以入侵容錯網路對抗網際網路泛濫式攻擊之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：28

、訪客IP：18.117.186.153

姓名

孫文駿(Wen-Chen Sun) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

以入侵容錯網路對抗網際網路泛濫式攻擊之研究
(On the Research of Intrusion Tolerance Network Counter the Internet Flooding Attacks)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

泛濫式攻擊一直是網路安全中重要的課題。隨著攻擊技巧日新月異，已有許多新型態的攻擊程式可以在極短時間內攻擊整個網際網路，其中以零時差變形蠕蟲的威脅最大。零時差變形蠕蟲不僅利用未知的弱點發動攻擊而且會不斷改變自身的型態以躲避現有的偵察系統。因此，蠕蟲可在極短的時間內大規模地傳播，不但感染了大量的主機，而且造成垃圾流量暴增，使整個網際網路陷入癱瘓。即使網管人員也受網路癱瘓的影響，無法順利進行修護。
傳統的偵防系統著眼於「有效阻擋」。然而，問題的關鍵在於新型態的攻擊永遠無法預測。因此，我們採用另一種方式「入侵容錯」的思維取代傳統強力阻擋的方式。本文提出一種新網路防禦架構，命名為VMITN (Virtual Machine based Intrusion Tolerance Network)，可以有效容忍泛濫式攻擊，直到網管人員介入修補系統漏洞。VMITN利用旁波段網路 (Out-of-Band, OOB) 技術和虛擬機器 (Virtual Machine, VM) 技術有效保障管理通道的暢通，以確保修護可以順利進行。我們並提出SRHO (Seamless Rapidly Hand Over) 和 GAPS (GA-based Placement Selection)技術提升VMITN的入侵容錯能力。此外，為了有效減低蠕蟲產生的垃圾流量，我們提出 QWPL (Quick Worm Pattern Learning)和RSWD (Rough Set Worm Detection) 兩種線性演算法，不但可以在蠕蟲傳播初期發出警示，還可以在資訊不完整的條件下迅速學習蠕蟲的特徵。
我們實作了VMITN系統原型並進行一系列實驗。為了評估VMITN的有效性，我們一共使用四種著名的蠕蟲進行模擬攻擊，包括Code Red, Witty, Apache-Knacker 和ATPhttpd。並利用NS-2模擬大規模網路下的攻擊和防禦，實驗結果證明在嚴重的攻擊事件中VMITN具有高度生存力和主控性，有效地避免網際網路陷入癱瘓並協助網管人員快速重整網路系統。

摘要(英)

Flooding based attack is always a critical threat to the Internet security. Due to the sophisticated hacking skills, nowadays, a lot of the modern malicious programs could cause global flooding attack in short period time. The zero-day polymorphic worms are the most pressing threat. The zero-day polymorphic worms not only exploit unknown vulnerabilities but also change their own representations on each new infection to evade detection. Therefore, the worms have the ability to rapidly infect a tremendous numbers of hosts and cause massive denial of service around the Internet. Even the network administrators could not remotely reconfigure the devices to recover services manually.
These kinds of global flooding attacks are hard to be stopped by traditional security mechanisms which build single barrier system. Therefore, instead of trying to prevent the intrusion of every such a threat, we proposes a new system architecture, named VMITN (Virtual Machine based Intrusion Tolerance Network), which adopts the techniques of OOB (Out-of-Band) network and virtual machine to provide the global intrusion tolerance capabilities. The VMITN will tolerate the worm based flooding attacks until the administrator remove the vulnerability leveraged by the worm. We propose Seamless Rapidly Hand Over (SRHO) technique and GA-based Placement Selection (GAPS) technique to enhance the VMITN toleratance capability. To filter the zero day worms in early stage, two linear time detection algorithms, Quick Worm Pattern Learning (QWPL) and Rough Set Worm Detection (RSWD), are proposed and evaluated.
We have implemented a concept proof prototype system and present the design and practical issues. Totally four famous worms attack events, including Code Red, Witty, Apache-Knacker and ATPhttpd, are tested in our experiments to evaluate the VMITN performance against various catastrophes. To prove the usefulness of VMITN, we not only emulate the real worm attack event in emulation network but also simulate a large scale network by NS-2 simulations. The results showed that our VMITN architecture can provide the reliability and survivability under severe worm attacks.

