跳到主要內容

臺灣博碩士論文加值系統

(100.28.227.63) 您好!臺灣時間:2024/06/16 20:25
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:林崇頤
研究生(外文):Chung-Yin Lin
論文名稱:適應於多量弱點資訊之智慧型攻擊圖形產生器
論文名稱(外文):Intelligent Attack Graph Generator Adapting to Large Vulnerability Information
指導教授:田筱榮田筱榮引用關係
指導教授(外文):Hsiao-Rong Tyan
學位類別:碩士
校院名稱:中原大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2003
畢業學年度:91
語文別:中文
論文頁數:68
中文關鍵詞:網路安全稽核智慧型攻擊圖形產生器弱點分析
外文關鍵詞:intelligentattack graph generatornetwork security auditexploitVulnerability analyze
相關次數:
  • 被引用被引用:2
  • 點閱點閱:310
  • 評分評分:
  • 下載下載:15
  • 收藏至我的研究室書目清單書目收藏:0
弱點分析重要於確保一個網路環境的安全。假如網路環境中存在著由某些服務所導引之攻擊路徑,則表示這些具有弱點之服務是易受攻擊的。目前研究上,已經有許多以圖形理論為基礎的工具提出發現這些可能被攻擊者利用來達成目標之攻擊路徑的方法。雖然這些可找出所有可能攻擊路徑之自動化工具都為可用的,但是在電腦化模型檢查程序以前,他們仍需以手動方式來將知識努力並熟練的描述成攻擊樣板。另外,由於每一年發現的弱點的數量以指數增加,加上網路中的架構變化發生得更多和更為經常,以及個體系統安裝的軟體常常變化,所以理想的攻擊圖形產生系統為盡量減少手動建立。在本文中,將提出智慧型攻擊圖形產生器。在此攻擊圖形產生器中,弱點資訊為由收集官方來源資料而取得。而系統設定與軟體安裝資訊則透過報告機制被採集,而此二者都是自動程式。最後結果資訊將構成關於環境的原始事實。然後藉由再一套從專家知識所衍生之規則,來取得攻擊樣板。最後透過此推論規則以分析原始事實所產生之攻擊樣板來將可能的攻擊路徑在一個完全自動化的過程中找出。此智慧型攻擊圖形產生器已被實作成系統,並且以實驗證實其提出架構之正確性。
Vulnerability analysis is important to ensure the security of a network environment. Critical services in a network environment with vulnerabilities are vulnerable if there are attack paths leading to the services. Many tools based on graph theory have been proposed to discover the possible attack paths through which an attacker may exploit to reach his final goal. Although automated tools to find all possible attack paths are available, they require manual effort and expert knowledge to describe the one-step attack templates before computerized model checking procedure can be performed. As the amount of vulnerabilities discovered doubles exponentially every year, the configuration change in network occurs more and more often, and the softwares installed to individual system varies from time to time, an attack graph generation system which demands little manual effort and expert knowledge is desirable. In this thesis, an intelligent attack graph generator is proposed. In this attack graph generator, vulnerability information is derived from data collected from authoritative sources. The configuration and the software installation information are gathered through a reporting mechanism. Both are automatic procedures. The resulted information constitutes the primitive facts about the environment. A set of rules is derived to model the expert knowledge central to the derivation of the one-step attack templates. By utilizing the influence rules to analyze the primitive facts, the one-step attack templates can be generated and the possible attack paths can be explored in a fully automated process. The intelligent attack graph generator has been implemented, and experiments have been conducted to verify the correctness of the proposed scheme.
目錄
摘要 I
ABSTRACT II
誌謝 III
目錄 IV
圖目錄 VII
表目錄 IX
第一章 引言 1
1.1 研究背景 1
1.2 研究動機 2
1.3 研究概要與目的 3
1.4 論文架構 4
第二章 文獻回顧 5
2.1 弱點分析 5
2.2 攻擊圖形之產生方式 6
2.2.1 手繪產生攻擊圖形 7
2.2.2 自動產生攻擊圖形 7
2.3 問題描述 9
第三章 研究方法 12
3.1 安全相關資訊 13
3.1.1 不變資訊 14
3.1.2 更新資訊 17
3.1.3 多變資訊 18
3.2 攻擊原形 19
3.3 攻擊圖形 24
第四章 系統結構實作 28
4.1 資訊取得介面 30
4.2 弱點掃描模組 32
4.3 推論引擎 33
4.3.1 資訊事實 34
4.3.2 攻擊原形推論規則 37
4.3.3 攻擊圖形推論規則 38
4.3.4 目標查詢 40
第五章 模擬實驗 41
5.1 假設存在大量弱點與主機之環境 41
5.1.1 事例1模擬環境描述 41
5.1.2 事例1實驗結果 42
5.2 假設公佈新弱點資訊之環境 44
5.2.1 事例2模擬環境 44
5.2.2 事例2實驗結果 44
第六章 討論與結論 46
6.1 討論 46
6.2 結論 48
第七章 未來方向 50
參考文獻 51
附錄 53

