大型网络中基于优化策略的违规服务探测技术研究
|
摘要
随着计算机和网络技术的飞速发展,许多机构都建立起自己的内部网络。其极大地推动了组织的信息化进程的同时,各种违规服务的出现也带来了诸多管理与安全问题。目前,存在的各种违规服务探测系统不能很好的满足大型网络中的违规服务探测,探测效率低下极大的减弱了其对网络监控的能力。如何开发探测系统对网络违规服务进行准确而高效探测已成为一项迫切的需求。
本文首先对比分析了发现网络违规服务的被动探测技术和主动探测技术的技术原理、优缺点及适用范围。针对大型网络的违规服务探测,主动探测技术有其明显的优势,因而本文的研究基于主动探测技术。
其次,针对当前的违规服务探测系统效率低下的问题,提出了一种基于层次分析法与最优搜索理论相结合的探测策略。首先利用层次分析法依据违规服务的存活时间与违害性对各违规服务进行优先级划分;然后利用最优搜索理论对各违规主机进行优先级排序;最后结合这两者确定出一条搜索策略。实验证明,在大型网络环境中这种探测策略明显地提高了探测效率。
本文针对大型网络内违规服务探测的需求,详细讨论了设计和实现网络违规服务探测系统的各项关键技术,并给出了一种实现方案以及这种方案在实网中的测试结果。
With the rapid development of computer and network technology, many organizations have established Intranets which can promote information process, but the existence of violated network services in Intranets have brought many problems to management and security. Many kinds of detection systems are not suitable for the violated network services detected in large-scale Intranets, which leads to services missing report, and have deeply impacted on the ability of network monitoring. It is a very important to develop high efficiency and violated network services system.
In this paper, we first analyzed and compared principle, application scope, merits and demerits about the active detecting technology and passive detecting technology. As to large-scale Intranets, the active detecting technology had clear advantage, so this paper's research was based on the active detecting technology.
Secondly, to improve the efficiency of detecting in large-scale Intranets, we proposed a detecting strategy based on AHP and optimal search theory. We sorted all the violated network services according to the detecting priority based on survival time and harmfulness using AHP, and then sorted all the detected hosts according to detected times using optimal search theory, finally, we presented an high efficiency search strategy with the combination of these two sides. The experiments results showed that our searching strategy did some promotion for detection system in large-scale Intranets.
This paper described the key technology of completing a large-scale network violated applications detection system according to the requirement, designed and complemented a violated network applications detection system, and tested the system.
本文首先对比分析了发现网络违规服务的被动探测技术和主动探测技术的技术原理、优缺点及适用范围。针对大型网络的违规服务探测,主动探测技术有其明显的优势,因而本文的研究基于主动探测技术。
其次,针对当前的违规服务探测系统效率低下的问题,提出了一种基于层次分析法与最优搜索理论相结合的探测策略。首先利用层次分析法依据违规服务的存活时间与违害性对各违规服务进行优先级划分;然后利用最优搜索理论对各违规主机进行优先级排序;最后结合这两者确定出一条搜索策略。实验证明,在大型网络环境中这种探测策略明显地提高了探测效率。
本文针对大型网络内违规服务探测的需求,详细讨论了设计和实现网络违规服务探测系统的各项关键技术,并给出了一种实现方案以及这种方案在实网中的测试结果。
With the rapid development of computer and network technology, many organizations have established Intranets which can promote information process, but the existence of violated network services in Intranets have brought many problems to management and security. Many kinds of detection systems are not suitable for the violated network services detected in large-scale Intranets, which leads to services missing report, and have deeply impacted on the ability of network monitoring. It is a very important to develop high efficiency and violated network services system.
In this paper, we first analyzed and compared principle, application scope, merits and demerits about the active detecting technology and passive detecting technology. As to large-scale Intranets, the active detecting technology had clear advantage, so this paper's research was based on the active detecting technology.
