一种研究型虚拟蜜罐网络的设计与实现

信息时代的到来需要计算机安全防护从被动防御转为主动防御，从而使蜜罐技术在网络对抗中日益受到重视。蜜罐技术研究的重点在于如何设计一个严格控制的网络诱骗环境。文中设计并实现了一个研究型虚拟蜜罐网络。首先，提出了虚拟蜜网的总体设计目标及蜜网拓扑结构，然后，实现了蜜罐网络并分析了各功能模块。对蜜罐网络的攻击测试结果表明该蜜罐网络达到了设计目标。     

蜜罐技术发展初探

目前,传统网络防护技术都是在攻击者对网络进行攻击时对系统进行被动的防护,蜜罐技术是一种主动防御技术,可以诱骗攻击,记录入侵过程,及时获得攻击信息并以此来深入分析各种攻击行为。文章从蜜罐技术发展历程的角度来阐述蜜罐、蜜网、蜜场等技术原理及其在实际中的典型应用。     

基于动态阵列蜜罐的协同网络防御策略研究

从虚实结合动态变化的兵阵对抗得到启发,提出动态阵列蜜罐概念,通过多机协同、功能角色的周期或伪随机切换,形成动态变化的阵列陷阱,从而达到迷惑和防范攻击者的目的.给出了动态阵列蜜罐防御模型,通过NS2网络模拟器对动态阵列蜜罐进行了系统仿真和测试,基于Java平台设计实现了动态阵列蜜罐原型系统并进行了攻击实验.仿真测试和原型实验结果均表明动态阵列蜜罐系统具有良好的网络对抗性能.     

基于网络扫描技术的动态蜜罐网络设计与实现

面对网络上复杂而多变的黑客攻击,提出利用虚拟蜜罐技术和网络扫描技术构建动态自适应虚拟网络的方法来迷惑攻击者,延缓和转移攻击,消耗攻击资源,保护实际网络环境,并收集攻击信息。首先介绍了蜜罐技术的基本概念和虚拟蜜罐框架Honeyd,详细分析了系统所使用的各种网络扫描技术,特别是主动式协议栈指纹分析技术,进而设计并实现了该动态虚拟网络系统,并对系统进行了测试,结果证明该设计可以成功地虚拟网络环境,最后分析了该设计的不足,并对下一步研究做了展望。     

对于IP地址攻击有效的混合蜜罐入侵检测系统

提出在入侵检测系统中融合蜜罐技术并应用在分布式的网络环境中。主要目的就是通过单播IP地址攻击和组播的IP地址攻击对比单独入侵检测系统与融合了蜜罐技术的入侵检测系统检测攻击的有效性。混合蜜罐网络由Snort和Honeyd组成,Snort的作用是入侵检测而Honeyd组成蜜罐系统。Honeyd安装在Linux系统中,这个系统的传感器探测Snort和Honeyd是否传送数据到主数据库。使用NESSUS对实验数据进行分析。提供给管理员一种更有效的网络管理方式。     

爱立信为香港数码通沃达丰提供HSDPA解决方案

近日，香港移动运营商数码通沃达丰（SmarIone—Vodafone）推出香港首个基于HSDPA、覆盖整个香港地区的商用移动宽带业务，成为大中华区首家采用该技术的运营商。该业务的推出是在爱立信成功将数码通沃达丰的3G／WCDMA网络升级至HSDPA之后实现的。这样，数码通沃达丰的网络能让用户通过笔记本电脑享受高达1．8Mbit／s的宽带速度，能为用户提供一系列新一代移动宽带业务，让他们能够体验真正的自由移动；用户的下载速度是目前PC卡3G连接的5倍，是现有GSM／GPRS连接的20倍。根据协议，爱立信为数码通沃达丰提供HSDPA的软件、硬件和系统安装服务。     

跟踪僵尸网络

密罐是一种用采发现攻击工具、攻击策略与攻击者攻击动机的技术。在本文中，我们考虑一种特殊的安全威胁：运行僵尸网络的个人与组织。僵尸网络是一个可以由攻击者远程控制的已被攻陷主机组成的网络。由于它们数量巨大（可以把几万台主机连接在一起），因此对网络构成了极其严重的威胁。在蜜网的帮助下，我们可以观察运行僵尸网络。由于记录数据的丰富性，这使得重构攻击者的行动、使用的工具和详细地研究他们成为了可能。这里，我们对僵尸网络、普遍的攻击技术做更进一步的介绍。     

基于蜜罐技术的计算机动态取证系统研究

提出了一种基于蜜罐的计算机动态取证方法.该方法通过蜜罐技术将入侵转移到一个虚拟的环境,不仅可以保护网络或主机不受攻击,而且还可以为证据的提取争取到更长的时间,从而获得更为真实的电子证据.实验结果表明:基于蜜罐的动态取证系统具有检测率高、误报率低、取证能力强的特性.     

