论文标题:基于OPNET的网络安全研究
Research Network Security Based on OPNET Model
论文作者
论文导师 高丙坤,论文学位 硕士,论文专业 通信与信息系统
论文单位 大庆石油学院,点击次数 108,论文页数 57页File Size2463K
2007-03-15论文网 http://www.lw23.com/lunwen_1011808787/
Intrusion Detection; Denial of Service; Simulation; Signature Identification; Network Security
Internet网作为世界上最大也是最成功的信息媒体,在给科学研究和资源共享带来极大便利的同时,由于其自身结构上的安全缺陷,给网络带来了巨大的安全风险,严重地制约了网络的进一步发展。伴随着Internet的商业化,网络上与交互有关的信息安全问题日益突出,网络安全成为数据通信领域研究和发展的一个重要方向。计算机网络安全技术就是在这样的背景下提出来的。其目的是保障网络服务的可用性以及网络信息的完整性与保密性。 网络入侵检测和网络安全是IT业面临的重要课题。黑客采用许多技术来入侵正常的操作系统,但目前的防火墙以及入侵检测系统(IDS)只能利用标签识别来防御已知的入侵,而当面对新的攻击时却远远不够成熟。本文通过产生基于TcpDump数据的数据包来模拟入侵流量,这种TcpDump数据包含有入侵包。在OPNET模拟中产生的流量,可以促进在数据过滤以及入侵检测策略方面的研究。仿真中通过利用防火墙来捕获Denial-of-Service (DOS)攻击,并估测了模拟效率,以及被模拟网络的网络性能。 本文首先简要介绍了网络安全的研究背景和基础,同时还介绍了OPNET仿真软件及其基本功能实现,重点研究了入侵检测技术的体系结构,用OPNET软件对网络入侵进行仿真实验,并对实验结果进行了详细的分析,实验结果达到了预期目标。 本文针对入侵检测技术进行了较深入的研究和探讨,结合网络安全的实际,设计了一个基于OPNET仿真技术的入侵攻击模型,并对其中的关键技术进行了实现。针对系统中的不足之处,提出了进一步完善改进的设想。 本文最后讨论了网络安全技术难点,展望了解决网络安全的关键技术和发展趋势。
As the largest and the most successful medium, Internet provides more convenience for science research and resources sharing. But at the same time, it brings great threat to network security due to the defections of structure and this restricts further development of network. With the pace of business development on Internet, the information security problem concerning interchange is looming as a potentially massive problem. So the technology that makes networks more secure emerged as the imminent demanded and gradually became an important development direction in data communication domain. The goal of network security technology is to ensure the availability of network services and the integrity and confidentiality of network information. Network intrusion detection and network security are important issues faced by the IT industry. Hackers apply an array of techniques to cause disruption of normal system operations, but on the defense, the firewalls and practical intrusion detection systems (IDS) nowadays are only effective in defending known intrusions using their signatures, and far less than mature when faced with novel attacks. This paper makes simulation of intrusion traffic by explicitly generating data packets based on real-life TCPDUMP data that contain intrusion packets. The explicitly generated traffic in OPNET simulation allows research on data filtering and intrusion detection strategies. This paper reports experimental studies of simulation efficiency and network performance of simulated networks using a firewall to capture Denial-of-Service (DOS) attacks. This article simply introduces the study background and the foundation. At one time also introduces the OPNET simulation software and its basic function. Focus on the study of construction to the intrusion detection techniques, do the experiment of the network intrusion using the OPNET software. At the end, analyses the results of the experiment, and the results of the experiment achieved the anticipated ultimate goal. In this paper, facing with numerous network security technologies, we make a research and discussion about the intrusion detection techniques. Aiming at network security practice, we propose a intrusion attack model base on OPNET simulation techniques. and realize the most pivotal technique of the system. In the end, we assume the perfection method about the deficiency of the network security detection and evaluation system. At last, the hard technological problems of network security are looked ahead.
|
