跳到主要內容

臺灣博碩士論文加值系統

(54.83.119.159) 您好!臺灣時間:2022/01/17 09:41
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:周志明
研究生(外文):Chou Jyh Ming
論文名稱:基於網路內容的網路入侵偵測系統
論文名稱(外文):Design of Network-based Intrusion Detection System
指導教授:曾憲雄曾憲雄引用關係
指導教授(外文):Tseng Shian Shyong
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
論文頁數:64
中文關鍵詞:網路入侵偵測系統資料探勘
外文關鍵詞:Network-based intrusion detection systemData mining
相關次數:
  • 被引用被引用:7
  • 點閱點閱:587
  • 評分評分:
  • 下載下載:133
  • 收藏至我的研究室書目清單書目收藏:2
近年來,多樣網路應用程式在各方面提供了許多的服務,因為種種因素,各式各樣的網路異常行為也大量增加,其中最著名的就是屬於網路入侵攻擊。不論它的目的為何,均可以造成嚴重的傷害及損失。然而每一種網路應用程式都有它自己的行為模式,所以如何用網路協定來辨識網路應用程式的行為模式是我們關注的焦點。在這篇論文中我們提出了記錄網路使用者的行為跟線上即時的辨識目前網路連線的方法。我們提出了一套網路協定格式的描述語言,它是一種重現網路協定格式的知識表示法。如此一來網路協定的命令格式可以很容易的被了解及被快速的利用。同時我們也提出一種新的特徵資料探勘的方法,利用網路協定的命令來挖掘出網路上各種應用裡大部分使用者的動作及行為並且有效的記錄下來。而線上偵測器則是利用我們在特徵資料探勘中建立的使用者資料庫來辨認網路異常行為的方法。透過這樣的系統可以區別正常的網路行為及異常的網路行為。
In recent years, various network-based applications have been developed to provide services in many different areas. A variety of network abnormal behavior also appeared because of many causes. The famous abnormal behavior, intrusion, causes damage for many purposes. However, every application has its own behavior on network. The behaviors of network are concerned by protocols operations of applications. In this thesis, we propose an offline method to extract users’ behavior from connections and a detecting module to recognize connections online. We design the Protocol Format Description Language (PFDL) as the knowledge representation of protocols. Thus the format of commands in protocols can be easy to understand and easy to use. A new offline Characteristic mining method which transforms commands of connections to user behavior profile from most standard protocols and network applications is also proposed. And the users’ records can be stored efficiently. Finally, the Online detector which recognizes users’ behavior with the database from Characteristic mining will be described. Through our proposed intrusion detection system, we can distinguish abnormal behavior from normal behavior online.
ABSTRACT (IN CHINESE) I
ABSTRACT II
ACKNOWLEDGEMENT III
TABLE OF CONTENT IV
LIST OF FIGURES V
CHAPTER 1. INTRODUCTION 1
CHAPTER 2. RELATED WORK 3
2.1. NETWORK-BASED INTRUSION DETECTION SYSTEMS (NIDS) 3
2.2. PACKET-BASED NIDS 4
2.3. CONNECTION-BASED NIDS 5
2.4. CONTENT-BASED NIDS 6
CHAPTER 3. KNOWLEDGE REPRESENTATION AND SYSTEM ARCHITECTURE 8
3.1. AN ANALYSIS OF APPLICATION PROTOCOL 8
3.2. XML 11
3.3. PROTOCOL FORMAT DESCRIPTION LANGUAGE (PFDL) 11
3.4. CONCEPT OF PROTOCOL-BASED NIDS 20
3.5. PROTOCOL-BASED NIDS ARCHITECTURE 21
CHAPTER 4. OFF-LINE CHARACTERISTIC MINING MODULE 25
4.1. DATA STRUCTURE OF KEYWORD PROFILE 26
4.2. PROFILE INITIALIZING 29
4.3. PATTERN-MATCHING 34
4.4. SEQUENTIAL MINING 38
4.5. OPTIMIZER 40
CHAPTER 5. ONLINE DETECTOR 43
5.1. CONCEPT OF ONLINE DETECTOR 43
5.2. DETECTING MODULE 44
5.3. SIMILARITY FUNCTIONS OF BEHAVIOR RECOGNITION 47
CHAPTER 6. CONCLUSION AND FUTURE WORK 57
REFERENCE 58
[1] R. Bace and P. Mell, “Intrusion Detection Systems,” NIST Special Publication on Intrusion Detection System, 2001.
