本文選題：網(wǎng)絡(luò)安全 + 路由協(xié)議��； 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：當(dāng)前,相關(guān)路由協(xié)議的安全性已無法滿足日益復(fù)雜的互聯(lián)網(wǎng)環(huán)境,導(dǎo)致頻繁發(fā)生針對路由協(xié)議的網(wǎng)絡(luò)攻擊,網(wǎng)絡(luò)安全形勢日趨嚴(yán)峻。為了對抗日益增長的各類新型網(wǎng)絡(luò)攻擊,我們迫切需要對各類技術(shù)進(jìn)行調(diào)查研究,以便快速掌握最新、最前沿的攻擊技術(shù),并及時(shí)給出恰當(dāng)?shù)念A(yù)防方案來保護(hù)通信安全。然而任何類型的網(wǎng)絡(luò)攻擊都伴隨一定的破壞度,再加上網(wǎng)絡(luò)攻擊過程的不可控制性以及結(jié)果的不可預(yù)估性,導(dǎo)致直接在真實(shí)環(huán)境下進(jìn)行調(diào)查研究將會對現(xiàn)有系統(tǒng)造成不可恢復(fù)的破壞,因此亟需一個(gè)與真實(shí)環(huán)境相互隔離,同時(shí)具備一定規(guī)模又能真實(shí)有效的反應(yīng)攻擊結(jié)果的實(shí)驗(yàn)環(huán)境,在此種實(shí)驗(yàn)環(huán)境下進(jìn)行安全、有效、’可靠的攻擊研究。 這種實(shí)驗(yàn)環(huán)境已經(jīng)有較多的先驅(qū)工作和成功經(jīng)驗(yàn),其中主要包括硬件測試床、模擬器軟件及仿真測試床三種,但搭建一套具備一定規(guī)模的硬件測試床需要極大的開銷,模擬器軟件在真實(shí)度方面存有較大的缺陷,而仿真測試床是具備真實(shí)性又能緩解開銷的一種有效的方式,因此仿真平臺也在近年來逐漸被各國所接受并迅速普及開來,故而本文將選取仿真測試床作為實(shí)驗(yàn)環(huán)境,而后在仿真平臺上進(jìn)行典型動態(tài)路由協(xié)議的攻擊技術(shù)研究。本文的具體工作如下： 1.借鑒美國猶他大學(xué)Emulab測試床的設(shè)計(jì)理念和系統(tǒng)架構(gòu),利用虛擬化技術(shù)、仿真技術(shù)并結(jié)合相關(guān)硬件設(shè)施(如二層交換機(jī)、服務(wù)器、串口服務(wù)器、無線AP設(shè)備等)設(shè)計(jì)并實(shí)現(xiàn)一套能進(jìn)行路由協(xié)議攻擊研究的網(wǎng)絡(luò)仿真實(shí)驗(yàn)平臺； 2.選取最為流行的域間路由協(xié)議BGP和域內(nèi)路由協(xié)議OSPF作為研究目標(biāo),為了研究這兩種協(xié)議在真實(shí)路由設(shè)備上的具體實(shí)現(xiàn),并觀察最真實(shí)的攻擊效果,本文在一定程度上結(jié)合路由模擬軟件來模擬實(shí)驗(yàn)中所需的路由節(jié)點(diǎn)； 3.在仿真平臺上開展針對BGP協(xié)議的ZMW攻擊研究,通過獲取相應(yīng)的攻擊參數(shù),對目標(biāo)鏈路發(fā)動ZMW攻擊,研究其造成的影響,并挖掘發(fā)生路由震蕩鏈路的特征參數(shù)； 4.在仿真平臺上開展針對OSPF協(xié)議標(biāo)準(zhǔn)在計(jì)算路由表時(shí)存在的二義性漏洞攻擊,通過偽造相應(yīng)的LSA報(bào)文,來達(dá)到影響路由表項(xiàng)的目標(biāo),并對比了不同的OSPF實(shí)施部署。
[Abstract]:At present, the security of related routing protocols can not meet the increasingly complex Internet environment, resulting in frequent network attacks against routing protocols, and the network security situation is becoming increasingly serious. In order to counter the increasing variety of new network attacks, we urgently need to investigate and study all kinds of technologies in order to quickly grasp the latest and most advanced attack techniques, and to provide appropriate prevention schemes to protect communication security. However, any type of network attack is accompanied by a certain degree of destruction, plus the process of the network attack is not controllable and the result is unpredictable. As a result of direct investigation and research in real environment, the existing system will be damaged irrecoverably. Therefore, an experimental environment that is isolated from real environment and has a certain scale and real and effective response to attack results is urgently needed. In this experimental environment, safe, effective and reliable attack research is carried out. This kind of experimental environment has already had more pioneering work and successful experience, including three kinds of hardware test bed, simulator software and simulation test bed, but building a set of hardware test bed with a certain scale requires a great deal of expense. The simulator software has some defects in the aspect of truthfulness, and the simulation test bed is an effective way to reduce the cost of the simulator. Therefore, the simulation platform has been gradually accepted and popularized by many countries in recent years. Therefore, this paper chooses the simulation test bed as the experimental environment, and then studies the attack technology of the typical dynamic routing protocol on the simulation platform. The specific work of this paper is as follows: 1. Based on the design concept and system architecture of Emulab test bed at the University of Utah, using virtualization technology, simulation technology and related hardware facilities (such as layer 2 switch, server, serial port server, etc.), Design and implement a set of network simulation experiment platform which can carry on the research of routing protocol attack. 2. The most popular inter-domain routing protocol (BGP) and intra-domain routing protocol (OSPF) are selected as the research objectives. In order to study the implementation of the two protocols on the real routing devices, and observe the most real attack effect. In this paper, to some extent combined with the routing simulation software to simulate the required routing nodes; 3. The research of ZMW attack based on BGP protocol is carried out on the simulation platform. By obtaining the corresponding attack parameters, we launch ZMW attack on the target link, study its influence, and mine the characteristic parameters of the routing oscillating link. 4. Based on the simulation platform, the ambiguity vulnerability attack of OSPF protocol standard in calculating routing table is carried out, and the target of affecting routing table items is achieved by forging corresponding LSA packets, and different OSPF implementation deployments are compared.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

中國期刊全文數(shù)據(jù)庫 前5條

1 何炎祥;劉陶;曹強(qiáng);熊琦;韓奕;;低速率拒絕服務(wù)攻擊研究綜述[J];計(jì)算機(jī)科學(xué)與探索;2008年01期

2 吳志軍;岳猛;;低速率拒絕服務(wù)LDoS攻擊性能的研究[J];通信學(xué)報(bào);2008年06期

3 陳海燕,季仲梅,李鷗,胡捍英;OSPF路由協(xié)議安全性分析及其攻擊檢測[J];微計(jì)算機(jī)信息;2005年05期

4 何炎祥;劉陶;韓奕;熊琦;曹強(qiáng);;一種針對LDoS攻擊的分布式協(xié)同檢測方法[J];小型微型計(jì)算機(jī)系統(tǒng);2009年03期

5 秦董洪;陳智勇;楊家海;;基于Emulab的網(wǎng)絡(luò)仿真實(shí)驗(yàn)平臺研究[J];實(shí)驗(yàn)室科學(xué);2013年03期

，

本文編號：2097143