies web site attacks, individual Internet password theft incidents. Therefore, the Internet’s immediate concern is the development of network security technology to improve the current poor status of network security.It shows that it has significance to research honeypot technology through analysis on today’s honeypot and network security research, and finds that data mining technology are widely used in the honeypot and network security applications. According to the large amount of data from the network security device as well as honeypot, this paper describes the network architecture and system module structure of a honeypot technology-based attack behavior analysis system, and expounds the detail of the system modules and functions. Honeypot-based technology will be used to capture and analysis the network attacks activity. Afterwards, specific process of attack behavior patterns analysis system will be designed.According to the characteristics of the behavioral data which is captured by this honeypot system, this paper discusses a correlation method of the data based on the characteristics of properties of data, source IP and the process name, in order to prevent data staggered between multiple attacker to impact on the analysis. Moreover it carries on sequential pattern mining based on the weight difference in the properties of the characteristics, improving thinking of sequential pattern mining algorithm is also gave, algorithm is designed and analyzed. Then, the results of the modify sequence mining algorithm is analyzed compare to the original algorithm, it shows that it improves the accuracy of the results and the mining efficiency.At last, the next step of work is raised. It expects the use of methods such as vector space model for definition of an attacker using their behavior feature, and the use of vector space similar to analyze the association of attacks.

  • 【分类号】TP393.08
  • 【下载频次】74
节点文献中: