好文档 - 专业文书写作范文服务资料分享网站

计算机专业指纹识别操作系统毕业论文外文文献翻译及原文

天下 分享 时间: 加入收藏 我要投稿 点赞

毕 业 设 计(论文) 外 文 文 献 翻 译

文献、资料中文题目:指纹识别操作系统 文献、资料英文题目: 文献、资料来源:

文献、资料发表(出版)日期: 院 (部): 专 业: 班 级: 姓 名: 学 号: 指导教师:

翻译日期: 2017.02.14

摘要:本文拟在提出一种可以区分protocol指纹识别的方法,用帧描述指纹识别代替建立帧系统获得主机信息与系统配对从而分辨出主机操作系统的类别。实验的结果表明这种方法能够有效的辨别操作系统,这一方法比其他例如nmap 和 xprobe的系统更为隐秘。

关键词:传输控制)协议/ 协议 指纹识别 操作系统

辨别远程主机的操作系统,这是一个很重要的领域。了解主机操作系统可以分析和获取一些信息,例如记忆管理,CPU的类型。这些信息对于计算机网络的攻击与防御非常重要。

主要的辨别是通过TCP/IP指纹识别来完成的。几乎所有的操作系统的定制他们自己的协议栈都通过以下的RFC。这种情况导致一个实例,每个协议栈会有细节上的不同。这些不同的细节就是所知道的使辨别操作系统称为可能的指纹识别。

Nmap、Queso在传输层里使用指纹。他们将特殊数据包发送到目标并分析返回的数据包,在指纹库中寻找配对的指纹,以便得到的结果。指纹库中的信息受指定的探测信息的影响.很难区分类似的操作系统(例如:windows98/2000/xp)

Xprobe主要是利用ICMP协议,这是利用五种包来识别操作系统。它能够提供的在所有可能的情况下确实是操作系统的概率。主要不足是它过分依赖ICMP协议议定书。

SYNSCAN是在应用协议中与目标主机联系时,使用的一些典型的指纹识别方法。指纹库对在这个领域有限制。

Ring, Ttbit查明操作系统所使用TCP / IP 的性能特点。因为这种性能受网络环境极大。其结果往往是不完全确定的。

文献分析资料中的行动而获得的拦截(如一些同步的要求,一个封闭的端口如何响应连接请求) 。虽然这种方式是有效,它在少数特定操作系统区分

上述的各种系统,都没有完整的描述指纹系统,引起他们进行分辨的主要是依靠部分的TCP/IP。这篇文章的目的就是要简绍一种新的方法来解决这些问题。

它们都被吓跑的方式来描述指纹的OS integrallty ,造成诉讼程序的确定只能依靠部分TCP / IP协议。本文提出了一种新的方法来解决这一问题:它是指纹操作系统,是通过利用科技来获取一些信息,获取的信息的一些技术,查明操作系统。

第二章我们提出一些基本的方法的概念,第三章 用帧技术来提出描述和匹配协定指纹,第四章,是完成这种方法的算法,第五部分,利用实验来验证他的有效有效性并分析结果最后第六部分是总结全文,及未来的发展方向。

该程序是为了获取信息,提取指纹和匹配的指纹库里的记录,以便知道类型。本节确定获取信息的方法,采取的做法和通信的状况,还区分指纹。这些工作为下一节如何建立一个帧系统来识别指纹做好准备

要插入“表”或“数字” ,请粘贴下文所述数据。所有表格和数字必须使用连续数字( 1 , 2 , 3等) ,并有一个标题放在下面的数字( “ FigCaption ” )或在表的上面( “ FigTalbe ” )用8pt字体和从风格兰中下拉菜单中的类别中选择指定的样式“标题”。

在本文中,我们提出了一个方法,以确定操作系统的远程主机。该方法使用帧技术来识别指纹,弥补探针和监控获得的信息和从资料中摘取信息来与指纹库中的匹配,最后识别操作系统。通过实验,该方法与nmap and xprobe. 相比,能准确识别远程的主机的操作系统。