Secondly, to improve the efficiency of detecting in large-scale Intranets, we proposed a detecting strategy based on AHP and optimal search theory. We sorted all the violated network services according to the detecting priority based on survival time and harmfulness using AHP, and then sorted all the detected hosts according to detected times using optimal search theory, finally, we presented an high efficiency search strategy with the combination of these two sides. The experiments results showed that our searching strategy did some promotion for detection system in large-scale Intranets.
This paper described the key technology of completing a large-scale network violated applications detection system according to the requirement, designed and complemented a violated network applications detection system, and tested the system.
引文
[1]黄维金,刘风昌.综述计算机网络面临的威胁[J].中国人民公安大学学报(自然科学版),2005,10(2):78-80
[2]Abrams M,Podell H.Computer and Network Security[M].CA:IEEE Computer Society Press,1997
[3]孙华,曹袖.分布式网络入侵监视系统的设计[J].计算机工程,1999,25(3):60-62
[4]杜淑光,陈永浩.网络安全与防火墙技术[J].制造业自动化,2007,29(12):74-76
[5]黎静,曾华.虚拟专用网(VPN)[J].计算机应用,1999,10:26-29
[6]罗睿.统一网络安全管理平台关键技术的研究[D].武汉:华中师范大学,2007
[7]毕连城,孙田.以风险评估为基础分等级建设信息技术保障体系[J].信息安全与通信保密,2008.1:59-62
[8]陈鹏,蔡玥,卢浩.军队院校网络信息安全风险评估研究[J].网络安全技术与应用,2007,7(12):60-62
[9]汪春阳,喻超,张淼,等.下一代网络安全[M].北京:北京邮电大学出版社,2006.3-5
[10]Harris B,Hunt R.TCP/IP security threats and attack methods[J].Computer Communications,1999,22:885-897
[11]Caminada M,van de Riet,van Zanten."Internet security incidents,a survey within Dutch organizations"[J].Computers and Security,1998,17:417-433
[12]杜彦辉.网络服务探测技术研究[J].中国人民公安大学学报(自然科学版),2007,12(1):69-72
[13]秦艳锋,罗军勇,寇晓蕤.网络拓扑信息获取技术研究[J].微计算机信息,2006,22(15):127-130
[14]姜誉,方滨兴,胡铭曾,等.一个Internet路由器级拓扑自动发现系统[J].通讯学报,2002,23(12):54-62
[15]洪宏,张玉清,胡予濮.网络安全扫描技术研究[J].计算机工程,2004,30(10):54-56
[16]欧中云.大型网络违规服务探测技术研究[D].北京:北京理工大学,2006
[17]田昌鹏,门华,唐勇.基于网络监听原理的信息安全管理[J].重庆工商大学学报(自然科学版),2004,21(5):441-443
[18]张涛,胡铭曾,云晓春.网络信息主动探测技术的研究与实现[J].计算机工程与应用,2004,31:17-19
[19]Bellovin S.Security Problems in the TCP/IP Protocol Suite[J].Computer Communication Review,1989,19(2):32-48
[20]蔡启先.TCP SYN端口扫描的研究[J].广西工学院学报,2002,13(1):25-27
[21]Andrew S.Tanenbaum著,潘爱民译.计算机网络[M].北京:清华大学出版社,2002
[22]黄烁,王丽宏.基于广域网的分布式远程监测Sniffer系统[J].计算机工程,2005,31(16):147-149
[23]张泽洲.基于移动Agent和最优搜索理论的CBMR系统[D].成都:电子科技大学,2006
[24]胡运权.运筹学教程[M].北京:清华大学出版社,2003
