高校网络攻击溯源体系建设研究

Research on Traceability System Construction of Network Attacks at Universities

目前的攻击溯源研究在应对APT等使用跳板及公共网络服务的网络攻击时,追踪溯源能力有限。为高效准确追踪针对高校的网络攻击源头、溯源攻击者的攻击过程,依据高校实际所处网络拓扑环境并结合当下常见的网络攻击方式,对公网用户、VPN用户、校内有线用户、校园无线用户四种网络访问情形下的网络追踪溯源体系建设进行了探讨和研究,提出了可行的溯源解决方案。网络管理者可依此方案追踪到攻击数据包的来源并定位攻击者,继而针对溯源结果采取网络安全应急措施,及时处置系统漏洞、计算机病毒、网络攻击、网络侵入等安全风险,优化网络防护方案。实际测试结果表明,在符合溯源的前提条件下,均可准确溯源到攻击者。针对校内有线网络用户,由于缺乏认证功能,还存在一些技术和管理上的限制,后续还需进一步的调整和优化。

The current research on attack traceability has limited ability to track and trace the source when dealing with APT and other network attacks using springboards and public network services. Based on the common network attacks and the actual network topology of colleges and universities, construction of the network traceability system under four network access scenarios: network users, VPN users, campus wired users, and campus wireless users is discussed and studied. Network administrators can trace the source of attack packets and locate attacks according to this scheme. Then, emergency measures can be taken to deal with the security risks such as system vulnerabilities, computer viruses, network attacks, network intrusion, and the network protection scheme can be optimized. Shown by the actual test results, attackers can be accurately traced to the source under the preconditions of traceability. For campus wired network users, there are still some technical and management restrictions due to the lack of authentication function, which need to be further adjusted and optimized in the future.