基于Snort的网络链路数据篡改自主防御系统  

作　　者：何君 王文 陈侃 何成胜 滕易 HE Jun;WANG Wen;CHEN Kan;HE Chengsheng;TENG Yi(New Energy Development Co.Ltd.of Hubei Energy Group,Wuhan Hubei 430000,China)

机构地区：[1]湖北能源集团新能源发展有限公司,湖北武汉430000

出　　处：《太赫兹科学与电子信息学报》2024年第11期1296-1303,共8页Journal of Terahertz Science and Electronic Information Technology

摘　　要：由于开放性源码造成数据暴露,传统方法无法阻断被攻击数据包传递,导致数据无法自主防御。为此设计了基于Snort的网络链路数据篡改自主防御系统。使用数据包嗅探器捕捉Snort的报文,并通过信息解码模块将分层译码整合成文本信息,通过网络将其发送至系统数据库中,处理大信息量警报数据并进行存储记录;构建基于Snort的网络纵深防御模型,实现对篡改攻击实时探测和自动截获。根据网络中信息包传递特性,计算不同节点间传输距离,确定防御节点位置。推导链路层数据受到篡改攻击时数据传输路径,构建数据篡改自主防御函数,实现数据的自主防御。采用小波去噪数据处理技术,获得时序数据;利用小波逆变换重构,得到去噪后的数据,完成数据篡改自主防御系统设计。由实验结果可知,该系统网络链路数据安全传输密度高,最大密钥恢复成功率可达98%,具有较强的鲁棒性。Due to the exposure of data caused by open source code,traditional methods cannot block the transmission of attacked data packets,resulting in the inability of data to autonomously defend.Therefore,a network link data tampering autonomous defense system based on Snort is designed.In the hardware part of the system,a packet sniffer is adopted to capture Snort messages,and the layered decoding is integrated into text information through an information decoding module.The integrated text information is sent to the system database through the network for processing high-volume alert data and storing records.In the system software section,a network depth defense model based on Snort is constructed to achieve real-time detection and automatic interception of tampering attacks.Based on the transmission characteristics of information packets in the network,the transmission distance between different nodes is calculated and the location of defense nodes is determined.The data transmission path is derived when the link layer data is subjected to tampering attacks,and an autonomous defense function is constructed for data tampering,therefore the autonomous defense of data is achieved.Using wavelet denoising data processing technology to obtain time-series data,using inverse wavelet transform reconstruction to obtain denoised data,the design of an autonomous defense system for data tampering is completed.According to the experimental results,the system has a high density of secure transmission of network link data,and the maximum success rate of key recovery can reach 98%,demonstrating strong robustness.

关 键 词：Snort开源软件 网络链路 数据篡改 自主防御 

分 类 号：TN391[电子电信—物理电子学]