摘要:网络为我们带来了大数据时代,我们通过网络来进行信息的传输、接收和共享,每天数以拍(Petabyte)计的数据在网络上传输,而随着这些数据出现的除了市场和机遇外,还有关键的网络安全问题。若信息被黑客用恶意手段获取的,则会造成整个社会乃至国家都将会有不可预计的损失。随着网络入侵与攻击的事件不断增加,以及黑客攻击水平的不断提高,企业网络感染病毒、遭受攻击的速度日益加快,而网络防御手段却严重滞后,因此就需要引入一种全新的技术----入侵防御检测系统IPS。本文以入侵防御系统IPS的仿真与研究为主题,进行模拟仿真黑客入侵实验。通过搭建虚拟网络拓扑架构,并对内网进行配置一定的安全策略,然后模拟黑客入侵的手法,通过SQL注入方法尝试入侵、攻击目标网络。经过本次实验的现象和结果分析,掌握理解网络安全架构中入侵防御系统IPS的重要性,加深对网络安全,安全策略部署的认识和理解。70690
毕业论文关键词: 大数据;入侵防御系统;网络安全;黑客入侵;模拟攻击
Simulation and research of network intrusion prevention system based on large data
Abstract: The network has brought the era of big data for us, and we share the received transmission, through the network to the information, every day hundreds of shoot (Petabyte) meter data transmission in the network, and with these data appear in addition to the market and opportunities, as well as network security key question. If the information is obtained by hackers using malicious means, it will cause the entire society and even the country will have unexpected losses. Along with the network intrusion and attacks continue to increase, and constantly improve the level of the enterprise network hacker attacks, virus infection, the attack is accelerating, and network defense is a serious lag, so we need to introduce a new technology -- intrusion detection system IPS. This paper takes the simulation and research of intrusion prevention system IPS as the theme, and simulates the hacker intrusion experiment. Through the establishment of virtual network topology, and the network configuration of certain security policies, and then simulate the hacker intrusion, through the SQL injection method to try to invade and attack the target network. Through the analysis of the phenomenon and the results of this experiment, we should understand the importance of intrusion prevention system IPS in network security architecture, and deepen the understanding and understanding of network security and security policy deployment.
Keywords: big data;Intrusion prevention system;network security;hacker intrusion; simulated strike
目录
摘要 i
Abstract i
目录 1
1 绪论 1
1.1 网络环境现状 2
1.2 攻击手段 3
1.3 网络价值 3
1.4 防御手段 4
2 IPS与IDS分析 6
2.1 IDS的原理 6
2.2 IDS的主要缺陷 7
2.3 IPS的原理 7