跳到主要內容

臺灣博碩士論文加值系統

(3.87.33.97) 您好!臺灣時間:2022/01/27 16:16
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:鍾昌翰
研究生(外文):Chang-Han Jong
論文名稱:適用於分散式阻斷服務與分散式掃描之網路入侵偵測方法
論文名稱(外文):Network Intrusion Detection for Distributed Denial of Service and Distributed Scanning
指導教授:謝續平謝續平引用關係
指導教授(外文):Shiuh-Pyng Winston Shieh
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊工程系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2001
畢業學年度:90
語文別:英文
論文頁數:75
中文關鍵詞:分散式阻斷攻擊掃描入侵偵測網路異常網路安全
外文關鍵詞:DDoSDistributed Denial of ServiceDistributed ScanningIntrusion DetectionAnomaly DetectionNetwork Security
相關次數:
  • 被引用被引用:4
  • 點閱點閱:368
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:3
在本論文中,我們分析了分散式阻斷服務及分散式掃描這兩種網路攻擊的特性,並提出一套適用於此兩種網路攻擊之網路入侵偵測方法。封包欄位的異常分布可視為網路攻擊的特徵。在這套方法中,我們藉由觀察網路攻擊造成封包各欄位之異常分布來達到偵測的目的。此外,分析欄位的異常分布時,可以同時紀錄可疑封包,以作為事後分析之用。本論文除提出透過封包欄位異常分布偵測網路攻擊的方法之外,更深入探討表徵網路流量分布函數、機率及雜湊函數的設計方式,以增進系統的分析與處理效能。此外,由於本方法採用網路封包各欄位分類的方式,可將對每個分類行程平行化,以符合高速網路下的需求。本論文並實作一原型程式,經實驗證明可以在無網路攻擊封包樣式的情況下,偵測到幾十種現有的分散式阻斷服務及分散式掃描攻擊。
In this thesis, we analyze two kinds of network attacks, distributed denial of service (DDoS) and distributed scanning (DS) and then propose a network intrusion detection scheme. The scheme focuses on monitoring the variance of the packet fields. The sets of anomaly packet fields are attack signatures, which can be used to identify the attack types. In the process of analyzing packet field variation, the alleged packets can be logged for forensics. We also discuss the design principles of the function that present the traffic characteristic and two techniques based on probability and hash function to improve throughput. We implement the prototype of the proposed scheme, and the experiments showed that the prototype detects successfully dozens of DDoS/DS attack types without predefined network attack patterns.
CHAPTER 1INTRODUCTION1
1.1BACKGROUND1
1.1.1Intrusion Scenario1
1.1.2Intrusion Detection3
1.2MOTIVATIONS4
1.3CONTRIBUTION6
1.4SYNOPSIS6
CHAPTER 2RELATED WORK7
2.1INTRUSION DETECTION7
2.2GRIDS10
2.3PACKET AGGREGATION11
2.4DETECTING ANOMALY TRAFFIC BY ENTROPY13
2.5DETECTING ANOMALY BY VARIANCE OF TRAFFIC QUANTITY14
2.6CHAPTER SUMMARY14
CHAPTER 3ANALYSIS OF DDOS/DS ATTACKS16
3.1DISTRIBUTED DENIAL OF SERVICE16
3.2DISTRIBUTED SCANNING19
3.3ATTACK PROGRAMS22
3.4CHAPTER SUMMARY24
CHAPTER 4PROPOSED SCHEME25
4.1OVERVIEW26
4.2STAGE 1: PACKET CLASSIFICATION33
4.3STAGE 2: TRAFFIC DISPERSION FUNCTION38
4.3.1Preliminary39
4.3.2Properties of Traffic Dispersion Function39
4.3.3Theorem I43
4.3.4Proposed Traffic Dispersion Function43
STAGE 3: VARIANCE-BASED ANOMALY DETECTION44
4.5CHAPTER SUMMARY46
CHAPTER 5PROTOTYPE AND DISCUSSION47
5.1PROTOTYPE AND EXPERIMENTS47
5.2ANOMALY DISTRIBUTION OF PACKET FIELDS55
5.3ADVANTAGES57
5.4DISADVANTAGES60
5.5COMPARISON61
5.6CHAPTER SUMMARY65
CHAPTER 6CONCLUSION66
REFERENCES68
APPENDIX TCP/IP FIELDS75
[Anderson 94] Debra Anderson, Thane Frivold, Alfonso Valdes, “Next-generation Intrusion Detection Expert System (NIDES) A Summary,” SRI International technical report
[Bace 00] Rebecca Gurley Bace, “Intrusion Detection,” Macmillan Technical Publishing, 2000
[Balasubramaniyan 98] Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, Eugene Spafford, Diego Zamboni, “An Architecture for Intrusion Detection using Autonomous Agents, “ COAST Technical Report 98/05, June 11, 1998
