HCHS蜜罐系统的研究与实现
|
摘要
蜜罐和蜜网技术为捕获并深入分析黑客的攻击行为提供了基础。但是,现有的蜜罐和蜜网技术存在容易被黑客发现、取证的合法性等问题,一般用作研究工具,在实际网络中应用时存在给应用网络可能带来风险的问题。
本研究在总结分析蜜罐和蜜网技术应用研究成果的基础上,针对现有蜜网系统隐蔽性不高,安全性差的问题,提出一种增强蜜罐伪装性和安全性的优化构网策略,并建立了高隐蔽高安全性的蜜罐系统模型。
高隐蔽高安全性蜜罐系统在现有蜜罐技术的基础上对其结构重新进行了优化,其中:
(1)引入无缝环境切换技术,使蜜罐系统的伪装性得到提高,减少了被发现的可能性。
(2)采用异常检测及误用检测相结合的混合检测技术,提高了蜜罐网系统的整体性能。
本系统采用了异常检测与误用检测相结合的混合检测技术。这样在实际的应用中,两种检测技术相互结合、优缺互补,共同提高系统的整体性能。
在模拟网络环境下,对高隐蔽高安全性的蜜罐系统进行了外连接控制测试、入侵检测测试。检测结果显示,该系统检全率、安全性等性能指标有显著地提高,而且被黑客发现的可能性较小,在收集攻击信息的同时,有效保护信息系统。
The technology of honeypot and honeynet has offered the foundation for capturing and analyzing in depth hacker's behavior. But honeypot and honeynet are easy to be find by hacker at present, the validity of collecting evidence is similarly disputed. They are generally used to be researchful tool, The application of reality hazard the net.
This research has summarized and analyzed the fruit of the application and the investigation. Aim at the problem that fraudulence is not enough and the security is disqualification now, a strategy of designing net for improving fraudulence and the security is put forward.the model of high concealable and high secure system of honeypot has been set up.
The high concealable and high secure system of honeypot adopt any optimized measure:
(1) Seamless switch environment technique is imported, it improved the concealable and decreased the finded possibility.
(2) Mixing by misuse detect and abnormity detect enhanced the whole performance of honeynet system.
This system adopt the mixed detect by misuse detect and abnormity detect.
Therefore, the whole performance of the system is enhanced.
In the simulated situation, link-out control test and ID test are done. The simulation results indicate that the security performance of the system is observably improved, Also, the finded possibility is unconspicuous. It effectively protect information systems, at the same time, it can collect assault info.
本研究在总结分析蜜罐和蜜网技术应用研究成果的基础上,针对现有蜜网系统隐蔽性不高,安全性差的问题,提出一种增强蜜罐伪装性和安全性的优化构网策略,并建立了高隐蔽高安全性的蜜罐系统模型。
高隐蔽高安全性蜜罐系统在现有蜜罐技术的基础上对其结构重新进行了优化,其中:
(1)引入无缝环境切换技术,使蜜罐系统的伪装性得到提高,减少了被发现的可能性。
(2)采用异常检测及误用检测相结合的混合检测技术,提高了蜜罐网系统的整体性能。
本系统采用了异常检测与误用检测相结合的混合检测技术。这样在实际的应用中,两种检测技术相互结合、优缺互补,共同提高系统的整体性能。
在模拟网络环境下,对高隐蔽高安全性的蜜罐系统进行了外连接控制测试、入侵检测测试。检测结果显示,该系统检全率、安全性等性能指标有显著地提高,而且被黑客发现的可能性较小,在收集攻击信息的同时,有效保护信息系统。
The technology of honeypot and honeynet has offered the foundation for capturing and analyzing in depth hacker's behavior. But honeypot and honeynet are easy to be find by hacker at present, the validity of collecting evidence is similarly disputed. They are generally used to be researchful tool, The application of reality hazard the net.
This research has summarized and analyzed the fruit of the application and the investigation. Aim at the problem that fraudulence is not enough and the security is disqualification now, a strategy of designing net for improving fraudulence and the security is put forward.the model of high concealable and high secure system of honeypot has been set up.
The high concealable and high secure system of honeypot adopt any optimized measure:
(1) Seamless switch environment technique is imported, it improved the concealable and decreased the finded possibility.
(2) Mixing by misuse detect and abnormity detect enhanced the whole performance of honeynet system.
This system adopt the mixed detect by misuse detect and abnormity detect.
