跳到主要內容

臺灣博碩士論文加值系統

(3.229.124.74) 您好!臺灣時間:2022/08/11 08:19
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:簡士偉
研究生(外文):Roger S.W. Chien
論文名稱:可擴充性主動式網路入侵防禦系統架構之研究
論文名稱(外文):An Extensible Framework for Active Network Intrusion Detection System
指導教授:黃能富黃能富引用關係
指導教授(外文):Nen-Fu Huang
學位類別:碩士
校院名稱:國立清華大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
論文頁數:32
中文關鍵詞:入侵偵測系統主動式入侵偵測系統病毒網路攻擊被動式入侵偵測系統
外文關鍵詞:Intrusion Detection SystemIDSANIDSVirusNetwork AttackWorm
相關次數:
  • 被引用被引用:3
  • 點閱點閱:360
  • 評分評分:
  • 下載下載:69
  • 收藏至我的研究室書目清單書目收藏:1
越來越多的電腦以網路相互連接,且電腦病毒和網路攻擊事件與日遽增,所以網路安全也越來越被公眾所重視。現在有一些網路設備已經被使用來增加安全性,像是防火牆(Firewalls)或是入侵偵測系統(Intrusion Detection System, IDS)。但是對入侵偵測系統來說,先前的研究或成果大多著重於被動模式,主要是提供偵測並發出警報。但是以最近的網路攻擊和病毒的行為模式來看,這不足以應付現今的網路威脅。主動式網路入侵偵測系統(Active Network IDS, ANIDS)將有助於解決這個問題。
本論文將說明主動式網路入侵偵測系統的主要優點為將攻擊阻絕於第一線,以及主動積極的防禦,可以對攻擊前預先的偵測活動予以阻絕或是混淆攻擊者視聽。不過,它也有和其他網路安全設備和被動式入侵偵測系統相似的缺點。相關的研究成果和系統,如Firewalls、被動式入侵偵測系統、Protocol Scrubber以及Hogwash將被提出來比較研究。設計和實作一個主動式網路入侵偵測系統牽涉許多考慮和折衷因素,像是效能和擴充性,在本論文中將提出來。本論文將提出一個具有彈性、有效率、可擴充性的系統架構,提供主動式網路入侵偵測系統設計的基礎。我們將據此在Linux 2.4上實作一個系統雛形,效能和偵測能力將和Hogwash作相對比較。
The network security is getting more awareness by public because the computers are network connected and there are increasing worms and network attacks in recent years. Some network devices are introduced to help increasing security, like firewalls and intrusion detection systems (IDS). But for IDS, previous works mostly focused on passive model, which aims at detections and alerting. But it is not enough to cope with current network threats. An active network IDS (ANIDS) would help to patch the rift.
The thesis introduces that the main advantage of ANIDS is to stop attacks at first line and proactive defense. The ANIDS also has some limits like other security gateways and passive IDS. Several related works are surveyed, and a comparison among passive IDS, active IDS and other gateways is given. The issues of designing an ANIDS involve several considerations and trade-offs, such as performance and extensibility. The thesis presents a flexible, efficient, extensible framework for designing an ANIDS. An implementation based on this framework is developed on Linux 2.4 kernel. Performance and detection ability is compared with Hogwash.
1. Introduction 5
1.1 Introduction 5
1.2 Objectives 6
1.3 Related Works and Background 7
1.3.1 Firewall 7
1.3.2 Passive IDS 7
1.3.2.1 Snort 8
1.3.2.2 Bro 9
1.3.3 Protocol Scrubber 9
1.3.4 Hogwash 10
1.4 Thesis Organization 11
2. The Design of Active Network IDS 12
2.1 Design Issues 12
2.2 Limitations 13
2.3 Our Design 14
2.3.1 Packet Dispatcher 15
2.3.2 Basic Statistics 17
2.3.3 Event Dispatcher 17
2.3.4 Auxiliary Module 17
2.3.5 Detection Preprocessor Module 18
2.3.6 Control Panel 18
2.3.7 Detection Engine 19
2.3.8 Event Handler 19
2.3.9 Packet Journey 19
3. The Implementation 21
4. Performance 23
5. Conclusion 28
6. References 30
[1] R. Heady, G. Luger, A. Maccabe, M. Servilla, “The Architecture of A Network Level Intrusion Detection System”, Technical Report CS-90-20, Dept. of Computer Science, University of New Mexico, August 1990.
