【摘要】：隨著計(jì)算機(jī)網(wǎng)絡(luò)的規(guī)模和復(fù)雜性的不斷增大,網(wǎng)絡(luò)空間的安全性越來越受到人們關(guān)注。相較于各種網(wǎng)絡(luò)安全措施各自為戰(zhàn),相互之間極少關(guān)聯(lián)的網(wǎng)絡(luò)安全體系,網(wǎng)絡(luò)安全態(tài)勢(shì)感知(Network Security Situation Awareness,簡(jiǎn)稱NSSA)則從宏觀角度對(duì)整個(gè)網(wǎng)絡(luò)的安全狀態(tài)進(jìn)行實(shí)時(shí)度量,對(duì)海量原始安全數(shù)據(jù)進(jìn)行數(shù)據(jù)融合從而辨識(shí)網(wǎng)絡(luò)攻擊行為,并及時(shí)響應(yīng)以降低損失。NSSA對(duì)網(wǎng)絡(luò)安全管理的監(jiān)控能力和應(yīng)急響應(yīng)能力都具有積極意義。為了擴(kuò)大安全檢測(cè)視角,NSSA需要盡可能全面的收集全網(wǎng)的安全數(shù)據(jù),這一點(diǎn)正契合了軟件定義網(wǎng)絡(luò)(Software Defined Network,簡(jiǎn)稱SDN)的全局感知、集中控制的管理特性。SDN最初是致力于加速網(wǎng)絡(luò)創(chuàng)新、促進(jìn)網(wǎng)絡(luò)設(shè)備開放、自動(dòng)化網(wǎng)絡(luò)配置而提出的新型網(wǎng)絡(luò)架構(gòu),其核心思想是將轉(zhuǎn)發(fā)設(shè)備的控制功能和轉(zhuǎn)發(fā)功能解耦,并開放網(wǎng)絡(luò)應(yīng)用程序編程接口,從而賦予用戶對(duì)網(wǎng)絡(luò)資源的細(xì)粒度、高靈活性的調(diào)度能力。SDN為網(wǎng)絡(luò)安全和網(wǎng)絡(luò)管理提供了開放而廣闊的平臺(tái)支持。本文結(jié)合NSSA對(duì)全面安全數(shù)據(jù)的需求和SDN全局感知的特性,實(shí)現(xiàn)了在Open Flow網(wǎng)絡(luò)(SDN的一種主流實(shí)現(xiàn))下的安全態(tài)勢(shì)感知系統(tǒng),從整體上對(duì)網(wǎng)絡(luò)安全狀況進(jìn)行把控。本文首先實(shí)現(xiàn)了符合性檢測(cè)系統(tǒng),即利用Open Flow交換機(jī)同時(shí)工作在數(shù)據(jù)鏈路層、網(wǎng)絡(luò)層、傳輸層的扁平化工作模式,實(shí)現(xiàn)了對(duì)路由策略和傳輸協(xié)議的組合式符合性檢查系統(tǒng),提供了局域網(wǎng)內(nèi)部的主機(jī)對(duì)主機(jī)、主機(jī)對(duì)網(wǎng)絡(luò)等的路由策略,以及主機(jī)對(duì)傳輸協(xié)議的多粒度的符合性檢查功能,該系統(tǒng)除完成對(duì)網(wǎng)絡(luò)訪問的符合性檢查外,還作為態(tài)勢(shì)感知的數(shù)據(jù)來源之一。接著,本文實(shí)現(xiàn)安全態(tài)勢(shì)感知系統(tǒng),其工作重點(diǎn)是針對(duì)幾種典型的網(wǎng)絡(luò)攻擊從Open Flow網(wǎng)絡(luò)流的角度進(jìn)行了流量特征分析,并進(jìn)行異常檢測(cè),最后對(duì)安全異常檢測(cè)數(shù)據(jù)進(jìn)行加權(quán)組合得到全網(wǎng)的安全態(tài)勢(shì)狀況。最后,本文介紹了Open Flow網(wǎng)絡(luò)仿真環(huán)境和SDN開發(fā)平臺(tái),并在此仿真平臺(tái)上對(duì)符合性檢查系統(tǒng)、安全態(tài)勢(shì)感知系統(tǒng)進(jìn)行功能測(cè)試。
[Abstract]:With the increasing scale and complexity of computer network, the security of cyberspace has attracted more and more attention. Compared with all kinds of network security measures, which are rarely related to each other, (Network Security Situation Awareness, (Network Security situation Awareness (NSSA) measures the security state of the whole network in real time from a macro point of view, and merges the massive original security data to identify the network attack behavior. And timely response to reduce losses. NSSA is of positive significance to the monitoring ability and emergency response ability of network security management. In order to expand the perspective of security detection, NSSA needs to collect the security data of the whole network as comprehensively as possible, which is in line with the global perception of software-defined network (Software Defined Network, (SDN) and the management characteristics of centralized control. SDN was originally a new network architecture dedicated to accelerating network innovation, promoting the opening of network equipment and automating network configuration. The core idea is to decoupling the control function and forwarding function of the forwarding device, and to open the network application programming interface, so as to give users the fine granularity and high flexibility scheduling ability of the network resources. SDN provides open and broad platform support for network security and network management. Based on the requirements of NSSA for comprehensive security data and the characteristics of SDN global perception, this paper implements a security situational awareness system under Open Flow network (a mainstream implementation of SDN), and controls the network security situation as a whole. In this paper, the conformance detection system is implemented, that is, the flattened working mode of Open Flow switch in data link layer, network layer and transport layer is used to realize the combined conformance checking system of routing policy and transmission protocol, which provides the routing strategy of host to host and host to network in LAN, as well as the multi-granularity conformance checking function of host to transmission protocol. The system not only completes the compliance check of network access, but also serves as one of the data sources of situational awareness. Then, this paper implements the security situation awareness system, its work focuses on several typical network attacks from the point of view of Open Flow network flow analysis, and anomaly detection, and finally weighted combination of security anomaly detection data to obtain the security situation of the whole network. Finally, this paper introduces the Open Flow network simulation environment and SDN development platform, and carries on the function test to the conformity check system and the security situational awareness system on this simulation platform.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 龔儉;金磊;;基于SDN技術(shù)的網(wǎng)絡(luò)入侵阻斷系統(tǒng)設(shè)計(jì)[J];華中科技大學(xué)學(xué)報(bào)(自然科學(xué)版);2016年11期