Therefore, the whole performance of the system is enhanced.
In the simulated situation, link-out control test and ID test are done. The simulation results indicate that the security performance of the system is observably improved, Also, the finded possibility is unconspicuous. It effectively protect information systems, at the same time, it can collect assault info.
引文
(1) 崔志磊 一种全新的网络安全策略—蜜罐及其技术 计算机应用与软件 2004.21(2)
(2) 王利林 基于主动防御的陷阱网络系统 计算机工程与应用 2002.17 177~179
(3) 李志军 蜜罐系统中的FTP诱骗技术 计算机应用研究 2004.9 155~157
(4) 杨奕 基于入侵诱骗技术的网络安全研究与实现 计算机应用研究 2004.3 230~232
(5) 王璐 业务蜜网技术与应用 计算机应用 2004.24(3)43~45
(6) 刘宝旭.主动型安全防护措施—陷阱网络的研究与设计 计算机工程 2002.12
(7) 曹爱娟 抵御DDOS攻击的陷阱系统的设计与实现 计算机工程 2004.1
(8) 曹爱娟 网络陷阱与诱捕防御技术综述 计算机工程 2004.30(9)1~3
(9) 胡建伟 欺骗网络体系框架研究 网络安全技术与应用 2004.3 20~23
(10) 李辉 蜜罐技术及其应用 网络安全技术与应用 2004.8 40~41
(11) 唐鹏 Honeypot的问题和挑战 信息安全与通信保密 2004.11 35~37
(12) 王勇网络诱骗系统的诱骗策略与信息获取设计及实现信息安全与通信保密 2004.9
(13) 刘洪发 信息安全主动防御技术的研究与探讨 信息安全与通信保密 2003.12
(14) 胡恒一 夏春和 入侵诱骗系统中无缝环境切换技术的研究 计算机工程与设计 2005.11
(15) 吴翔 诱敌深入 计算机安全 2004.6 31~32
(16) 李远玲 欺骗性安全防御系统蜜罐的研究 2004年6月
(17) 王璐 业务蜜网系统的有限自动机 重庆邮电学院学报 2004 16(3)
(18) 刘宝旭等 陷阱网络研究综述 网络安全技术与应用 2003.1
(19) 张文科等 蜜罐技术在防御分布式攻击拒绝服务中的应用 通信技术 2003.5
(20) 戴云平等 陷阱网络中数据控制的原理及其实现 计算机工程与应用 2004.20
(21) 张建忠等 分布式可扩展网络诱骗系统的研究 计算机应用 2003.23
(22) 郝京宇,谢绍斌,罗红 入侵检测系统网络数据捕获模块研究 航空计算技术 2002年第32卷,第1期
(23) W.Richard Stevens著,尤晋元 翻译《UNIX网络编程技术》机械工 业出版社 2000年2月
(24) Comer D.《用TCP/IP进行网际互连—原理、协议和体系结构》(第三版)北京电子工业出版社,1998年4月
(25) 邓健 对网络攻击行为实施欺骗和诱导的研究 广西师范大学硕士学位论文
(26) 《计算机软件工程规范国家标准汇编2000》.北京:中国标准出版社,2000年
(27) 冯登国 计算机通信网络安全 北京:清华大学出版社,2001
(28) 卢昱 林琪 网络安全技术 北京:中国物资出版社,2001
(29) 龚俭 陆晟 王倩 计算机网络安全导论 南京:东南大学出版社,2000
(30) 夏春和,吴震,赵勇,王海泉 入侵诱骗模型的研究与建立 计算机应用研究 2002年第4期
(31) White Paper: Honeypots. Reto Baumann. Feb. 26,2002. http://www.rbaumann.net.Christian Plattner. http://www.christianplattner.net.
(32) Know Your Enemy: Defining Virtual Honeynets. Honeynet Project. 27 January, 2003. http://project.honeynet.org/
(33) A Virtual Honeypot Framework. Niels Provos http://www.citi.umich.edu
(34) Lance Spitzner. Honeypot Definitions and Value of Honeypots. http://www.tracking-hackers.com.Last Modified:29 May, 2003
(35) Honeyd: A Virtual Honeypot Daemon (Extend Abstract).Niels Provos.
(36) Simulating Networks with Honeyd. Roshen Chandran, Sangita Pakala. Dec. 14, 2003. http://www.paladion.net
(37) Robert Lemos. Honeypots get stickier for hackers. April 11,2003
(38) Lance Spitzner. Open Source Honeypots: Learning with Honeyd. January 20,2003. http://www.tracking-hacker.com/.