關鍵字(中)

★ 網路安全
★ 零時差變形蠕蟲
★ 虛擬機器
★ 旁波段網路
★ 入侵容錯

關鍵字(英)

★ zero-day polymorphic worm
★ virtual machine
★ out-of-band network
★ network security
★ intrusion tolerance

論文目次

CHINESE ABSTRACT..........................................................................................................I
ABSTRACT..........................................................................................................................III
ACKNOWLEDGEMENT......................................................................................................V
TABLE of CONTENTS.........................................................................................................VI
LIST of FIGURES..............................................................................................................VIII
LIST of TABLES...................................................................................................................XI
CHAPTER 1 INTRODUCTION.............................................................................................1
1.1 Motivations.............................................................................................................1
1.2 Research Goal.........................................................................................................2
1.3 Background of Intrusion Tolerance........................................................................3
1.4 Research Methodology...........................................................................................4
1.5 VMITN Design Requirements...............................................................................8
1.6 Contributions..........................................................................................................9
CHAPTER 2 RELATED WORK..........................................................................................12
2.1 Countermeasures of Internet Pathogens...............................................................12
2.2 Intrusion Tolerance...............................................................................................13
2.3 Automatic Worm Pattern Identification................................................................16
2.4 Rough Set Theory.................................................................................................19
CHAPTER 3 DESIGN of VMITN........................................................................................22
3.1 Architecture..........................................................................................................22
3.2 Front End Sentinel (FES).....................................................................................23
3.3 Seamless Rapidly Hand Over (SRHO).................................................................29
3.4 Quick Worm Pattern Learning (QWPL)...............................................................31
3.5 Rough Set Worm Detection (RSWD)...................................................................38
3.5.1 Calculating Characteristic Vectors............................................................40
3.5.2 Clustering Adjacency Vectors...................................................................41
3.5.3 Merging Similar Clusters..........................................................................43
3.5.4 Confirming Suspicious Cluster.................................................................46
3.5.5 Establishing Blocking Rules.....................................................................46
3.6 GA-based Placement Selection (GAPS)..............................................................48
CHAPTER 4 PERFORMANCE EVALUATION................................................................53
4.1 Characteristic Functions.......................................................................................53
4.2 Phase 1: Parameters Optimization........................................................................55
4.2.1 Simulation Workload................................................................................56
4.2.2 QWPL Parameters Training......................................................................59
4.2.3 RSWD Parameters Training.....................................................................61
4.2.4 Validation of Optimization Result............................................................64
4.3 Phase 2: Testbed Emulation..................................................................................66
4.3.1 Service Interrupt Time..............................................................................67
4.3.2 Intrusion Tolerance in Rapid Propagation Threat.....................................68
4.4 Phase 3: NS-2 Simulation.....................................................................................71
4.4.1 No Defense Scenario................................................................................72
4.4.2 GAPS Deployment Strategy.....................................................................75
4.4.3 VMITN Protection Scenarios...................................................................77
4.4.4 Tolerate the Catastrophe Event.................................................................79
4.4.5 RSWD Performance.................................................................................82
CHAPTER 5 CONCLUSIONS.............................................................................................84
REFERENCES......................................................................................................................86