[Begel 99] Andrew Begel, Steven McCanne, Susan L. Graham, “BPF+: Exploiting Global Data-flow Optimization in a Generalized Packet Filter Architecture,” ACM SIGCOMM 1999
[Bettati 99] R. Bettati, W. Zhao, D. Teodor, “Real-Time Intrusion Detection and Suppression in ATM Networks,” USENIX 1999
[Bellovin 89] S.M. Bellovin, “Security Problems in the TCP/IP Protocol Suite,” Computer Communication Review, Vol. 19, No. 2, April 1989
[Bonifácio 98] José Maurício Bonifácio Jr, Adriano M.Cansian, André C. P. L. F. de Carvalho, Edson S. Moreira, “Neural Networks Applied in Intrusion Detection Systems”,
[Bugtraq] bugtraq mailing list, http://www.securityfocus.com
[Cannady 00] James Cannady, “Applying CMAC-Based On-Line Learning to Intrusion Detection”, Proceedings of the 2000 IEEEE/INNS Joint International Conference on Neural Networks
[CERT 99] CMU CERT/CC, “State of the Practice of Intrusion Detection Technologies,” CMU CERT Technical Report CMU/SEI-99-TR-028
[Chatfield 89] C. Chatfield, “The Analysis of Time Series-An Introduction 3rd Edition, ” page 21, 1989
[Chang 00] Shun-Lee Chan, Shiuhpyng Shieh, Chang-Han Jong, “A Security Testing System for Vulnerability Detection,” Journal of Computers,“ Vol. 12, No. 1, Mar 2000
[COAST 98] Jai Sundar Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, Eugene Spafford, Diego Zamboni, “An Architecture for Intrusion Detection using Autonomous Agents,” COAST Technical Report, May 1998
[CISCO] CISCO IOS Netflow, http://www.cisco.com/warp/public/732/Tech/netflow/
[Dickerson 01] J. E. Dickerson, J. Juslin, J. A. Dickerson and O. Koukousoula, "Fuzzy Intrusion Detection", Proceedings of North American Fuzzy Information Processing Society 2001 (NAFIPS 2001), Vancouver, Canada, July 25th, 2001
[Dittrich] Dave Dittrich, Distributed Denial of Service (DDoS) Attacks/tools homepage, http://staff.washington.edu/dittrich/misc/ddos/
[Degermark 97] Mikael Degermark, Andrej Brodnik, Svante Carlsson, Stephen Pink, “Small Forwarding Tables for Fast Routing Lookups,” ACM SIGCOM 1997
[Denning 86] Denning, “An Intrusion Detection Model,” IEEE Trans. on Software Engineering 1986
[Denning 90] Peter J., Denning, ”Computer Under Attack-Intruders, Worms, and Viruses, “ Addison-Wesley Publishing, 1990
[Doeppner 00] Thomas W. Doeppner, Philip N. Klein, Andrew Koyfman, “Using Router Stamping to Identify the Source of IP Packets,” Proc. Of the 7th ACM Conf. On Comp. & Comm. Security, Nov 2000, Athens, Greece
[Erbacher 00] Reboert F. Erbacher, Deborah Frincke, “Visualization in Detection of Intrusions and Misuse in Large Scale Networks,“ Proceedings of the International Conference on Information Visualization 2000, London, UK, July, 2000, pp. 294-299
[Ghosh 99] Anup K. Ghosh, Aaron Schwartzbard, Michael Schatz, “Learning Program Behavior Profiles for Intrusion Detection,” USENIX 1999
[Gupta 99] Pankaj Gupta, Nick McKcown, “Packet Classification on Multiple Fields,” ACM SIGCOMM 1999
[Green 99] John Green, David Marchette, Stephen Northcutt, Bill Ralph, “Analysis Techniques for Detecting Coordinated Attacks and Probes,” USENIX 1999
[Habra 92] Naji Habra, B. Le Charlier, A. Mounji, and I. Mathieu “ASAX: Software Architecture and Rule-based Language for Universal Audit Trail Analysis, “ In Proceedings of ESORICS 92, Toulouse, France, November 1992.
