跳到主要內容

臺灣博碩士論文加值系統

(3.81.172.77) 您好!臺灣時間:2022/01/21 18:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:蔡昌憲
研究生(外文):Chang-Hsien Tsai
論文名稱:以網頁連結快取加速網路入侵偵測系統
論文名稱(外文):Accelerating Network Intrusion Detection Systems by URL-caching
指導教授:林盈達林盈達引用關係
指導教授(外文):Ying-Dar Lin
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
論文頁數:22
中文關鍵詞:網路入侵偵測系統網頁連結快取效能
外文關鍵詞:Network Intrusion Detection SystemURL-cachingperformance
相關次數:
  • 被引用被引用:2
  • 點閱點閱:198
  • 評分評分:
  • 下載下載:33
  • 收藏至我的研究室書目清單書目收藏:2
網路入侵偵測系統(NIDS)可以視為一種危機轉移的技術,用來與防火牆之類的預防技術搭配。然而,當特徵規則(signature)的數量增加時,相當費CPU時間的網路入侵偵測系統可能無法檢查所有經過的封包,我們正嘗試減輕這個狀況。本研究使用網頁連結快取(URL-caching)來加速網路入侵偵測系統,經由儲存正常的網路連結快取,連續的網頁存取可以跳過所有的網頁特徵規則,我們以此修改Snort並獲得15%的效能提昇。

Network intrusion detection system (NIDS) can be considered as a risk mitigation technique to complement the risk prevention technique such as firewall. However, CPU-intensive NIDS might not be able to examine all incoming packets as the network load or the number of the signatures increases. We are trying to alleviate this situation. This work uses URL-caching to accelerate the NIDS. By caching healthy URL’s, successive web access skips all Web signatures. We patch Snort and gain 15% performance speedup.

1. INTRODUCTION 1
1.1 THE WEAKNESS OF FIREWALLS 1
1.2 INTRUSION DETECTION SYSTEM 2
1.3 THE PERFORMANCE ISSUE IN NIDS 3
2. URL-CACHING 7
2.1 WEB INTRUSION DETECTION IN SNORT 7
2.2 THE IDEA OF URL-CACHING 8
3. ALGORITHM DESIGN 11
4. IMPLEMENTATION IN SNORT 13
4.1 SNORT INTERNALS 13
4.2 IMPLEMENTATION IN SNORT 15
5. BENCHMARK 17
5.1 PERFORMANCE BENCHMARK 17
5.2 MEASUREMENT OF THE CACHE USAGE 18
5.3 MEASUREMENT OF THE DROP RATE 19
6. CONCLUSIONS 21

[1] Snort:The Open Source Network Intrusion Detection System, http://www.snort.org/
[2] CERT Coordination Center, “Overview of Attack Trends”, http://www.cert.org/archive/pdf/attack_trends.pdf, 2002.
[3] Internet Security Systems, “Internet Risk Impact Summary: for December 22, 2001 through March 21, 2002”, https://gtoc.iss.net/documents/summaryreport.pdf, 2002
[4] Mortin Roesch, “Snort — Lightweight Intrusion Detection for Networks”, UNENIX LISA Conference, 1999
[5] Coit, C. Jason, S. Staniford, and J. McAlerney. “Towards Faster Patern Matching for Intrusion Detection or Exceeding the Speed of Snort", DISCEX II, 2001.
[6] Mike Fisk and George Varghese, “Fast Content-Base Packet Handling for Intrusion Detection”, UCSD Techinal Report: ucsd-tr-cs2001-0670
[7]CERT, "CERT® Advisory CA-2001-23 Continued Threat of the Code Red Worm", http://www.cert.org/advisories/CA-2001-23. html, 2001
[8] eEye Digital Security, “All versions of Microsoft Internet Information Services Remote buffer overflow (SYSTEM Level Access)”, http://www.eeye.com/html/Research/Advisories /AD20010618.html, 2001.
[9] Steve McCanne, Craig Leres, Van Jacobson, Network Research Group, Packet Capturing Library, Laurence Berkeley National Laboratory. http://www.ee.lbl.gov/libpcap.tar.Z_§
[10] Ptacek and T. Newsham, “Insertion, Evasion and Denial of Service, Eluding Network Intrusion Detection”, Secure Network Inc., 1998

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top