2 張勇;譚小彬;崔孝林;奚宏生;;基于Markov博弈模型的網(wǎng)絡(luò)安全態(tài)勢(shì)感知方法[J];軟件學(xué)報(bào);2011年03期

3 陳秀真;鄭慶華;管曉宏;林晨光;;層次化網(wǎng)絡(luò)安全威脅態(tài)勢(shì)量化評(píng)估方法[J];軟件學(xué)報(bào);2006年04期

4 聶林,張玉清,王閔;入侵防御系統(tǒng)的研究與分析[J];計(jì)算機(jī)應(yīng)用研究;2005年09期

5 宿潔,袁軍鵬;防火墻技術(shù)及其進(jìn)展[J];計(jì)算機(jī)工程與應(yīng)用;2004年09期

6 饒鮮,董春曦,楊紹全;基于支持向量機(jī)的入侵檢測(cè)系統(tǒng)[J];軟件學(xué)報(bào);2003年04期

相關(guān)博士學(xué)位論文 前1條

1 張淑英;網(wǎng)絡(luò)安全事件關(guān)聯(lián)分析與態(tài)勢(shì)評(píng)測(cè)技術(shù)研究[D];吉林大學(xué);2012年

相關(guān)碩士學(xué)位論文 前4條

1 廖斌;網(wǎng)絡(luò)安全審計(jì)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[D];中國(guó)科學(xué)院大學(xué)(工程管理與信息技術(shù)學(xué)院);2015年

2 何龔敏;SDN安全態(tài)勢(shì)評(píng)估系統(tǒng)[D];西安電子科技大學(xué);2014年

3 姚東;基于流的大規(guī)模網(wǎng)絡(luò)安全態(tài)勢(shì)感知關(guān)鍵技術(shù)研究[D];解放軍信息工程大學(xué);2013年

4 韓承欽;基于sFlow和SNMP的網(wǎng)絡(luò)安全態(tài)勢(shì)融合方法的研究[D];哈爾濱工程大學(xué);2013年

，

本文編號(hào)：2508769