[Hastings 96] Nelson E. Hastings, paul A. Mclean, “TCP/IP Spoofing Fundamentals,” Computers and Communications, 1996., Conference Proceedings of the 1996 IEEE Fifteenth Annual International Phoenix Conference on , 1996
[Huang 01] Wayne Huang, Shih-Kuh Huang,”A Survey and Assessment of Network Mapping Methods and Techniques,” Journal of Computer, 2001
[Ilgun 95] Koral Ilgun, Richard A. Kemmerer, Phillip A. Porras, “State Transition Analysis: A Rule-Based Intrusion Detection Approach,” IEEE Trans. on Software Eng., Vol. 21, No. 3, March 1995
[Irwin 00] Vicki Irwin with Psionic Software,”Network Attacks and Defenses:A DDoS Perspective,” http://www.psionic.com/papers/virwin/GTC-East.ppt
[Javitz 93] Harold S. Javitz, Alfonso Valdes, “The NIDES Statistical Component: Description and Justification,” SRI International technical report 1993
[Kanamaru 00] Kanamaru, “A Simple Packet Aggregation Technique for Fault Detection,” Int. Journal of Network, 2000
[Kosoresow 97] Andrew P. Kosoresow, Steven A. Hofmeyr, “Intrusion Detection via System Call Traces,” IEEE Software 1997
[Lee 99a] Wenke Lee, Salvatore J. Stolfo, Kui W. Mok, “A Data Mining Framework for Building Intrusion Detection Models, “ IEEE Symposium on Security and Privacy, 1999
[Lee 99b] Wenke Lee, Christopher T. Park, Salvatore J. Stolfo, “Automated Intrusion Detection Using NFR: Methods and Experiences,” USENIX 1999
[Lee 01] Wenke Lee, Dong Xiang, “Information-Theoretic Measures for Anomaly Detection, ”IEEE Symposium on Security and Privacy, 2001 Proceedings. 2001
[Lindqvist 99] Ulf Lindqvist, Phillip A. Porras, “Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset(P-BEST)”, Proc. of the 1999 IEEE Symposium on Security and Privacy, May 1999
[Lunt 92] Teresa F. Lunx, Ann Tamaru, Fred Gilham, R. Jagannathan, Caveh Jalali, Peter G. Neuman, “A Real-Time Intrusion-Detection Expert System (IDES),” SRI International technical report
[Mandjes 00] M. Mandjes, I. Saniee, and A. Stolyar, “Load characterization, overload prediction, and load anomaly detection for voice over IP traffic,” Proceedings 38th Allerton Conference, Urbana-Champaign, US, pp. 567-576.