[2] J. B. D. Cabrera, B. Ravichandran, and R. K. Mehra. Statistical Traffic Model-ing for Network Intrusion Detection. Proceedings of the Eighth International 13 Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, pages 466-473, San Francisco, CA, August 2000. IEEE Computer Society.
[3] M. J. Crosbie and B. A. Kuperman, ”A Building Block Approach to Intrusion Detection,” RAID 2001.
[4] R. O. Duda and P. E. Hart, Pattern Classification and Scene Analysis, John Wiley, New York, NY, 1973.
[5] E. Eskin, A, Arnold, M, Prerau, L. Portnoy, S. Stolfo, “A Geometric Framework of Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data,” Data Mining in Security Applications, Columbia University, 2001.
[6] J. Frank, “ Artificial Intelligence and Intrusion Detection: Current and Future Directions,” Proceedings of the 17th National Computer Security Conference, 1994.
[7] J. W. Haines, Lee M Eossey, “Extending the DARPA Off-Line Intrusion Dectection Similaritys,” DARAPA Information Survivability Conference & Exposition II, 2001.
[8] Joshua W. Haines, Lee M. Rossey, “Extending the DARPA Off-Line Intrusion Detection Similaritys,” Lincoln Laboratory, Massachusetts Institute of Technology, DARPA Information Survivability Conference & Exposition II, 2001. DISCEX ''01. Proceedings, Volume: 1, 2001.
[9] J. D. Howard, An Analysis Of Security Incidences On The Internet 1989-1995, master thesis, Carnegie mallon university, 1998.
[10] IETF, “http://www.ietf.org,” 2002.
[11] H. S. Javitz and A, Valdes. “The NIDES statistical component: description and justification,” Technical Report, Computer Science Laboratory, SRI International, 1993.
[12] Y. F. Jou, F. Gong, C. Sargor, X. Wu, S. F. Wu, H.C. Chang and F. Wang, “Design and Implementation of a Scalable Detection system for the Protection of Network Infrastructure,” DARPA Information Survivability Conference and Exposition, 2000.
[13] Know Trojan horses, “http://www.glocksoft.com/trojan_port.htm”, 2002
[14] S. Kumar, E. H. Spafford, ”A Pattern Matching Model for Misuse Intrusion Detection,” Proceedings of the 17th National Computer Security Conference, 1994.
[15] S. C. Lee and D. V. Heinbuch, ”Training a Neural-Network Based Intrusion Detector to Recognized Novel Intrusions,” IEEE Transactions on Systems, Man, and Cybernetics-part a: Systems and Humans, Vol. 31,No.4, JULY 2001.
[16] W. Lee and S.J. Stolfo. “Data mining approaches for intrusion detection,” Proceedings of the 1998 USENIX Security Symposium, 1998.
[17] W. Lee, S. J. Stolfo, and K.Mok. “Data mining in work flow environments: Experiences in intrusion detection,” Proceedings of the 1999 Conference on Knowledge Discovery and Data Mining (KDD-99), 1999.
[18] Y. T. Lin, S. S. Tseng, and S. C. Lin, “An intrusion detection model based upon intrusion detection markup language (IDML),” Journal of Information Science and Engineering, Vol. 17, No.6, 2001, pp. 899-919, 2001.
[19] Y. T. Lin, S. S. Tseng, and S. J. Lin, "Intrusion Detection Markup Language (IDML) and IDML based intrusion detection model,” 5th World Multiconference on Systemics, Cybernetics and Informatics (SCI 2001) Orlando ,USA, 2001.
[20] Lippmann, Richard P., and Cunningham, Robert K., “Using Key-String Selection and Neural Networks to Reduce False Alarms and Detect New Intrusions with Sniffer-Based Intrusion Detection System,” Lincoln Laboratory, Massachusetts Institute of Technology, RAID 99 Conference, 1999.
[21] B. Mukherjee, L.T. Heberlein, and K.N. Levitt, “Network Intrusion Detection,” IEEE Network, pages 26-41, May/June, 1994.
[22] T. H. Ptacek, T. N. Newsham, “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection,” Technical Report, Secure Networks, Inc. January, 1998.
[23] Snort, “http://www.snort.org”,2002.
[24] W. Stallings, Handbook of Computer Communications Standards: The Open Systems Interconnection (OSI) Model and OSI-Related Standards, 2nd Edition, Macmillan, 1990.
[25] R. Srikant and R. Agrawal, “Mining Sequential Patterns: Generalizations and Performance Improvements,” Proceedings of the Fifth International Conference on Extednding Database Technology (EDBT96), Avigonon, France, March 1996.
[26] W3C, “XML Page,” http://www.w3.org/XML,” 2002.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top