Research On Key Technologies Of Attack Detection Of Cisco Routers

As one of the core infrastructures in the network,the security of routers has gradually become an important topic of network security.Cisco company has always been a manufacturer and technology leader of the related networking equipment.The market share of its equipment has great advantages.Similarly,its equipment security has also been widely concerned by the industry.Routers,and in particular Cisco routers,are often deployed in various parts of a firewall system,for example as border routers,etc.As such,they can be high-value targets for attackers.However,the current protection detection against Cisco router attacks is still relatively scarce,so it is of great significance to carry out security research work on Cisco routers.Aiming at the general security issues of Cisco routers,this thesis studies the detection technology of router attack behavior.After classifying and describing the router attacks,the vulnerability-based attack method is analyzed,and the vulnerability mechanism of the stack overflow on the router is analyzed by using the fuzzing tests and the dynamic and static analysis and debugging.After clarifying the cause of the vulnerability,this thesis puts forward various detection methods for vulnerability attacks,and on the basis of a router simulation software,the effectiveness of the proposed method is verified through attack experiments.The main work of this thesis includes:1.This thesis studies the applicability of the fuzzing method to Cisco IOS,analyzes the cause of the vulnerability through the binary patch comparison method,and deeply analyzes the exploit method.A method based on in-memory fuzzing for mining Cisco undocumented commands is proposed.First,this thesis introduces the principle knowledge of in-memory fuzzing,analyzes the general process of command parsing in Cisco IOS with reverse engineering.Then,it automatically generates string test cases and circularly submits to the command parsing interface,and implements undocumented commands mining by monitoring the returned results.It provides a basis for judging whether the Cisco routers are potential risk.2.A Cisco IOS vulnerability detection method based on DEP protection idea was proposed.Cisco's earlier series of routers doesn't have DEP function.By emulating these routers and introducing DEP,security can be increased.This thesis introduces the stack structure of IOS system,and designs two detection methods for IOS control flow hijacking attack based on the idea of control flow integrity.3.The log scheme of synchronous recording functions execution process in IOS operation is designed to code tracking after attack detection,and a traffic caching scheme is proposed for backtracking and extracting malicious traffic so that it can interact with the data replay interface of the detection system to reappear the attack scene.Finally,based on the virtualized Cisco IOS,integrating the functions and interfaces,a prototype system of Cisco routers attack behavior detection is implemented.In order to secure the simulated Cisco routers running IOS,the test methods and specific examples are provided,test experiments are designed,test environment is built,and the effectiveness of the system is verified by the key functions hook attack and vulnerability attack.The experimental results show that the proposed method is effective for detection and protection of Cisco router attacks.