跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.87) 您好!臺灣時間:2025/02/12 10:08
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:范義明
研究生(外文):Fan Yi Ming
論文名稱:Linux作業系統下異常偵測之研究
論文名稱(外文):A Study on Anomaly Detection Mechanisms in Linux Environments
指導教授:曹偉駿曹偉駿引用關係
指導教授(外文):Tsaur Woei Jiunn
學位類別:碩士
校院名稱:大葉大學
系所名稱:資訊管理學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:中文
論文頁數:64
中文關鍵詞:模糊群集異常偵測入侵偵測系統Linux
外文關鍵詞:Fuzzy c-meansAnomaly detectionIntrusion detectionLinux
相關次數:
  • 被引用被引用:9
  • 點閱點閱:392
  • 評分評分:
  • 下載下載:73
  • 收藏至我的研究室書目清單書目收藏:3
近年來,由於網際網路發展成熟,網路技術也不斷地推陳出新,造成網路犯罪的行為及入侵手法也一直不斷地翻新。電腦病毒或者駭客透過網際網路的延伸與蔓延,可攻擊全世界的各個電腦系統,所造成的潛在危害不僅難以估計,亦暴露出資訊系統本身存在的安全問題。異常行為偵測法(anomaly detection)是基於正常行為為基礎,首先必須建立正常行為的規範,而異常行為的決定是由該行為是否背離正常行為來判斷。其次,透過分析使用者過去使用習慣與即時發生的事件,以辨識出異常的行為。而用傳統的群集(clustering)方式來做異常行為與正常行為之比對,經常會造成誤判(false alarm)。因此,本論文基於模糊理論中較快速的群集演算法(multistage random sampling fuzzy c-means;mrFCM)來解決異常行為偵測的問題,以達到增加正確率與減少誤判的機率。此外,我們亦有開發成實際的系統,經由真實的記錄檔執行後,結果顯示出本論文所提出的方法確實能達到預期的成效。
Recently, since the growing development of Internet technology, the approaches of network crime have been keeping changing. Computer virus and hackers can attack the computer systems all over the world through Internet to destroy and intrude their computer resource. Therefore, we must do our best to develop intrusion detection mechanisms to prevent such situations. An anomaly detection mechanism must establish work profile based on normal behaviors, and the decision of anomaly is judged from the difference between normal and abnormal behaviors. Conventional clustering methods for anomaly detection often cause the situation of false alarm. Thus, in this thesis we will detect the anomaly accurately using the faster multistage random sampling fuzzy c-means (mrFCM) so that the possibility of false alarm can be reduced greatly. Besides, we also develop a program system, and test it by employing a real log file. The results derived from the program system validate the feasibility of our proposed algorithm.
第一章 緒論…………………………………………1
1.1 研究背景與動機 ……………………………… 1
1.2 研究目的……………………………………… 3
1.3 論文架構……………………………………… 4
第二章 文獻探討………………………………… 6
2.1 入侵手法簡介………………………………… 6
2.2 Linux的安全問題…………………………… 13
2.3 異常偵測………………………………………18
2.4 群集的技術……………………………………22
第三章 Linux作業系統下異常偵測………………30
3.1 研究架構………………………………………30
3.2 研究模型………………………………………32
3.3 研究方法………………………………………34
第四章 系統分析與實作………………………… 43
4.1 網頁記錄檔分析………………………………43
4.2 資料轉換………………………………………44
4.3 開發工具與環境………………………………46
4.4 系統實作………………………………………46
4.5 分析資料………………………………………52
第五章 結論與建議……………………………… 54
參考文獻……………………………………………56
附錄…………………………………………………61
[1] 各作業系統漏洞,http://161.53.42.3/~crv/security/security.html
[2] 陳立昕,從兩岸Linux熱談其發展之迷思,MIC資訊市場情報中心,民90年7月。
[3] 郭顯鈞,本端行為與監控系統,國立台灣科技大學碩士論文,民90年6月。
[4]詳細的通訊埠列表, ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers-old,南加大資科學院。
[5] 潘得龍、李序元 編譯,Maximum Linux Security之反駭客任務,第三波資訊股份有限公司,民90年6月。
[6] A. A. Cedeno and G. A. Suer, The use of a similarity coefficient-based method to perform clustering analysis to a large set of data with dissimilar papers, Computers ind. Engng, Vol. 33, Nos 1-2, pp. 225-228, 1997.
[7] A. Ghosh and A. Schwartzbard, A study in using neural networks for anomaly and misuse detection, In Proc. of the 8th USENIX Security Symposium, 1999.
[8] B. Özden, S. Ramaswamy, and A. Silberschatz, Cyclic association rules, In Proc. of the 14th Int’l Conf. on Data Engineering , pp. 412-421, 1998.
[9] D. A. Bandel, Linux security toolkit, IDG Books Worldwid, 2000.