參考文獻

[1] Armbruster, B., Smith C., Park, K., 2007. A packet filter placement problem with application to defense against spoofed denial of service attacks. European Journal of Operational Research, 176(2), 1283-1292.
[2] Arsenault, D., Sood, A., Huang, Y., 2007. Secure, Resilient Computing Clusters: Self-Cleansing Intrusion Tolerance with Hardware Enforced Security. In Proceedings of 2nd International Conference on Availability, Reliability and Security, 343-350.
[3] Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C., 2004. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1), 11–33.
[4] Baldoni, R., Helary, J., Raynal, M., Tanguy, L., 2003. Consensus in Byzantine asynchronous systems. Journal of Discrete Algorithms, 1 (2), 185–210.
[5] Cai, M., Hwang, K., Kwok, Y., Song, S., & Chen, Y., 2005. Collaborative Internet worm containment. IEEE Security and Privacy Magazine, 3(3), 25–33.
[6] Castro, M., Liskov, B. 2002. Practical Byzantine Fault Tolerance and Proactive Recovery. ACM Transactions on Computer Systems, 20 (4), 398-461.
[7] Chen, X., & Heidemann, J., 2004. Detecting Early Worm Propagation through Packet Matching. Technical Report ISI-TR-2004-585, USC/ Information Sciences Institute.
http://www.isi.edu/~johnh/PAPERS/Chen04a.pdf
[Accessed May, 2009]
[8] Chou, H.C, Cheng, C.H. & Chang, J.R., 2007. Extracting drug utilization knowledge using self-organizing map and rough set theory. Expert Systems with Applications, 33(2), 499-508.
[9] Correia, M., Neves, N.F., Lung, L.C., Verissimo, P., 2007. Worm-IT – A wormhole-based intrusion-tolerant group communication system. Journal of Systems and Software, 80(2007), 178-197.
[10] Crandall, J. R., Su, Z., Wu, S. F., 2005. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In Proceedings of the 12th ACM Conference on Computer and Communications Security, VA, USA, 235-248.
[11] Deswarte, Y., Fabre, J. C., Fraga, J. D., Laprie, J. C., & Powell, D. 1985. The SATURNE project. A fault- and intrusion-tolerant distributed system. IEEE Computer. Arch. Tech. Comm. Newslett., 4–22.
[12] Deswarte, Y., Powell, D., 2006. Internet Security: An Intrusion-Tolerance Approach. In Proceedings of the IEEE, 94(2)., 432-441.
[13] Djemaiel, Y., Rekhis, S., Boudriga, N., 2007. Intrusion detection and Tolerance: A global scheme. International Journal of Communication Systems, 21 (2008) 211-230.
[14] Dobson, J. E., Randell, B., 1986. Building reliable secure systems out of unreliable insecure components. IEEE Symp. Security and Privacy, Oakland, CA, USA.
[15] Dunlap, G., King, S., Cinar, S., Basrai, M., Chen, P., 2002. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In Proceedings of the 2002 Symposium on OSDI, 452-467.
[16] eEye Digital Security, "SQL Worm Analysis",
http://www.eeye.comhtml/Research/Advisories/AL20020522.htm050
[Accessed May, 2009].
[17] Fraga, J.S., Powell, D., 1985. A fault- and intrusion-tolerant file system. In Proceedings of the 3rd International Conference on Computer Security. 203–218.
[18] Goldberg, D. E., 1989. Genetic algorithms in search. Optimization and Machine Learning. Addison-Wesley, Reading. MA, U.S.A.
[19] GT-ITM. 2003. Modeling Topology of Large Internetworks. University of Georgia Tech.
http://www.cc.gatech.edu/projects/gtitm/
[Accessed May, 2009].
[20] Grzymala-Busse, J. W. 1988. Knowledge acquisition under uncertainty: a rough set approach. Journal of Intelligent Robotic Systems, 1, 3–16.
[21] Haridasan, M., Renesse, R., 2007. SecureStream: An intrusion-tolerant protocol for live-streaming dissemination. Computer Communications 31 (2008) 563–575.
[22] Hirano, S., Sun, X., Tsumoto, S. 2002. Dealing with multiple types of expert knowledge in medical image segmentation: A rough sets style approach. In Proceedings of the 2002 IEEE international conference on fuzzy system, Vol. 2, pp. 884–889.
[23] Im, E.G., Seo, J.T., Kim, D.S., Song, Y.H., Park, Y.S., 2006. Hybrid Modeling for Large-Scale Worm Propagation Simulations. Lecture Notes in Computer Science, Volume 3975, 572-577.
[24] Jiang, X., Xu, D., 2004. Collapsar: A VM-Based Architecture for Network Attack Detention Center. In Proceedings of 13th USENIX Security Symposium (Security'04). San Diego, CA. USA.
[25] Johansen, H., Allavena, A., Renesse, R., 2006. Fireflies: Scalable support for intrusion tolerant network overlays. In Proceedings of the EuroSys conference, Volume 40, 3-13.
[26] Joseph, M. K., Avizienis, A. 1988. A fault tolerance approach to computer viruses. In Proceedings of IEEE Symposium. Security and Privacy. 52–58.