[Marchette 99] David Marchette, “A Statistical Method of Profiling Network Traffic,” USENIX 1999
[Mukherjee 94] Biswanath Mukherjee, L. Todd Heberlein, Karl N. Levitt, “Network Intrusion Detection,” IEEE Network, May/June 1994
[Neri 00] F. Neri, “Comparing Local Search with Respect to Genetic Evolution to Detect Intrusion in Computer Networks”, Proceedings of Congress on Evolutionary Computation 2000, IEEE Press, in pp. 512-517
[NESSUS] Nessus Internet Remote Security Scanner, http://www.nessus.org
[Neumann 99] Peter G. Neumann, Phillip A. Porras, “Experience with EMERALD to Date,” USENIX 1999
[NMAP] Nmap port/OS scanning tool, http://www.insecure.org
[Northcutt 01] Stephen Northcutt, Judy Novak, “Network Intrusion Detection-An Analyst’s Handbook 2nd Edition,” New Riders Publishing, 2001
[Ptacek 98] Thomas H. Ptacek, Timothy N. Newsham, “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection,” Secure Networks, Inc. technical report
[Paxson 99] Vern Paxson, “Bro: A System for Detecting Network Intruders in Real-Time,” USENIX 1999 and http://www.aciri.org/vern/papers/bro-CN99.html
[RFC 864] J. Postel, “IETF RFC 864: Character Generator Protocol”
[R-Scanner] GSN/CERT Remote Scanner, http://www.gsn-cert.nat.gov.tw
[Romig 99] Steve Romig, Suresh Ramachandran, “Cisco Flow Logs and Intrusion Detection at the Ohio State University,” USENIX login; 1999
[Rowland 96] Craig H. Rowland, “Covert Channels in the TCP/IP Protocol Suite,” http://www.psionic.com/papers
[Savage 00] Stefen Savage, David Wetherall, Anna Karlin, Tom Anderson, “Practical Network Support for IP Traceback, ” SIGCOMM 2000
[Sekar 99] R. Sekar, Y. Guang, S.Verma, T. Shanbhag, “A High-Performance Network Intrusion Detection System,” Proceedings of the 6th ACM conference on Computer and communications security, 1999
[Shieh 97] Shiuhpyng Winston Shieh, Virgil D. Gligor, “On a pattern-oriented model for intrusion detection,” IEEE Transactions on Knowledge and Data Engineering, Vol 9, Issue 4, July-Aug. 1997
[Sinclair 99] Chris Sinclair, Lyn Pierce, Sara Matzner, “An Application of Machine Learning to Network Intrusion Detection”, Proceedings of the 15th Annual Computer Security Applications Conference, 1999
[Snapp 91] .R. Snapp, J. Brentano, G.V. Dias, L.T. Heberlein, C. Ho, K.N. Levitt, B. Mukherjee, (with S.E. Smaha, T. Grance, D.M. Teal, D.L. Mansur), "DIDS -- Motivation, Architecture, and an Early Prototype, " Proc. 14th National Computer Security Conference. Washington, DC, Oct. 1991, pp. 167-176
[SNORT] snort light weight intrusion detection system, http://www.snort.org
[Song 01] Dawn Xiaodong Song, Adrian Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” IEEE INFOCOMM 2001
[Staniford 95] S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, “GrIDS-A Graph Based Intrusion Detection System for Large Networks,” National Information Systems Security Conference, 1996
[Staniford 00], Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, ”Practical Automated Detection of Stealthy Portscans, ” ACM Workshop on IDS, 2000
[Stone 99] Robert Stone, “CenterTrack: An IP Overlay Network for Tracing DoS Floods,” UUNet Tech. Report 1999
[Teng 90] Henry S. Teng, Kaihu Chen, Stephen C-Y Lu, “Security Audit Trail Analysis Using Inductively Generated Predictive Rules,” Artificial Intelligence for Applications, Sixth Conference on, 1990
[Vaccaro 89] H. S. Vaccaro, G. E. Liepins, “Detection of Anomalous Computer Session Activity,” IEEE Symposium on Security and Privacy, 1989
[Vigna 98] Giovanni Vigna, Richard A. Kemmerer, “NetSTAT: A Network-based Intrusion Detection Approach,” Computer Security Applications Conference, 1998. Proceedings. 14th Annual, 1998
[Yu 90] Che-Fn Yu, Virgil D. Gligor, “A Specification and Verification Method for Preventing Denial of Service,” IEEE Trans. on Software Engineering, Vol 16, No 6, June 1990
[Zhang 00] Yin Zhang, Vern Paxson, “Detecting Backdoors, “ Proc. 9th USENIX Security Symposium, August 2000
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top