[2] S. Axelsson, “Research in Intrusion-detection Systems: A Survey”, Technical Report 98─17, Dept. of Computer Engineering, Chalmers University of Technology, December 1998.
[3] R. Barber, “The Evolution of Intrusion Detection Systems - The Next Step”, Computers & Security, Volume 20 Issue 2, pp.132-145, April 2001.
[4] eEye Digital Security, “.ida Code Red Worm”, http://www.eeye.com/html/Research/Advisories/AL20010717.html, July 2001.
[5] Fyodor, “Remote OS Detection via TCP/IP Stack Fingerprinting”, http://www.insecure.org/nmap/nmap-fingerprinting-article.html”, April 1999.
[6] M. de Vivo, E. Carrasco, G. Iserm, and G. O. de Vivo, “A Review of Port Scanning Techniques”, Computer Communication Review, Volume 29, No. 2, April 1999.
[7] M. Smart, G. Robert Malan, and F. Jahanian, “Defeating TCP/IP Stack Fingerprinting”, Proceedings of the 9th USENIX Security Symposium, August 2000.
[8] D. B. Chapman and E. D. Zwicky, “Building Internet Firewalls”, pp. 17, O’Reilly & Associates, Inc. 1995.
[9] M. de Vivo, G. O. de Vivo, R. Koeneke and G. Isern, “Internet Vulnerabilities Related to TCP/IP and T/TCP”, ACM SIGCOMM Computer Communication Review, Volume 29, No. 1, pp.81-85, January 1999.
[10] R., “FAQ: Network Intrusion Detection Systems”, http://www.robertgraham.com/pubs/network-intrusion-detection.txt, 1999.
[11] Snort, http://www.snort.org
[12] Libpcap, http://www.tcpdump.org
[13] D. Curry and H. Debar, “Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition”, IETF IDWG Internet Draft, http://www.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-06.txt, December 2001.
[14] V. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time”, Computer Networks, 31(23-24), pp. 2435-2463, December 1999.
[15] G. R. Malan, D. Watson, F. Jahanian and P. Howell,“Transport and Application Protocol Scrubbing”, Proceedings of the IEEE INFOCOM 2000 Conference, Tel Aviv, Israel, March 2000.
[16] Hogwash, http://hogwash.sourceforge.net/
[17] Libnet — Packet Assembly System, http://www.packetfactory.net/Projects/Libnet/.
[18] M. Fisk, G. Varghese, “Fast Content-Based Packet Handling for Intrusion Detection,” UCSD Technical Report CS2001-0670, University of California San Diego, May 2001.
[19] NetFilter, http://netfilter.samba.org/
[20] MITRE, “CVE-2000-0884,” http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884
[21] arachNIDS, “IDS297/WEB-MISC_HTTP-DIRECTORY-TRAVERSAL1,” http://www.whitehats.com/IDS/297
[22] arachNIDS, “IDS298/WEB-MISC_HTTP-DIRECTORY-TRAVERSAL2,” http://www.whitehats.com/IDS/298
[23] B. Cheswick, “An Eventing with Berford in Which a Cracker is Lured, Endured, and Studied,” Firewall and Internet Security, Chapter 10, Addison-Wesley, 1994.
[24] D.Klug, Honey Pots and Intrusion Detection, SANS Institute, September 2001.
[25] The Honeynet Project, Know Your Ememy: Honeynets, http://www.honeynet.org/papers/, April 2000.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top