【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 8135次   下载 12953 本文二维码信息
码上扫一扫!
网络攻击源追踪技术研究综述
姜建国,王继志,孔斌,胡波,刘吉强
分享到: 微信 更多
(中国科学院信息工程研究所, 北京 中国 100093;中国科学院大学网络空间安全学院, 北京 中国 100093;中国科学院信息工程研究所, 北京 中国 100093;中国科学院大学网络空间安全学院, 北京 中国 100093;山东省计算中心(国家超级计算济南中心), 济南 中国 250101;北京交通大学, 北京 中国 100093)
摘要:
在网络空间中,网络攻击源追踪是指当检测到网络攻击事件发生后,能够追踪定位真正的攻击者的主机,以帮助司法人员对攻击者采取法律手段。近二十年,研究人员对网络攻击源追踪技术进行了大量研究。本文对这些研究进行了综述。首先,明确了问题的定义,不同的攻击场景所采用的追踪技术也有所不同,将问题分为5类:虚假IP追踪、Botnet追踪、匿名网络追踪、跳板追踪、局域网追踪,分别总结了相关的研究成果,明确各种方法所适用的场景。最后,将各类方法归纳为4种类型,对比了这4类方法的优缺点,并讨论了未来的研究方向。
关键词:  网络安全  IP追踪  跳板检测  僵尸网络  匿名网络
DOI:10.19363/j.cnki.cn10-1380/tn.2018.01.008
投稿时间:2016-06-14修订日期:2016-08-19
基金项目:本课题得到山东省重大科技创新工程(编号:2017CXGC0704)资助。
On the Survey of Network Attack Source Traceback
JIANG Jianguo,WANG Jizhi,KONG Bin,HU Bo,LIU Jiqiang
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences Beijing 100093, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences Beijing 100093, China;Shandong Computer Science Center(National Supercomputer Center in Jinan), Jinan 250101, China;Beijing Jiaotong University, Beijing 100093, China
Abstract:
In cyberspace, the network attack sources traceback is to trace and locate the real hosts owned by attackers after network attack events are detected, so that judicial personals can take some legal action to arrest or prosecute these network attackers. In recently twenty years, there are lots of researches on the issue, which is investigated by the paper. Firstly, the definition of the issue is argued. Since different traceback technologies should be applied on different attack scenarios, the issue can be divided into 5 sub-problems:Spoofing IP Traceback, Botnet Traceback, Anonymous Network Traceback, Step Stone Traceback, and Local Network Traceback. In the 5 sub-problems, all kinds of methods are surveyed and their primitive conditions are discussed. Finally, these methods are sumed up 4 types, whose strengths and weaknesses are compared. Then the future research work is proposed.
Key words:  Network security  IP traceback  step-stone detection  Botnet  anonymous network