[25]袁亚湘,孙文瑜.最优化理论与方法[M].北京:科学出版社,2003
[26]朱清新.离散和连续空问中的最优搜索理论[M].北京:科学出版社,2005.1-3
[27]Doshi S,Bhandare S,Brown T.An on-demand minimum energy routing protocol for a wireless ad hoc network[J].ACM SIGMOBILE Mobile Computing and Communications Review,2002,6(3):5O-66
[28]Ramin R,Armand MM.From optimal search theory to sequential paging in cellular networks[J].IEEE Journal on Selected Areas in Communications,1997,15(7):1253-1264
[29]James C Cox,Ronald L Oaxaca.Good News and Bad News:Search from Unknown Wage Offer Distributions[J].Experimental Economics,2000,2:197-225
[30]Chandramouli R.Web Search Steganalysis:Some Challenges and Approaches[A].In:proc.Special session on Information Hiding[C].Washington:IEEE Computer Society,2004,576-579
[31]Stone L.Theory of Optimal Search[M].New fork:Academic Press,1970
[32]朱清新.最优搜索理论及其应用[J].世界科技研究与发展,2005,27(4):39-49
[33]许树柏.层次分析法原理[M].天津:大学出版社,1993
[34]Satty T L.The Analytic Hierarchy Process[M].New York:McGraw-Hill,1980
[35]王军武,王林.基于AHP的房地产项目风险分析[J].国外建材科技,2004,25(1):119-120
[36]钟登华,张建设,曹广晶.基于AHP的工程项目风险分析方法[J].天津大学学报(自然科学与工程技术版),2002,2:29-33
[37]徐玖平,胡知能,王绥.运筹学[M].北京:科学出版社,2004
[38]朱建军.层次分析法的若干问题研究及应用[D].沈阳:东北大学,2005
[39]刘海燕,杨洪路.基于网络的安全漏洞探测技术[J].装甲兵工程学院学报,2003,17(1):67-70
[40]杨可新,鞠九滨,胡亮.降低Web安全扫描误判率[J].吉林大学学报(信息科学版),2002,22(3):252-255
[41]Bob Barr,Sung Yoo,Tom Cheatham.Network monitoring system design[J].ACM SIGCSE Bulletin,1998,30(1):102-106
[42]苏为华.多指标综合评价理论与方法问题研究[D].厦门:厦门大学,2002
[43]柳思维,唐红涛.基于AHP的城市零售企业商圈吸引力模型分析[J].系统工程,2006,24(3):53-57
[44]李雄伟,周希元,杨义先.基于层次分析法的网络攻击效果评估方法研究[J].计算机工程与应用,2005,24:156-159
[45]Steves,Bill著,杨继张译.UNIX网络编程第1卷:套接口API[M].北京:清华大学出版社,2006
[2]Abrams M,Podell H.Computer and Network Security[M].CA:IEEE Computer Society Press,1997
[3]孙华,曹袖.分布式网络入侵监视系统的设计[J].计算机工程,1999,25(3):60-62
[4]杜淑光,陈永浩.网络安全与防火墙技术[J].制造业自动化,2007,29(12):74-76
[5]黎静,曾华.虚拟专用网(VPN)[J].计算机应用,1999,10:26-29
[6]罗睿.统一网络安全管理平台关键技术的研究[D].武汉:华中师范大学,2007
[7]毕连城,孙田.以风险评估为基础分等级建设信息技术保障体系[J].信息安全与通信保密,2008.1:59-62
[8]陈鹏,蔡玥,卢浩.军队院校网络信息安全风险评估研究[J].网络安全技术与应用,2007,7(12):60-62
[9]汪春阳,喻超,张淼,等.下一代网络安全[M].北京:北京邮电大学出版社,2006.3-5
[10]Harris B,Hunt R.TCP/IP security threats and attack methods[J].Computer Communications,1999,22:885-897
[11]Caminada M,van de Riet,van Zanten."Internet security incidents,a survey within Dutch organizations"[J].Computers and Security,1998,17:417-433
[12]杜彦辉.网络服务探测技术研究[J].中国人民公安大学学报(自然科学版),2007,12(1):69-72
