SSH隧道下应用协议识别的网络安全研究
    点此下载全文
引用本文:麦兴宾.SSH隧道下应用协议识别的网络安全研究[J].计算技术与自动化,2019,(3):141-146
摘要点击次数: 13
全文下载次数: 0
作者单位
麦兴宾 (国网西藏信通公司西藏 拉萨 850000) 
中文摘要:由于对应用层信息的收集和识别能够实现更精确的性能分析和入侵检测,对提高网络安全性和性能具有重要意义,为此对SSH隧道下应用协议的识别进行了研究。首先,分析SSH协议以确定可以从连接建立阶段获得哪些信息。随后在流量监控基础架构所创建的扩展功能的基础上对所获取信息进行分析,获取SSH数据中所包含的应用层协议相关的信息。最后,在真实网络对SSH连接进行监测,并对监测结果进行分析。研究结果表明,通过对SSH流量数据的分析,可以识别包括端口、客户端软件在内等应用层协议,改进对暴力密码攻击等安全漏洞的检测。
中文关键词:SSH  流量  监控  网络
 
Research on Network Security of Application Protocol Identification Under SSH Tunnel
Abstract:Due to the collection and identification of application layer information, more accurate performance analysis and intrusion detection can be realized, which is of great significance for improving network security and performance. For this reason, the identification of application protocol under SSH tunnel is studied. First, analyze the SSH protocol to determine what information can be obtained from the connection establishment phase. Then, based on the extended functions created by the traffic monitoring infrastructure, the acquired information is analyzed, and information related to the application layer protocol included in the SSH data is obtained. Finally, the SSH connection is monitored on the real network and the monitoring results are analyzed. The research results show that through the analysis of SSH traffic data, application layer protocols including port and client software can be identified to improve the detection of security vulnerabilities such as brute force password attacks.
keywords:SSH  traffic  monitoring  network
查看全文   查看/发表评论   下载pdf阅读器