联动式网络入侵防御系统的研究

针对单一技术在网络安全防御上的局限性,提出了用防火墙、入侵检测系统(Snort)、蜜罐三种技术组成共同对抗网络入侵的联动式防御系统.联动系统增加了入侵检测系统的联动插件,扩展了防火墙动态加入重定向规则功能,设置了蜜罐主机监视攻击,实现了三者的紧密互动.介绍了系统的结构、工作流程以及联动方案,并做了攻击实验,结果证明,联动防御系统对大规模的蠕虫攻击能够即时抵制.     

蜜罐识别技术研究

蜜罐技术是一种欺骗入侵者以达到采集黑客攻击方法和保护真实主机目标的诱骗技术,它的核心价值在于被探测、被攻击或者被威胁,以此达到对这些攻击活动的检测与分析,从而了解攻击者的目的、攻击手段甚至于心理习惯,最终实现从观察攻击者的行为中学习到深层次的信息保护的方法。在蜜罐技术的应用过程中,最为关键的一点就是蜜罐系统对攻击者所具有的迷惑性。从蜜罐系统特有的系统特征、硬件特征以及网络特征出发,分析各种蜜罐系统或者虚拟机系统中可能存在的一些可识别的特性,提出一些识别方案并针对部分方法进行了编程识别,希望能够引起安全行业的重视,能够推动蜜罐技术的发展。     

陷阱网络系统的应用研究

陷阱网络系统是以主动防御为目的的网络安全工具.文中全面地阐述了构建陷阱网络系统的关键技术,并提出了一个基于陷阱网络的应用体系结构,最后展望了陷阱网络系统的发展前景.     

Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks

The mobile ad hoc network (MANET) is communication network of a mobile node without any prior infrastructure of communication. The network does not have any static support; it dynamically creates the network as per requirement by using available mobile nodes. This network has a challenging security problem. The security issue mainly contains a denial of service attacks like packet drop attack, black-hole attack, gray-hole attack, etc. The mobile ad-hoc network is an open environment so the working is based on mutual trust between mobile nodes. The MANETs are vulnerable to packet drop attack in which packets travel through the different node. The network while communicating, the node drops the packet, but it is not attracting the neighboring nodes to drop the packets. This proposed algorithm works with existing routing protocol. The concept of trusted list is used for secure communication path. The trusted list along with trust values show how many times node was participated in the communication. It differentiates between altruism and selfishness in MANET with the help of energy level of mobile components. The trust and energy models are used for security and for the differentiation between altruism and selfishness respectively.     

Anonymous and expeditious mobile user authentication scheme for GLOMONET environments

The Global Mobility Network (GLOMONET) is rapidly becoming important as well as a popular feature in today's high‐performance network. The legal mobile users enjoy life using the ubiquitous services via GLOMONET. However, because of the broadcast nature of the wireless channel, providing user authentication along with the privacy and anonymity of the users in GLOMONET is indeed a challenging task. In this article, we come up with a secure and expeditious mobile communication environment using symmetric key cryptosystem to ensure mobile users' anonymity and privacy against eavesdroppers and backward/forward secrecy of the session key. Our scheme can also protect numerous security threats, like man‐in‐the‐middle attack, known session key attack, lost smartcard attack, and forgery attack. Furthermore, we put forward a new technique named as “friendly foreign agent policy,” where many foreign agents can make different groups among themselves and perform important responsibilities to authenticate a legitimate mobile user without interfering his or her home agent even though the mobile user moves to a new location, covered by a new foreign agent (belongs to the same group). Security and performance analyses show that the proposed scheme is secure and more efficient as compared with other competitive schemes for GLOMONET environments.     