[10] D. Anderson, T. Frivold, and A. Valdes, Next-generation intrusion detection expert system (nides): A summary, Technical Report SRI-CSL-95-07, SRI International, Menlo Park, CA, May, 1995.
[11] D. Denning, An intrusion detection model, IEEE Transactions on Software Engineering, Vol. 13(2): pp. 222-232,1987.
[12] D. E. Denning and P. G. Neumann, Requirements and model for IDES - a real-time intrusion detection system, Technical Report, SRI International, August 1985.
[13] E. Forgy, Cluster analysis of multivariate data: efficiency versus interpreability of classifications, Biomertrics, Vol. 21, p. 768. 1965.
[14] E. H. Spafford, The Internet Worm, Communication of ACM , pp. 678-687, June 1989.
[15] J. C. Bezdek, Pattern Recognition with Fuzzy Objective Function Algorithm, Plenum Press, New York, 1981.
[16] J. S. Jang, C. T. Sun, and E. Mizutani, Neuro-Fuzzy and Soft Computing, Prentice Hall, New Jersey, 1997.
[17] L. A. Zadeh, Fuzzy Sets, Information Control, Vol.8, pp. 338-353, 1965.
[18] L. O. Hall, A. M. Bensaid, L. P. Clarke, R. P. Velthuizen, M. S. Sibiger, and J. C. Bezdek, A comparison of neural network and fuzzy clustering techniques in segmenting magnetic resonance images of the brain, IEEE Trans. Neural Networks, Vol. 3, pp. 672-682, 1992.
[19] M. F. Jiang, S. S. Tseng, C. M. Su, Two-phase clustering process for outliers detection, Pattern Recognition Letters, Vol. 22, pp. 691-700, 2001.
[20] M. Sugeno and T. Yasukawa, A fuzzy logic based approach to qualitative modeling, IEEE Trans. Fuzzy Systems, Vol. 1, pp. 7-13, 1993.
[21] M. Zait and H. Messatfa, A comparative study of clustering methods, Future Generation Computer System, Vol. 13, pp. 149-159, 1997.
[22] NetCraft:http://www.netcraft.com/
[23] R. H. Charles, Cluster analysis for researchers, 茂昌圖書有限公司, 1985.
[24] R. L. Cannon, J. Dave and J. C. Bezdek, Efficient implementation of the fuzzy c-means clustering algorithms, IEEE Trans. Pattern Anal. Machine Intelligence, Vol. 8, pp. 248-255, 1986.
[25] R. L. Cannon, V. Dave and J. C. Bezdek, Efficient implementation of the fuzzy c-means clustering algorithms, IEEE Trans. Pattern Anal. Machine Intelligence, Vol. 8, pp. 248-255, 1986.
[26] S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longstaff, A sense of self for unix processes, In Proc. of IEEE Symposium on Security and Privacy, 1996.
[27] S. K. Pal and D. Majumdar, Fuzzy Mathematical Approach to Pattern Recognition, Wiley, New York, 1986.
[28] S. Ramaswamy, S. Mahajan, and A. Silberschatz, On the discovery of interesting patterns in association rules, In Proc. of the 1998 Int’l Conf. on Very Large Data Bases, pp. 368-379, 1998.
[29] T. Lane and C. E. Brodley, Approaches to online learning and concept drift for user identification in computer security, In Proc. of the 4th Int’l Conf. on Knowledge Discovery and Data Mining, pp. 259-263, 1998.
[30] T. Lane and C. E. Brodley, Temporal sequence learning and data reduction for anomaly detection, In Proc. of the 5th Conf. on Computer and Communications Security, pp. 150-158, 1998.
[31] T. P. Hong, A study of parallel processing and noise management on machine learning, Ph.D. Thesis, National Chiao Tung University, 1992.
[32] T. W. Cheng, D. B. Goldgof, and L. O. Hall, Fast fuzzy clustering, Fuzzy Sets and Systems, Vol. 93, pp. 49-56, 1998.
[33] TWNIC:http://www.twnic.com.tw/
[34] W. Lee and S. J. Stolfo, Data mining approaches for intrusion detection, In Proc. Of the 7th USENIX Security Symposium, 1998.
[35] W. Lee, S. J. Stolfo, and K. W. Mok, Mining audit data to build intrusion detection models, In Fourth Int’l Conf. On Knowledge Discovery and Data Mining, pp. 66-72, 1998.
[36] W. Lee, S. J. Stolfo, and K. W. Mok, A data mining framework for building intrusion detection models, In Proc. of the IEEE Symposium on Security and Privacy, pp. 120-132, 1999.
[37] Y. Li, N. Wu, X. S. Wang, and S. Jajodia, Enhancing profiles for anomaly detection using time granularities, Journal of Computer Security, IOS press, 2001.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top