| The ARPAnet only with nodes in 1969 has developed to over 147,344,723 hosts linking Internet in 2002. The fast development of computer network impels the technical innovation and social progresses,which on the other hand give rise to serious security problems. In the last few years,the security accidents surge tremendously,information war has become the newest hotpot of network's research.With tradition's network security technique,the method to deal with network attack is to adopt passive defense means. All these means seem too less able to handle swiftly changing attack methods. In order to protect network system proactively,How to make the network security defense system dynamic and change the measure actively but not passively are the task of network security research.The aim of this thesis is to discuss the technique and the method of deception and lure to fight against the network attack by setting up deceitful network environment to make attacker can't distinguish the reliability of construction network and find which kind of the datum they scanned are true. These techniques and methods are very helpful for network's security.This thesis consists of three parts.Firstly,the thesis introduces the origins and development of Internet,security events of Internet and its reason,analyzes the development of deception technique in the world,presents the research background and contents. After analyzing the method of network attack,the thesis gives an attack taxonomy based on the process of network attack.Secondly,the thesis introduces the security system of OSI briefly,expatiate some proposition to adaptability dynamic network security model,and give the definition and formalization of the deception and lure. In the light of the entropy's and the probability's method,analysis to deception's function in adaptability dynamic network security model is expounded briefly.Finally,the thesis analyzes address scan,port scan,operate system identify etc. to find what protocol to be used by the attacker in the information collections stage,and designs some program to deceive the attacker. Also,in this section the style of honeypot,and the security of honeypot,including two designs about how to abduct the intrusion to the honeypot,the NAT (Network Address Translation) technique and the proxy technique will be discussed.According to the conclusion of this thesis,we can claim that deception and lure increase the attacker's workload because they can't easily tell which of their attack attempts work and which fail. This method also exhausts attacker resources,increases the sophistication required for attack,all of these are help for computer network security.
|
PDF Full Text Request