[27] Junqueira, F., Bhagwan, R., Hevia, A., Marzullo, K., Savage, S., M., G., 2005. Voelker. Surviving Internet Catastrophes. In Proceedings of the USENIX Annual Technical Conference. 1076-1098.
[28] Just, J., Reynolds, J., Clough, L., Danforth, M., Levitt, K., Maglich, R., Rowe, J., 2002. Learning Unknown Attacks - A Start. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, Zurich, Switzerland. 254-260.
[29] Kang, S.M., Song, I.S., Lee, Y., Kwon, T.G., 2006. Design and implementation of a multi-gigabit intrusion and virus/worm detection system. In Proceedings of the International Conference on Communications (ICC’06), 735-749.
[30] Khoo, L. P., Tor, S. B., & Li, J. R., 2001. A rough set approach to the ordering of basic events in a fault tree for fault diagnosis. International Journal of Advanced Manufacturing Technology, 17, 769–794.
[31] Kim, Y., Lau, W. C., Chuah, M. C., Chao, H. J., 2006. PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks, IEEE Transactions on Dependable and Secure Computing, 3(2), 141-155.
[32] Kruegel, C., Kirda, E., 2005. Polymorphic worm detection using structural information of executables. Lecture Notes in Computer Science, Volume 3858, 207-226.
[33] Laprie, J.C., 1985. Dependable computing and fault tolerance: concepts and terminology. In Proceedings of the 15th IEEE Int. Symp. Fault Tolerant Computing (FTCS-15), 2–11.
[34] Lee, K., Kim, J., Kwon, K. H., Han, Y., & Kim, S., 2007. DDoS attack detection method using cluster analysis, Expert Systems with Applications. 34(3), 1659-1665.
[35] Li, H.C., Clement, A., Wong, E.L., Napper, J., Roy, I., Alvisi, L., Dahlin, M., 2006. BAR Gossip. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI). Seattle, WA. USA, 359-364.
[36] Li, Z., Sanghi, M., Chen, Y., Kao, M.Y., & Chavez, B., 2006. Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack. In Proceedings of the IEEE Symposium on Security and Privacy, 32-47.
[37] Liang, Z., Sekar, R., 2005. Fast and automated generation of attack signatures: A basis for building self-protecting servers. In Proceedings of the 12th ACM conference on Computer and communications security, 213-222.
[38] Liao, Y., & Vemuri, R., 2001. Use of K-nearest neighbor classifier for intrusion detection. Computers and Security, 21(5), 439–448.
[39] Mahoney, M., & Chan, P.K., 2003. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. Recent Advances in Intrusion Detection, 220-237.
[40] Mirage Network, 2003. Combating Rapidly Propagating Threats from the Internal Network.
http://www.appliednetsec.com/productresources/mirage/Combating RPTs from the Internal Network 10pages.pdf
[Accessed May, 2009].
[41] Mohammed, H., Mohammad, Z., 2007. Intrusion detection aware component-based systems: A specification-based framework. Journal of Systems and Software, 80(5), 700-710.
[42] Nachenberg, C., 1997. Computer virus-antivirus coevolution. Communications of the ACM, 40(1), 46–51.
[43] Newsome, J., & Song, D., 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium, 174-198.
[44] Newsome, J., Karp, B., & Song, D., 2005. Polygraph: Automatically generating signatures for polymorphic worms. Proceedings of the Security and Privacy Symposium, 226- 241.
[45] Nojiri, D., Rowe, J., & Levitt, K., 2003. Cooperative Response Strategies for Large Scale Attack Mitigation. Proceedings of the 3rd DARPA Information Survivability Conference and Exposition (DISCEX), 293–302.
[46] Network Simulation 2 software package.
http://www.isi.edu/nsnam/ns/
[Accessed May, 2009].
[47] Oorschot, P.C., Robert, J.M., & Martin, M.V., 2006. A monitoring system for detecting repeated packets with applications to computer worms. Internet Journal of Information Security, 5(3), 186–199.
[48] Organically Assured and Survivable Information Systems
http://www.tolerantsystems.org/
[Accessed May, 2009].
[49] Park, K., Lee, H., 2001. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In Proceedings of ACM SIGCOMM '01, 15-26.
[50] Pawlak, Z. 1996. Why rough sets? In Proceedings of the 5th IEEE International Conference on Fuzzy Systems, Volume 2, New Jersey, USA. 738–743.
[51] Roesch., M., 2001. Snort: The lightweight network intrusion detection system. http://www.snort.org/
[Accessed May, 2009].
[52] Russell, R. 1999. Linux iptables HOWTO.
http://www.linuxguruz.com/iptables/howto
[Accessed May, 2009].
[53] Shannon, C., Moore, D., 2004. The spread of the Witty worm. http://www.caida.org/research/security/Witty/
[Accessed May, 2009].
