| With the rapid development of the Internet, people came into a fast changing information age. Since the beginning of the existence of the Internet has the congenital defects of security in the design-the high-value of information and the low-cost of dissemination, it provides people with a broad space for development, in the meantime, it also brings a huge risk-network security.Network Attacks has been one of the most important factors in Network Security a But network attacks are a double-edged sword, people see their threats should also see its potential uses in the mean time. Many network attacks have extremely important value, through the analysis of captured network attacks can provide us some new ideas and methods. And if these attacks can be used again, it will provide great help in network penetration testing and national network confrontation. The current study mainly focuses on intrusion detection, honeypots and attack replay etc, reuse of attacks has not attracted people’s enough attention.This paper mainly focus on malicious code attacks, vulnerabilities attacks and network attack process analysis and other related technology to carry out a series of studies, design and system implementation work. Firstly, in this paper, we described the classification of network attacks, the characteristics of each type of the attacks and proposed basic reuse methods for each attack. Secondly, this paper analyzed the inefficiencies of existing analysis tools in network attack process analysis and proposed a rapid network attack process analysis tools-ADef that can be used in network attack reuse. ADef is a rapid network attack process,analysis system based on Host Intrusion Prevention System (HIPS). This system not only contains the core functionality of HIPS (recording and monitoring, etc.), but achieves a payload replacement function which is realized in kernel mode and oriented to the entire system that can automatically replace the payload in attacks. Finally, in this paper, we select a series of typical network attack samples in completed network attack samples. By reuse these samples, we verified the effectiveness of the basic attack reuse method and the payload replacement function, the efficiency of ADef system in attack reuse, and the important reference value of ADef system in the theoretical research and engineering practice. |
PDF Full Text Request