[13]秦艳锋,罗军勇,寇晓蕤.网络拓扑信息获取技术研究[J].微计算机信息,2006,22(15):127-130
[14]姜誉,方滨兴,胡铭曾,等.一个Internet路由器级拓扑自动发现系统[J].通讯学报,2002,23(12):54-62
[15]洪宏,张玉清,胡予濮.网络安全扫描技术研究[J].计算机工程,2004,30(10):54-56
[16]欧中云.大型网络违规服务探测技术研究[D].北京:北京理工大学,2006
[17]田昌鹏,门华,唐勇.基于网络监听原理的信息安全管理[J].重庆工商大学学报(自然科学版),2004,21(5):441-443
[18]张涛,胡铭曾,云晓春.网络信息主动探测技术的研究与实现[J].计算机工程与应用,2004,31:17-19
[19]Bellovin S.Security Problems in the TCP/IP Protocol Suite[J].Computer Communication Review,1989,19(2):32-48
[20]蔡启先.TCP SYN端口扫描的研究[J].广西工学院学报,2002,13(1):25-27
[21]Andrew S.Tanenbaum著,潘爱民译.计算机网络[M].北京:清华大学出版社,2002
[22]黄烁,王丽宏.基于广域网的分布式远程监测Sniffer系统[J].计算机工程,2005,31(16):147-149
[23]张泽洲.基于移动Agent和最优搜索理论的CBMR系统[D].成都:电子科技大学,2006
[24]胡运权.运筹学教程[M].北京:清华大学出版社,2003
[25]袁亚湘,孙文瑜.最优化理论与方法[M].北京:科学出版社,2003
[26]朱清新.离散和连续空问中的最优搜索理论[M].北京:科学出版社,2005.1-3
[27]Doshi S,Bhandare S,Brown T.An on-demand minimum energy routing protocol for a wireless ad hoc network[J].ACM SIGMOBILE Mobile Computing and Communications Review,2002,6(3):5O-66
[28]Ramin R,Armand MM.From optimal search theory to sequential paging in cellular networks[J].IEEE Journal on Selected Areas in Communications,1997,15(7):1253-1264
[29]James C Cox,Ronald L Oaxaca.Good News and Bad News:Search from Unknown Wage Offer Distributions[J].Experimental Economics,2000,2:197-225
[30]Chandramouli R.Web Search Steganalysis:Some Challenges and Approaches[A].In:proc.Special session on Information Hiding[C].Washington:IEEE Computer Society,2004,576-579
[31]Stone L.Theory of Optimal Search[M].New fork:Academic Press,1970
[32]朱清新.最优搜索理论及其应用[J].世界科技研究与发展,2005,27(4):39-49
[33]许树柏.层次分析法原理[M].天津:大学出版社,1993
[34]Satty T L.The Analytic Hierarchy Process[M].New York:McGraw-Hill,1980
[35]王军武,王林.基于AHP的房地产项目风险分析[J].国外建材科技,2004,25(1):119-120
[36]钟登华,张建设,曹广晶.基于AHP的工程项目风险分析方法[J].天津大学学报(自然科学与工程技术版),2002,2:29-33
[37]徐玖平,胡知能,王绥.运筹学[M].北京:科学出版社,2004
[38]朱建军.层次分析法的若干问题研究及应用[D].沈阳:东北大学,2005
[39]刘海燕,杨洪路.基于网络的安全漏洞探测技术[J].装甲兵工程学院学报,2003,17(1):67-70
[40]杨可新,鞠九滨,胡亮.降低Web安全扫描误判率[J].吉林大学学报(信息科学版),2002,22(3):252-255
[41]Bob Barr,Sung Yoo,Tom Cheatham.Network monitoring system design[J].ACM SIGCSE Bulletin,1998,30(1):102-106
[42]苏为华.多指标综合评价理论与方法问题研究[D].厦门:厦门大学,2002
[43]柳思维,唐红涛.基于AHP的城市零售企业商圈吸引力模型分析[J].系统工程,2006,24(3):53-57
[44]李雄伟,周希元,杨义先.基于层次分析法的网络攻击效果评估方法研究[J].计算机工程与应用,2005,24:156-159
[45]Steves,Bill著,杨继张译.UNIX网络编程第1卷:套接口API[M].北京:清华大学出版社,2006