A study of a routing attack in OLSR‐based mobile ad hoc networks

A mobile ad hoc network (MANET) is a collection of mobile nodes which are able to communicate with each other without relying on predefined infrastructures or central administration. Due to their flexibilities and easy deployment, MANET can be applied in situation where network infrastructures are not available. However, due to their unique characteristics such as open medium and the lack of central administration, they are much more vulnerable to malicious attacks than a conventional infrastructured wireless network. MANET employs routing to provide connectivity for mobile nodes that are not within direct wireless transmission range. Existing routing protocols in MANET assume a trusted and cooperative environment. However, in hostile environment, mobile nodes are susceptible to various kinds of routing attacks. In this paper, we show that an OLSR MANET node is prone to be isolated by malicious attack called Node Isolation attack. After analysing the attack in detail, we present a technique to mitigate the impact of the attack and improve the performance of the network when the attack is launched. The results of our implementations illustrate that the proposed solution can mitigate the attack efficiently. Copyright © 2007 John Wiley & Sons, Ltd.     

一种新的DDoS攻击主动防御方案

介绍DDoS攻击原理和分析DDoS攻击网络的控制机制后,提出了一种新的基于蜜网(honeynet)的主动防御方案,利用网络陷阱与跟踪技术,从根源上阻止DDoS攻击远程控制网络的形成,以达到主动防御的目的。     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

Traffic load metrics for multihomed mobile IP and global connectivity

Support for host mobility an essential and necessary feature for roaming users who connect to wireless networks via access points. Access points may have different capabilities, be connected to different networks and be installed by different providers. A mobile host will discover multiple access points in this environment. In such an environment, a mobile host should be able to use the best available connection to communicate with a correspondent host and perhaps use multiple connections for different hosts. In areas with wireless local area network access, pockets with limited or no coverage could exist. Such restricted connectivity could be compensated by neighbor hosts who form an ad hoc network and relay packets until they reach an access point. This paper describes and discusses a proposed solution towards enabling and supporting connectivity in wireless networks. In the proposed solution the network layer software will evaluate and decide which wireless network connections to use. A Running Variance Metric (RVM) and a Relative Network Load(RNL) are used to measure the traffic load of access points in wireless access networks. RVM and RNL can be efficiently used for both infrastructure networks and ad hoc networks. Multihomed Mobile IP (M-MIP) is an extension of Mobile IP that enables mobile hosts to use multiple care-of addresses simultaneously. The extension enhances network connectivity by enabling the mobile host, the home agent and correspondent hosts to evaluate and select the best connection. A proposed gateway architecture using M-MIP that integrates wired IP networks with ad hoc networks is described. The M-MIP and gateway architecture using the RVM and RNL metrics have been validated with simulation studies and results are presented.     

Amulti-channel model for initial and handoff accesses in a mobile computing environment

The communication infrastructure of a mobile computing environment can be based on the structure of a cellular/microcellular telephone system or a PCS network. In such a system, the occurrence of handoffs cannot be avoided and when handoffs occur, wireless links held by mobile computers crossing cell boundaries may be forced to terminate. The probability that a handoff access request will result in forced termination has a significant effect on the performance of a mobile computing environment, as does the probability that an initial access request will be blocked. Although some research has been done on initial and handoff accesses in cellular/microcellular telephone systems and PCS networks, the analytical models used in this research are not appropriate for mobile computing, since unlike a telephone, a mobile computer may use several channels at once. In this paper, we develop an analytical model to study initial and handoff accesses in a mobile computing environment. The model is based on a multi-dimensional continuous time Markov chain. The accuracy of the model is verified by comparison with simulation results. We then use the model to find a practical approach to balancing the initial access blocking probability and avarage forced termination probability of a connection in a mobile computing network.This research was supported by the National Science Council, ROC, under grant NSC 85-2213-E-009-063.     

Energy‐aware dynamic task offloading and collective task execution in mobile cloud computing

There is a good opportunity for enlightening the services of the mobile devices by introducing computational offloading using cloud technology. Offloading is a process for managing the complexity of the mobile environment by migrating computational load to the cloud. The mobile devices oblige the quick response for the offloading requests; it is dependent on network connectivity. The cloud services take long set‐up time irrespective of network connectivity. In this paper, new system architecture for the dynamic task offloading in the mobile cloud environment is proposed. The architecture includes the offloading algorithm that concentrates on energy consumption of the tasks both in the local and remote environment. The proposed algorithm formulates a collective task execution model for minimizing the energy consumption. The architecture concentrates on the network model by considering the task completion time in three different network scenarios. The experimental results show the efficiency of the suggested architecture in reducing the energy consumption and completion time of the tasks.