[54] Shyng, J. Y., Wang, F. K., Tzeng, G. H., & Wu, K.S., 2007. Rough Set Theory in analyzing the attributes of combination values for the insurance market. Expert Systems with Applications, 32(1), 56–64.
[55] Singh, S., Estan, C., Varghese, G., & Savage, S., 2003. The earlybird system for real-time detection of unknown worms. Technical Report CS-2003-0761, University of California,
http://www.cs.unc.edu/~jeffay/courses/nidsS05/signatures/savage-earlybird03.pdf
[Accessed May, 2009].
[56] Staniford, S., Paxson, V., & Weaver, N., 2002. How to own the Internet in your spare time. In Proceedings of the 11th USENIX Security Symposium. 374-402.
[57] Stroud, R., Welch, I., Warne, J., Ryan, P., 2004. A qualitative analysis of the intrusion-tolerant capabilities of the MAFTIA architecture", In Proceedings of the Dependable Systems and Networks Conference (DSN), Florence, Italy.
[58] Symantec Corp., 2002. FreeBSD scalper worm.
http://www.symantec.com/security_response/writeup.jsp?docid=2002-062814-5031-99&tabid=2
[Accessed May, 2009].
[59] Syswerda, G., 1989. Uniform crossover in genetic algorithms. In Proceedings of the 3rd International Conference on Genetic Algorithms, Fairfax, VA, U.S.A. 2-9.
[60] Tseng, C. T., Liao, C.J., 2008. A discrete particle swarm optimization for lot-streaming flow shop scheduling problem. European Journal of Operational Research, 191(2), 360-373.
[61] Verissimo P,Neves N F,Correia M. 2003. Intrusion-tolerant architectures: concepts and design architecting dependable systems. Lecture Notes in Computer Science, Springer Verlag, Volume 2677, 3-36.
https://eprints.kfupm.edu.sa/46942/1/46942.pdf
[Accessed May, 2009]
[62] VMWare Inc., 2009.
http://www.VMWare.com/
[Accessed May, 2009]
[63] VmCOM Introduction, 2009.
http://communities.vmware.com/community/developer/legacyapi
[Accessed May, 2009]
[64] Wang, H., Guo, C., & Simon, D., & Zugenmaier, A., 2004. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In Proceedings of the ACM SIGCOMM '04, Portland, OR, 1291-1309.
[65] Wang, W., Luo, D. S., & Zhang, J., 2006. Detect Polymorphic Worms Based On Semantic Signature And Data Mining. In Proceedings of the 1st Communications and Networking Conference. China.
[66] Wang, Y., Behera, S., Wong, J., Helmer, G., Honavar, V., Miller, L., Slagell, M., Lutz, R., 2006. Towards the automatic generation of mobile agents for distributed intrusion detection systems. Journal of Systems & Software, 79(1), 1-14.
[67] Wehner, S., 2007. Analyzing Worms and Network Traffic using Compression, Journal of Computer Security, 15(3), 303-320.
[68] Wuu, L.C., Hung, C.H., Chen, S.F., 2007. Building intrusion pattern miner for Snort network intrusion detection system. Journal of Systems and Software , 80 (10), 1699-1715.
[69] Xin, Y., Fang, B. X., Yun, X. C., & Chen, H. Y., 2005. Worm Detection in Large Scale Network by Traffic. In Proceedings of the 6th International Conference on Parallel and Distributed Computing Applications and Technologies, China, 270- 273.
[70] Yang, H.H., Liu, T.C. & Lin, Y.T., 2007. Applying rough sets to prevent customer complaints for IC packaging foundry. Expert Systems with Applications, 32(1), 151–156.
[71] Yang, S., Song, J., Rajamani, H., Cho, T., Zhang, Y., Mooney, R. Fast and Effective Worm Fingerprinting via Machine Learning. In Proceedings of IEEE International Conference on Autonomic Computing. 311 - 313
[72] You, Y., Zulkernine, M., Haque, A., 2008. A Distributed Defense Framework for Flooding-Based DDoS Attacks. In Proceedings of 3rd International Conference on Availability, Reliability and Security. 245 - 252
[73] Zadeh, L. A., 1965. Fuzzy sets. Information and Control, Volume 8, 338-353.
[74] Znati, T., Amadei, J., Pazehoski, D.R., Sweeny, S., 2006. Design and Analysis of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID Environments. In Proceedings of the 39th annual Symposium on Simulation. 2-9.
[75] Zou, C. C., Gao, L., Gong, W., & Towsley, D., 2003. Monitoring and early warning for internet worms. Tech. Rep. TR-CSE-03-01. Univ. of Massachusetts.
http://www-unix.ecs.umass.edu/~gong/papers/monitoringEarlyWarning.pdf
[Accessed May, 2009]
[76] Zou, C. C., Gong, W., & Towsley, D., 2002. Code red worm propagation modeling and analysis. In Proceedings of the 9th ACM conference on Computer and communications security. Washington, DC, USA, 138–147.
[77] Zulkernine, M., Seviora, R., 2005. Towards automatic monitoring of component-based software systems. Journal of Systems and Software. 74(1), 15–24.

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2009-7-23

推文