在未来,我们计划为每个种操作系统汇编更多的指纹,使算法(规则系统)将更加智能化,以提高识别的精度(准确性)。

This paper present a method that classify the fingerprint of protocol(电脑之间通信与资料传送所遵守的规则), use the frame to describe the fingerprint in order to create the frame system, get the information of host(主机) to match the system to identify the type of OS in remote host. Result from experimental(实验性的)appears that this method can identify the OS effectively, the action of is more secretly than other systems such as nmap and xprobe (x-probe:X探针).

Key words: TCP/IP Fingerprint OS

It is an important field that identify what OS in remote host. Mastering the OS can analyse and acquire some information such as memory management、the kind of CPU. These information is important for computer network attack and computer network defense.

The main way to identify is through the TCP/IP fingerprint to finish. Nearly all kind of OS customize(定制) their own’s protocol stack by following the RFC. This instance cause the fact that every protocol stack has some different details during implementing. These details are known as fingerprint which make it possible to identify the OS .

Nmap、Queso[1] use the fingerprint in transport layer. They send the particular packets to the target and analyse the retured packets, matching the fingerprint in the fingerprint warehouse in order to get the result. The information in the warehouse is affected by the specified message for probing. It hardly to distinguish the similar OS (eg.windows98/2000/xp).

Xprobe[2] mainly use the ICMP which make use of five kinds of packets in ICMP to identify OS. It can give the probability of all possible situation which maybe the indeed OS. The main shortage is it excessively depend on ICMP Protocol.

SYNSCAN[3] use some typical fields’ fingerprint to identify when it communicaties with target host in application protocol. The warehouse of fingerprint have limited types of field.

Ring 、Ttbit[5][6] identify the OS using the performance character of TCP/IP. Because this kind of character is affected by network environment greatly. The result is often not exactly.

Literature[7] analysis the action in messages which are acquired through interception(eg. The number of SYN request, a closed port how to response a connection request).Although this

way is availability, it only distinguish a few given OS

Above all the kinds of system, they all be scare of a way to describe the fingerprint of OS integrallty, which cause the proceeding of identify only depend on a part of TCP/IP . This paper propose a new method to resolve the problem: it uniformly the fingerprint of OS, acquire the message by some technology, identify the OS at last.

The rest of the paper is organized as followed: Section Ⅱ we present based concept of this method. Section Ⅲ present how to describe and match the protocol fingerprint using frame technology. Section Ⅳ present an algorithm to implement the method and Section Ⅴ use experiment to validate its effectiveness and analysis the result. Finally Section Ⅵ present the concluding remark and possible future work.

The proceeding of identify is to acquire message, extract the fingerprint and match the record of fingerprint warehouse, in order to know the type. This section define the measure which are to acquire message, the action and status of communication, also classify the fingerprint. These work are all prepared for the next section which how to built a frame system describing the fingerprint.

To insert “Tables” or “Figures”, please paste the data as stated below. All tables and figures must be given sequential numbers (1, 2, 3, etc.) and have a caption placed below the figure (“FigCaption”) or above the table(“FigTalbe”) being described, using 8pt font and please make use of the specified style “caption” from the drop-down menu of style categories

Conclusion

In this paper, we have presented a method for identifying OS of remote host. The method use frame technology to express the fingerprint, make up of Probe and Monitor to get message and abstract the information from the message to match the warehouse of fingerprint, identify the OS at last. Through experiment, this method can exactly identify the OS of remote hose with more secretly and less number of packets comparing with nmap and xprobe.

In the future, we plan to collect more fingerprint for each kind of OS, make the algorithm(规则系统) to be more intelligent, in order to improve the precision(准确性) of identify.

6dmb41rek90vngk58yua7wp9920czo00zuv
领取福利

微信扫码领取福利

微信扫码分享