动态目标防御中的诱骗与反攻击方法研究-控制工程专业论文.docxVIP

Abstr act With the rapid development of Internet technology, people are increasingly using the Internet to transmit information. Although people use a variety of methods and tools to enhance the security of network of communication,attacks still occur frequently, the number of successful attack is also increasing.The existing network defense technologies, such as firewall,IDS,IPS and intrusion deception system is to ensure the host system from external attacks, data encryption can prevent from leaking sensitive information when data is transmitted on the communication link,but it is damaged inevitably and maliciously. How to guarantee the information security has become one of the most concern today. This paper presents a new defense approach—The Deception and anti-attack methods in the dynamic target defense system.This method can guarantee the safety and reliability of the data during transmission, and prevent and detect some attack behavior during data transmission. Firstly,this paper introduces the background and significance of research,Analysis the research status of network information security,and then study the attack method hacker commonly used,as well as the principle of traditional passive defense and active defense technology,point out the advantages and disadvantages of these technologies, propose a network deception and anti-attack methods in the dynamic target defense system. Secondly, this paper introduces the function and working process of the defense model and a detailed design of the defense method is been carried,mainly to redefine the IP packet and design a decoy packet which can confuse attackers and to detect the quality of communication links or detect and prevent attacks.In addition a anti-attack data have been designed，which can be used safely by legitimate users and also can block attacks happen from the source. At last, the result of simulation on NS2 prove the correctness and effective of the scheme. Keywor ds: information security ne