发布时间 : 星期六 文章APT攻击的发现与防护方案的设计毕业论文更新完毕开始阅读691468fbb9f67c1cfad6195f312b3169a551ea42
本科毕业论文(设计)
论文(设计)题目:
ATP攻击的发现与防护方案设计
学院: 专业: 班级: 学号: 姓名:
**年**月**日
贵州大学毕业论文(设计)
贵州大学本科毕业论文(设计)
诚信责任书
本人郑重声明:本人所呈交的毕业论文(设计),是在导师的指导下独立进行研究所完成。毕业论文(设计)中凡引用他人已经
发表或未发表的成果、数据、观点等,均已明确注明出处。
特此声明。
论文(设计)作者签名:
日期:
I
贵州大学毕业论文(设计)
ATP攻击的发现与防护方案设计
摘要
APT即为高级持续性威胁,是近年来才出现的一种网络攻击手段,其特点是他的攻击的前期准备需要很长的时间,攻击的手段十分隐蔽, 变化多端、效果非常显著,不易被发现,APT攻击已经渐渐成为网络渗透和系统攻击的演进趋势。目前,国内外对 APT 攻击防护的研究尚处于初级阶段,防御方案是基于已知的知识和规则,基于信任,缺乏对未知威胁的感知能力,针对未知的感知能力非常薄弱,对抗点滞后,缺乏关联分析能力,并没有对 APT 攻击机理、产生背景等进行整体而细致的剖析。
为了有效的应对现今愈演愈烈的APT攻击,通过阅读大量的文献,和借鉴国内外的经验,从APT的规范定义及特征入手,对APT攻击产生的背景、攻击的原理及步骤进行了一个较为详尽的总结,在理解的基础上,利用两台Quidway S2008型号交换机和路由器 Quidway 2600型号的路由器还有若干台计算机,模拟内网和外网,利用搭建环境模拟几种典型的APT攻击,提出沙箱检测、异常检测、威胁检测、记忆检测等具体的方案来检测APT攻击。这些方案和传统的防护方案相比更加有效地检测 APT 网络攻击。通过检测来往的数据及信息是否含有APT特征,查询流量,分析日志,从而在APT还没发起攻击前发现APT攻击。并针对APT攻击提出了具体的防范方案
关键词:APT 攻击,检测方案,防范策略
II
贵州大学毕业论文(设计)
ATP attackandprotection scheme design
Abstract
APT is the advanced persistent threat, which is a kind of network attack occurred in recent years, its characteristic is that preparing his attack requires a long period of time, the attack is very subtle and the most changeful, the effect is very significant, not easy to be found APT attacks have gradually become the evolution trend of network penetration and system attack. At present, the domestic and foreign research on APT attack protection is still in the primary stage, the defense scheme is based on knowledge and rules, trust and the lack of an unknown threat perception, for the weak unknown perception ability, against lag, the lack of correlation analysis capability, instead of analyzing the background of APT attack mechanism overall anddetailed .
In order to effectively respond to the growing APT attack, by reading a lot of literature, and drawing lessons from domestic and international experience, from the APT standard definition and characteristic, conducted a more detailed summary on APT attacks generated background, principles and procedures of attacks。On the basis of understanding, using two Quidway S2008 types of switches and routers Quidway 2600 router models and some computer to simulate internal network and external network, and using building environment to simulate several typical APT attack, propose specific programs including the scheme sandbox detection, anomaly detection, threat detection, memory tests to detect APT attacks. These programs more effectively detect APT attacks compared with traditional protection schemes. By detecting whether the data and information contains APT features, querying flow, analysing log to find the APT attack before the APT attacks and proposed the specific prevention program for APT attack
Key: APT attack , detection scheme, prevention strategies
III