臺灣博碩士論文加值系統

電腦網際網路的高速成長，使得政府機關及民間企業陸續開發許多網路為基礎的應用與服務，衍生駭客應用網路入侵電腦竊取機密的問題，網路攻擊手法的日趨進步已使得第一道防線防火牆被動的資訊防禦技術不足以防堵各式各樣網路攻擊，特別是對合法掩飾非法之攻擊行為：例如阻斷服務攻擊（Denial of Service,DOS），而主動性的入侵偵測已成為加強網路架構安全的重要發展方向之一。本文針對現有的網路入侵偵測系統提出一分散式入侵偵測構想，經由實作分析入侵偵測系統之應有資料結構設計、演算法、入侵偵測機制、模組化考量、系統運作流程及架構、模組功能等提出實作範例及討論；以作為後續研究者之參考。

The high growth of Internet makes governments and enterprises develop internet-based applications and services continually and thus hackers steal confidential events through networks. The advancement of network attack technology makes the first line firewall inadequate for passive information defense techniques especially for denial of service attacks . Voluntary intrusion detections have become one of the important facts to strengthen network security. In accordance with existing intrusion detections this paper brings up a proposal of distribution intrusion detections. The author recommends for intrusion detections implement details such as data structure design, algorithm, intrusion detection functions, modular concept, flow chart, program structure …etc to be a research worker reference.

誌謝 I
摘要 II
ABSTRACT III
目錄 IV
圖目錄 VI
表目錄 VIII
第一章 緒論 1
　第一節 研究動機與背景 1
　第二節 研究目的 4
　第三節 研究方法 5
　第四節 研究範圍與主要成果 8
　第五節 論文結構 9
第二章 阻絕服務攻擊與入侵偵測文獻探討 11
　第一節 阻絕服務與分散式阻絕服務 11
　第二節 阻絕服務與入侵偵測 17
第三章 入侵偵測系統 23
　第一節 定義 25
　第二節 分類與偵測方式 25
　第三節 現有入侵偵測系統 35
第四章 分散式入侵偵測系統分析與設計 41
　第一節 主要功能及需求 41
　第二節 系統元件架構 44
第五章 入侵偵測系統實作 50
　第一節 封包讀取模組 53
　第二節 過濾元件（協定過濾模組、封包表頭暨資訊模組） 59
　第三節 有限狀態推理模組 63
第六章　結論與未來研究方向 72
　第一節本文貢獻 73
　第二節後續發展方向 74
參考文獻 75
中文部分
英文部分
自傳

[1]陳培德、賴溪松著[民91]，「入侵偵測系統簡介與實現」，　　
Communication of the CCISA Vol.8 No.2頁8—20.
[2]林育生、嚴大中、廖百齡、俞齊醒、陳寶騏、江清泉等著[民91]，
「整合式網路安全系統」，國防通信電子及資訊季刊，第二期，頁23- 36.
[3]嚴大中、廖百齡、龔炎欽等著[民91]，「國軍電子認證安全機制之研
究」，國防通信電子及資訊季刊，第二期，頁71-79.
[4] Richard Power[2001],”2001 CSI/FBI Computer Crime and
Security Survey. ”, Computer Security Journal, Vol. VII ,
Spring 2001
[5] G. Vigna and R. Kemmerer[1998], “NetSTAT：A Network-based
Intrusion Detection Approach” in Proceedings of the 14th
Annual Computer Security Application Conference,
Scottsdale , Arizona
[6] G. Vigna and R. Kemmerer[1999], “NetSTAT：A Network-based
Intrusion Detection System,” Journal of Computer Security,
7(1)IOS Press,
[7] Schuba, C.L.; Krsul, I.V.; Kuhn, M.G.; Spafford, E.H.;
Sundaram, A.; Zamboni, D.[ 1997]”Security and Privacy”
1997. Proceedings, 1997 IEEE Symposium on, Page(s): 208 -
223”
[8] Rebecca Bace and Peter Mell[May 2002] ,”NIST Special
Publication On Intrusion Detection Systems”,
http://21cfrpart11.com/files/library/government/intrusion_detect ion_systems_0201_draft.pdf
[9] Endler, D.[1998]”Computer Security Applications
Conference”, 1998. Proceedings. 14th Annual,Page(s): 268—
279
[10] Ilgun, K.; Kemmerer, R.A. Porras, P.A.[1995],”State
transition analysis: a rule-based intrusion detection
approach”, IEEE Transactions on Software Engineering,
Volume: 21 Issue: 3 , Page(s): 181—199
[11] Luc Girardin[1999],”An eye on network intrusion -
administrator shootout” ,Proceedings of the Workshop on
Intrusion Detection and Network Monitoring, Page(s): 9-12，
[12] Terrance Goan[1999],“A cop on the beat: collecting and
appraising intrusion evidence” Communications of the
ACM ,July 1999 Volume 42 Issue 7 Page(s): 46—52
[13] Endler, D.[1998],”Intrusion detection Applying machine
learning to Solaris audit data”,Computer Security
Applications Conference, Proceedings. 14th Annual , Page
(s): 268 -279
[14] Dennying, D.[1987],“An intrusion-detection model”.IEEE
Trans. Softw. Eng. SE-13,2., Page(s):222-232
[15] Robert L. Kruse,Bruce P. Leung,Clovis L.Tondo[1991],”Data
Structures and program design in C”.Prentice-Hall
Internation Editions ,1991 Page(s)：69-71
[16] Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford,
E.H.,Sundaram, A., Zamboni, D.,[1997]”Analysis of a
denial of service attack on TCP “Security and Privacy,
Proceedings. 1997 IEEE Symposium on, Page(s): 208 -223
[17] Andrew S. Tanenbaum[1992],”Modern operating systems”
Prentice-Hall,Inc. ,Page(s)：507-519
[18] W. Richard Stevens[1999],”TCP/IP Illustrated，Volume 1
The Protocols” Addison-Wesley. Page(s)：6,23
[19] Erhard, W., Gutzmann, M.M., Libati , H.M.[2000],”Network
traffic analysis and security monitoring with UniMon“
High Performance Switching and Routing, ATM 2000.
Proceedings of the IEEE Conference on , 2000 Page(s): 439—
446
[20] Tim Bass[2000],”Intrusion detection systems and multi-
sensor data fusion “ ACM Press,New York,USA Periodical
Issue Article Page(s): 99-105
[21] Heberlein, L. et al.[1990]”A network security monitor.”
In Proceeding of the IEEE CS Symposium on Research in
Security and Privacy.(May 1990).IEEE,New York,N. Y.;Page(s)
296-303
[22] Mukherjee,D., Heberlein, L.,and Levitt,K.[1994]”Network
intrusion detection and misuse.”IEEE Netw. 8,3(May/June
1994), Page(s)26-41
[23] Snapp. S. et al.[1991]”A system for distributed intrusion
detection ”,In Proceeding of the IEEE COMPCON.(Mar.
1991).IEEE,New York, NY., Page(s)170-176.