跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.171) 您好!臺灣時間:2024/12/13 02:00
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:葉耀中
研究生(外文):Yao-Chung Yeh
論文名稱:XML為基礎的狀態化網路攻擊產生器
論文名稱(外文):The Design and Implementation of XML-based Stateful Attack Generator
指導教授:黃能富黃能富引用關係
指導教授(外文):Nen-Fu Huang
學位類別:碩士
校院名稱:國立清華大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2002
畢業學年度:90
語文別:英文
中文關鍵詞:網路攻擊
相關次數:
  • 被引用被引用:0
  • 點閱點閱:220
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
本篇論文描述了一個網路攻擊系統的設計與實作,此網路攻擊系統提供了一個以 XML 為基礎的攻擊語言與可以和被攻擊者建立網路連線的多個攻擊步驟的網路攻擊產生器。藉由 XML 可以使得攻擊描述語言變得更加有彈性和可讀性,並可以幫助使用者描述系統安全漏洞與網路攻擊程序。只要能分析出網路攻擊案例的所需步驟與特徵,使用者便能利用這套以 XML為基礎的攻擊語言描述網路攻擊案例並依據攻擊語言所描述的文件產生網路攻擊。從已知的系統漏洞或弱點分析並繪製成狀態轉移圖能幫助使用者更容易的使用此攻擊語言來描述網路攻擊,而此攻擊系統便可藉由此語言描述的檔案自動的產生網路攻擊。以狀態轉移圖為基礎編寫網路攻擊的XML 檔案,攻擊系統不但可以利用 XML 檔案產生單一攻擊封包,更可以產生多個步驟的連線攻擊封包,如 FTP 和 HTTP 攻擊案例。除了針對單一主機產生網路攻擊,此攻擊系統亦可以用多執行緒對多台主機同時產生網路攻擊,而利用此攻擊系統可將攻擊案例以檔案為單位蒐集成一攻擊資料庫,選取欲攻擊的項目產生攻擊。這個網路攻擊案例資料庫對於攻擊案例的分析可以更加清楚的了解,而其所產生的攻擊也能用來對網路偵測系統作測試與評估,以了解是否網路偵測系統真正能夠偵測資料庫裡的網路攻擊。

This thesis presents the design and implementation of an attack system to provide the XML-based attack language and the stateful attack generator. By using XML, the attack description language becomes more readable and flexible. The language can help us describe security exploits and attack procedures. As long as analyze the procedures and signatures of the network attacks, the users can describe the attacks with the XML-based attack language to generate real network attacks. Mapping from known vulnerability to the state-transition diagram will help the users more easily use the XML-based attack language to describe network attacks. The attack system can generate attacks automatically with the attack description language. Based on the state transition diagram to write XML attack files, the system can not only generate single packets but also make a connection to do stateful attack-FTP and HTTP attack cases.

Chapter 1 Introduction 1
Chapter 2 Related Works 3
2.1 Types of Network Attacks 3
2.1.1 Unauthorized privileged access 3
2.1.2 Trojan Horse/Malicious Code 4
2.1.3 Internet Sniffers 4
2.1.4 Scanning Attacks 4
2.1.5 Denial of Service Attack 5
2.2 Attack Language 5
2.3 XML 6
2.4 IDS 7
Chapter 3 Attack Language 9
3.1 Attack Language Definition 9
3.1.1 Lexical elements 9
3.1.2 Scenario 9
3.1.3 Data Types 10
3.1.3.1 Packet Information 11
3.1.3.2 Service Information 13
3.1.4 State 14
3.1.5 Transition 15
3.2 Use XML to define attack language 15
3.2.1 Attack Packet and Service Information 16
3.2.1.1 IP Packet Information 16
3.2.1.2 ICMP Packet Information 16
3.2.1.3 IGMP Packet Information 16
3.2.1.4 UDP Packet Information 17
3.2.1.5 TCP Packet Information 17
3.2.1.6 HTTP Service Information 18
3.2.1.7 FTP Service Information 18
3.2.2 Attack State Transition 19
3.2.2.1 State Information 19
3.2.2.2 Transition Information 20
Chapter 4 Attack System Architecture 22
4.1 XML Translator 23
4.2 XML Parser 24
4.3 Attack State Transition Engine 25
4.4 Attack Packet Generator and Response Engine 26
4.5 Attack Report 27
Chapter 5 Experiment 30
5.1 Testing Environment 30
5.2 Testing Flow 31
5.3 Attack Cases 32
5.3.1 HTTP PHP File Read 32
5.3.2 FTP Bounce Attack 36
Chapter 6 Conclusions 40
References 41

[1] S. T. Eckmann, V. Giovanni, and R. A. Kemmerer. STATL: An attack language for state-based intrusion detection. In ACM Workshop on Intrusion Detection Systems, 2000.
[2] Vigna, G., Eckmann, S. T., and Kemmerer, R. A. (2000a). Attack Languages. In Proceedings of the IEEE Information Survivability Workshop.
[3] Secure Networks. Custom Attack Simulation language (CASL), January 1998.
[4] Sandeep Kumar. Classification and Detection of Computer Intrusions. Ph.D. Dissertation, August 1995.
[5] David A Curry, Herve Debar, Ming-Yuh Huang, “Intrusion Detection Message Exchange Format Extensible Markup Language (XML) Document Type Definition”, June 2001.
[6] Document Object Model (DOM) Level 1 Specification, http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001/
[7] Document Object Model (DOM) Level 1 Specification (Second Edition), http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
[8] R. Deraison. The nessus attack scripting language reference guide. http://www.nessus.org.
[9] Extensible Markup Language (XML) 1.0 (Second Edition), W3C Recommendation 6 October 2000. http://www.w3.org/TR/2000/REC-xml-20001006
[10] Guide to the W3C XML Specification ("XMLspec") DTD, Version 2.1 http://www.w3.org/XML/1998/06/xmlspec-report.htm
[11] CERT/CC Statistics 1988-2002, http://www.cert.org/stats/
[12] The Twenty Most Critical Internet Security Vulnerability, http://www.sans.org/top20.htm
[13] CERT http://www.cert.org/
[14] Internet Security Systems http://www.iss.net
[15] X-Force http://xforce.iss.net
[16] Security Focus http://www.securityfocus.com/
[17] Packet Storm http://packetstorm.dnsi.info/
[18] W.Richard Stevens, TCP/IP Illustrated, Volume 1, 1994.
[19] Harold, Elliotte Rusty, XML Bible, IDG Books Worldwide,1999.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top