(39) Project Honeynet Members. Project Honeynet. Oct 2001. http://project.honeynet.org.
(40) P. G. Neumann and D. B. Parker, A Summary of Commputer Misuse Techniques, Proc. of the 13th National Computer Security Conference, Baltimore, MD, October 10-13, 1989, pp. 396-407.
(41) P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC2267, Jan. 1998.
(42) R. Stone. CenterTrack: An Overlay Network For Tracking Dos Floods. Proceedings of the 2000 USENIX Security Symposium, Denver, CO, July 2000
(43) Curtis A. Carver, Udo W. Pooch, An Intrusion Response Taxonomy and its Role in AutomatYc Intrusion Response, Proceedings of the 2000 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 6-7 June, 2000.
(44) Brian T. Spink, A Description of the Automated Intrusion Detection Environment, http://www.securedecisions.com/documents/AIDE0907.ppt
(45) Ton Plooy, Packet Filtering with iphlpapi, dll, Windows Developer's Journal, Windows Developers Journal, October 2000, Volume 11 Number 10
(46) The WU-FTPD Development Group, wu-ftpd version 2.6.2, http://www.wu-ftpd.org,2003.
(47) J. Postel, J. Reynolds. FILE TRANSFER PROTOCOL (FTP)RFC 959. IETF, 1985.
(48) Clifford Stoll, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, America, Pockets Books (ISBN: 0743411463), 2000, 15-31.
(49) Reto Baumann, Christian Plattner. Honeypots, Diploma thesis. Feb, 2002. http://security.rbaumann.net/download/diplomathesis.pdf.
(50) CyberCop Sing. CyberCop Sting Getting Started Guide. http://www.um.es/ftp/mirror/ftp.mcafee.com/security/ccsting/manual/Cstguid e. pdf.
(51) Marcus Ranum. BackOfficer Friendly (BOF).http://www.nfr.net/products/.
(52) Ireland Security Information Center and DuBlin City University.ISIC Honeypot Project. http://www.isiclabs.com/honeypot/.
(53) Spencer, Fighting Relay Spam the Honeypot Way.http://fightrelayspam.homestead.com/.
(54) Niels Provos. Open Source honeyd.http://www.citi.umich.edu/u/provos/honeyd/.
(2) 王利林 基于主动防御的陷阱网络系统 计算机工程与应用 2002.17 177~179
(3) 李志军 蜜罐系统中的FTP诱骗技术 计算机应用研究 2004.9 155~157
(4) 杨奕 基于入侵诱骗技术的网络安全研究与实现 计算机应用研究 2004.3 230~232
(5) 王璐 业务蜜网技术与应用 计算机应用 2004.24(3)43~45
(6) 刘宝旭.主动型安全防护措施—陷阱网络的研究与设计 计算机工程 2002.12
(7) 曹爱娟 抵御DDOS攻击的陷阱系统的设计与实现 计算机工程 2004.1
(8) 曹爱娟 网络陷阱与诱捕防御技术综述 计算机工程 2004.30(9)1~3
(9) 胡建伟 欺骗网络体系框架研究 网络安全技术与应用 2004.3 20~23
(10) 李辉 蜜罐技术及其应用 网络安全技术与应用 2004.8 40~41
(11) 唐鹏 Honeypot的问题和挑战 信息安全与通信保密 2004.11 35~37
(12) 王勇网络诱骗系统的诱骗策略与信息获取设计及实现信息安全与通信保密 2004.9
(13) 刘洪发 信息安全主动防御技术的研究与探讨 信息安全与通信保密 2003.12
(14) 胡恒一 夏春和 入侵诱骗系统中无缝环境切换技术的研究 计算机工程与设计 2005.11
(15) 吴翔 诱敌深入 计算机安全 2004.6 31~32
(16) 李远玲 欺骗性安全防御系统蜜罐的研究 2004年6月
(17) 王璐 业务蜜网系统的有限自动机 重庆邮电学院学报 2004 16(3)
(18) 刘宝旭等 陷阱网络研究综述 网络安全技术与应用 2003.1
(19) 张文科等 蜜罐技术在防御分布式攻击拒绝服务中的应用 通信技术 2003.5
(20) 戴云平等 陷阱网络中数据控制的原理及其实现 计算机工程与应用 2004.20
(21) 张建忠等 分布式可扩展网络诱骗系统的研究 计算机应用 2003.23
(22) 郝京宇,谢绍斌,罗红 入侵检测系统网络数据捕获模块研究 航空计算技术 2002年第32卷,第1期
(23) W.Richard Stevens著,尤晋元 翻译《UNIX网络编程技术》机械工 业出版社 2000年2月
(24) Comer D.《用TCP/IP进行网际互连—原理、协议和体系结构》(第三版)北京电子工业出版社,1998年4月
