臺灣博碩士論文加值系統

近年來網路上重大攻擊事件日趨增多，其中影響網路最為廣泛，造成重大損失的，就是網蟲攻擊以及分散式阻斷服務攻擊。
本論文中我們分析了分散式阻斷服務攻擊以及網蟲等兩種網路上最嚴重的分散式攻擊，提出了一套針對此種分散式攻擊的入侵偵測方法，並利用此法實作設計一攻擊偵測系統。我們利用入侵偵測中的異常偵測技術，以觀察攻擊封包欄位值的異常分布情形來達到偵測功能，此方法可以記錄下目前正常網路情況下的特徵，使欄位異常的判斷具有彈性並更為準確。最後我們以實驗來驗證這套方法。

The number of significant security incidents tends to increase day by day in recent years. The distributed denial of service attacks and worm attacks extensively influence the network and cause serious damages.
In the thesis, we analyze these two critical distributed attacks. We propose an intrusion detection approach against this kind of attacks and implement an attack detection system based on the approach. We use anomaly detection of intrusion detecting techniques and observed the anomalous distribution of packet fields to perform the detection. The proposed approach records the characteristics of normal traffic volumes so that to make detections more flexible and more precise. Finally, we evaluated our approach by experiments.

Chapter 1 Introduction
1.1 The Threats of Distributed Attacks
1.2 Motivation
1.3 Thesis Organization
Chapter 2 Literature Review
2.1 Distributed Denial of Service Attacks
2.2 Worm Attacks
2.3 Intrusion Detection Techniques on Distributed Attacks
Chapter 3 Distributed Attack Detection
3.1 Training Stage
3.2 Detection Stage
Chapter 4 System Design and Implementation
4.1 System Operation States
4.2 System architecture
4.3 System Implementation
4.4 User Interface
Chapter 5 Experimental Results
5.1 Experimental Environment
5.2 Experimental Results of Normal Traffic
5.3 Experimental Results of DDoS Detection
5.4 Experimental Results of Worm Detection
Chapter 6 Conclusions
References

[Arent00] L. Arent, D. MuCullagh, “A Frenzy of Hacking Attacks”, Wired Online, February 2000.
http://www.wired.com/news/business/0,1367,34234,00.html

[Balasubramaniyan98] J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff et al., “An Architecture for Intrusion Detection using Autonomous Agents,” COAST Technical Report 98/05, 1998.

[Barbara01] D. Barbara, N. Wu, S. Jajodia, “Detecting Novel Network Intrusions Using Bayes estimators”, SIAM Conference Data Mining, 2001

[Barlow00] J. Barlow, W. Thrower, “TFN2K – An Analysis”
http://security.royans.net/info/posts/bugtraq_ddos2.shtml

[CERT03] CERT Advisory CA-2003-04 MS-SQL Server Worm
http://www.cert.org/advisories/CA-2003-04.html

[Cohen97] F. Cohen, “Distributed Co-ordination Attacks (DCA)”, Management Analytics, 1997.
http://www.all.net/books/dca/

[DARPA] 1999 DARPA Intrusion Detection Evaluation Data Set.
http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html

[Denning96] D. E. Denning, “An Intrusion-Detection Model”, IEEE Transactions on Software Engineering, vol.se-13, no.2, 1987

[Goeldenitz02] T. Goeldenitz, “IDS – Today and Tomorrow”, SANS Information Security Reading Room.
http://rr.sans.org/intrusion/today.php

[Gresty01] D.W Gresty, Q. Shi, M. Merabti, “Requirements for a General Framework for Response to Distributed Denial-of-Service”, 17th ACSAC, 2001

[Helmer00] G. Helmer, J. Wong, M. Slagell et al., “A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System”, the 1st Symposium on Requirements Engineering for Information Security, October 2000.

[Houle01] K. J. Houle, G. M. Weaver, “Trends in Denial of Service Attack Technology”, CERT Coordination Center, October 2001

[Ioannidis01] J. Ioannidis, S. M. Bellovin, “Pushback: Router-Based Defence Against DDoS Attacks”. http://www.research.att.com/~smb/papers/pushbackimpl.pdf, 2001.

[Javitz93] H. S. Javitz, A. Valdes, “The NIDES Statistical Component: Description and Justification,” SRI International technical report 1993

[Jong02] C.H. Jong, S. P. Shieh, “Detecting Distributed DoS/Scanning by Anomaly Distribution of Packet Fields”, ISC 2002

[Libpcap] Libpcap Library.
http://www.tcpdump.org

[Mahoney01] M. V. Mahoney, P. K. Chan, “Detecting Novel Attacks by Identifying Anomalous Network Packet Headers”, Florida Institute of Technology Technical Report CS-2001-2

[Mohiuddin02] S. Mohiuddin, S. Hershkop, R Bhan, S. Stolfo, “Defending Against a large scale Denial-of-Service Attack”, IEEE Workshop

[Northcutt01] S. Northcutt, M. Cooper, M. Fearnow, K. Frederick, Intrusion Signatures and Analysis, New Riders Publishers, 2001

[Paxson99] V. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time”, USENIX 1999.
http://www.aciri.org/vern/papers/bro-CN99.html

[Schiffman02] M.D.Schiffman, Building Open Source Network Security Tools, Wily Publish Inc, 2002

[Slagell01] Mark Slagell, “The Design and Implementation of MAIDS (Mobile Agents for Intrusion Detection System)”, M.S. thesis, Computer Science Department, Iowa State University, 2001

[Snapp91] S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, “DIDS -- Motivation, Architecture, and an Early Prototype”, the 14th National Computer Security Conference, 1991.

[Snort] http://www.snort.org

[Spafford00] E. H. Spafford, D. Zamboni, “Intrusion detection using autonomous agent”, Computer Networks, vol. 34, issues 4, 2000.

[Staniford96] S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, “GrIDS-A Graph Based Intrusion Detection System for Large Networks,” National Information Systems Security Conference, 1996

[Sundaram96] A. Sundaram, “An Introduction to Intrusion Detection”, http://www.acm.org/crossroads/xrds2-4/intrus.html, 1996.

[TCPDUMP] http://www.tcpdump.org/

[TCPREPLAY] http://tcpreplay.sourceforge.net/

[Todd03] M. Todd,” Worms as Attack Vectors: Theory, Threats, and Defenses”, SANS Information Security Reading Room, 2003.

[Yang00] J.Yang, P. Ning, X. S. Wang, S. Jajodia, “CARDS: A distributed system for detecting coordinated attacks”, In Proceedings of IFIP TC11 Sixteenth Annual Working Conference on Information Security (SEC 2000), Kluwer Academic Publishers, August 2000.

[Zhang01] Z. Zhang, Jun Li, C.N. Manikopoulos, J. Jorgenson, J. Ucles, “HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification”, IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, 2001.