| In recent years, computer and network technology has been the rapid development and wide application worldwide, network applications have in-depth all aspects of peoples daily life. And played an important in different fields and irreplaceable role,such as commercial, administrative and military. It has brought great convenience to human work and life. On the other hand, due to computer systems and network systems is still evolving, there have a lot of their own vulnerability, More and more network security problems was appeared.When the network not only as a messaging platform and tools,but also take on the central control system, Closely related with the network of political, economic, military and culture, as well as financial, telecommunications, electricity, transportation, oil and other national strategic lifeline, are bound in a relatively threat of network security. To some extent, network security threats has increased the country's strategic security threat. How to protect the network from attack is becoming a hot research and network security is increasingly becoming an important subject.The starting point of this paper is based on The characteristics of China's security situation:Network attacks are varied and complicated. With behavior analysising and direct demoing to recurrent network attacks, revealling the behavior of network attacks and their key points.Through the network protocol analysis and Data structure of TCP,UDP and ICMP, focus on the network scanning. Analysis of LKM based kernel-level ROOTKIT, learned the behavior of changing the system "sys_call_table" and generate dynamic "struct module" to tamper with the kernel. That analysis of VFS kernel based ROOTKIT, research how to change the function which object "file_operations" getdents64 get, to hidden files and processes. At clearing signs respect, research LINUX log file access mode and two removal methods. I had categoriesed the principle of network attack techniques, learned design ideas, application technologies and implementations of the network attacks, including the current mainstream of network attacks and hacking, such as DDoS and buffer overflow.Based on the work in the above, depending on the network with the behavioral characteristics of attack, constructed a network attack analysis and effect of a demonstration platform. The platform implanted part of the source code, executable and picture. tracking with key nodes, the kernel code display, real-time data analysis and other methods of attack before and after the attacks demonstrated the relevant network. Can be demonstrated from client-side attacks and being attacked.The network attack analysis and demonstration of consequences platform is useful to deeply understand real network attacks,grasp specific process of network attacks and intuitive comprehend of the consequences of network attacks. It can be used for actual research and teaching. |
PDF Full Text Request