(25) 邓健 对网络攻击行为实施欺骗和诱导的研究 广西师范大学硕士学位论文
(26) 《计算机软件工程规范国家标准汇编2000》.北京:中国标准出版社,2000年
(27) 冯登国 计算机通信网络安全 北京:清华大学出版社,2001
(28) 卢昱 林琪 网络安全技术 北京:中国物资出版社,2001
(29) 龚俭 陆晟 王倩 计算机网络安全导论 南京:东南大学出版社,2000
(30) 夏春和,吴震,赵勇,王海泉 入侵诱骗模型的研究与建立 计算机应用研究 2002年第4期
(31) White Paper: Honeypots. Reto Baumann. Feb. 26,2002. http://www.rbaumann.net.Christian Plattner. http://www.christianplattner.net.
(32) Know Your Enemy: Defining Virtual Honeynets. Honeynet Project. 27 January, 2003. http://project.honeynet.org/
(33) A Virtual Honeypot Framework. Niels Provos http://www.citi.umich.edu
(34) Lance Spitzner. Honeypot Definitions and Value of Honeypots. http://www.tracking-hackers.com.Last Modified:29 May, 2003
(35) Honeyd: A Virtual Honeypot Daemon (Extend Abstract).Niels Provos.
(36) Simulating Networks with Honeyd. Roshen Chandran, Sangita Pakala. Dec. 14, 2003. http://www.paladion.net
(37) Robert Lemos. Honeypots get stickier for hackers.
(38) Lance Spitzner. Open Source Honeypots: Learning with Honeyd. January 20,2003. http://www.tracking-hacker.com/.
(39) Project Honeynet Members. Project Honeynet. Oct 2001. http://project.honeynet.org.
(40) P. G. Neumann and D. B. Parker, A Summary of Commputer Misuse Techniques, Proc. of the 13th National Computer Security Conference, Baltimore, MD, October 10-13, 1989, pp. 396-407.
(41) P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC2267, Jan. 1998.
(42) R. Stone. CenterTrack: An Overlay Network For Tracking Dos Floods. Proceedings of the 2000 USENIX Security Symposium, Denver, CO, July 2000
(43) Curtis A. Carver, Udo W. Pooch, An Intrusion Response Taxonomy and its Role in AutomatYc Intrusion Response, Proceedings of the 2000 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 6-7 June, 2000.
(44) Brian T. Spink, A Description of the Automated Intrusion Detection Environment, http://www.securedecisions.com/documents/AIDE0907.ppt
(45) Ton Plooy, Packet Filtering with iphlpapi, dll, Windows Developer's Journal, Windows Developers Journal, October 2000, Volume 11 Number 10
(46) The WU-FTPD Development Group, wu-ftpd version 2.6.2, http://www.wu-ftpd.org,2003.
(47) J. Postel, J. Reynolds. FILE TRANSFER PROTOCOL (FTP)RFC 959. IETF, 1985.
(48) Clifford Stoll, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, America, Pockets Books (ISBN: 0743411463), 2000, 15-31.
(49) Reto Baumann, Christian Plattner. Honeypots, Diploma thesis. Feb, 2002. http://security.rbaumann.net/download/diplomathesis.pdf.
(50) CyberCop Sing. CyberCop Sting Getting Started Guide. http://www.um.es/ftp/mirror/ftp.mcafee.com/security/ccsting/manual/Cstguid e. pdf.
(51) Marcus Ranum. BackOfficer Friendly (BOF).http://www.nfr.net/products/.
(52) Ireland Security Information Center and DuBlin City University.ISIC Honeypot Project. http://www.isiclabs.com/honeypot/.
(53) Spencer, Fighting Relay Spam the Honeypot Way.http://fightrelayspam.homestead.com/.
(54) Niels Provos. Open Source honeyd.http://www.citi.umich.edu/u/provos/honeyd/.