圖目錄
圖2.1、手繪產生攻擊圖形 6
圖2.2、自動產生攻擊圖形 6
圖2.3、攻擊趨勢之調查報告 10
圖2.4、安全相關資訊之複雜性 11
圖3.1、本研究之目標 12
圖3.2、程式存取狀況資訊欄位 15
圖3.3、錯誤系統安全設定資訊欄位 16
圖3.4、軟體弱點資訊欄位 18
圖3.5、問題流程示意圖 19
圖3.6、軟體弱點攻擊原型組合圖 21
圖3.7、錯誤系統安全設定攻擊原型組合圖 21
圖3.8、攻擊原形圖形化 23
圖3.9、權限提升之攻擊過程 25
圖3.10、使用者關係表示圖 26
圖3.11、攻擊序列迴圈問題 27
圖4.1、人類的思考模式 28
圖4.2、系統結構圖 29
圖4.3、ICAT弱點資料庫 31
圖4.4、資訊取得介面 31
圖4.5、Prolog推論引擎架構圖 33
圖4.6、事實建構過程圖 34
圖4.7、連線狀況資訊事實 35
圖4.8、事先需要事實與後來需要事實 35
圖4.9、弱點資訊事實 36
圖4.10、攻擊原形產生規則 37
圖4.11、攻擊原形轉移規則 38
圖4.12、轉移檢查程序 39
圖4.13、系統檢查目標查詢 40
圖5.1、事例1模擬環境 41
圖5.2、事例1分析結果 43
圖5.3、事例1實驗結果樹狀圖 43
圖5.4、事例2模擬環境 44
圖5.5、事例2實驗結果 45

表目錄
表2.1、攻擊圖形相關研究比較表 10
表3.1、使用者存取權限分類 15
表5.1、事例1弱點詳表 42
[1] K. Micki and T.F. Harold, Information security management handbook, vol. 2, Boca Raton, 1999.
[2] D. Zerkle and K. Levitt, “NetKuang – A Multi-Host Configuration Vulnerability Checker,” Proceedings of the Sixth USENIX UNIX Security Symposium, San Jose, CA, 1996.
[3] R. Ritchey and P. Ammann, “Using Model Checking to Analyze Network Vulnerability,” Proceeding of IEEE Symposium on Security and Privacy, pp. 156-165, May 2000.
[4] C.R. Ramakrishnan and R. Sekar, “Model-Based Vulnerability Analysis of Computer Systems,” 2nd Int'l Workshop on Verification, Model Checking and Abstract Interpretation, Sep 1998.
[5] R. Sekar, C.R. Ramakrishnan, I.V. Ramakrishnan, and S. Smolka,“Model-Based Analysis of Configuration Vulnerability,” New Security Paradigms Workshop, 2000.
[6] C.R Ramakrishnan and R. Sekar, “Model-Based Analysis of Configuration Vulnerabilities,” Journal of Computer Security, vol. 10, num 1/2, pp. 189-209, 2002.
[7] M. Dacier, Y. Deswarte, and M. Kaaniche, “Quantitative Assessment of Operational Security: Models and Tools,” LAAS Research Report 96493, May 1996.
[8] C. Phillips and L.P. Swiler, “A Graph-Based Network-Vulnerability Analysis System,” ACM New Security Paradigms Workshop, pp. 71-79, 1998.
[9] L.P. Swiler, C. Phillips, D. Ells, and S. Chakerian, “Computer-Attack Graph Generation Tool,” DARPA Information Survivability Conference and Exposition, vol 2, pp. 307-321, Anaheim, California , June 2001.
[10] O. Sheyner, J. Haines, S. Jha ,R. Lippmann, and J. Wing, “Automated Generation and Analysis of Attack Graphs,” Proceeding of IEEE Symposium on Security and Privacy, Oakland, California, USA, May 2002.
[11] S. Jha, O. Sheyner, and J. Wing, “Two Formal Analyses of Attack Graphs,” 2002 IEEE Computer Security Foundation Workshop, pp. 49-63, June 2002.
[12] D. Framer and E. Spafford,“The COPS Security Checker System,” Proceeding of the summer Usenix Conference, 1990.
[13] M. Freiss, Protecting Networks with SATAN, O’Reilly, 1999.
[14] Nessus Scanner, <http://www.nessus.org.>.
[15] Allen Householder, Kevin Houle, and Chad Dougherty, “Computer Attack Trends Challenge Internet Security,” CERT Coordination Center, 2002.
[16] MITRE CVE, <http://www.cve.mitre.org/>.
[17] 陳宗裕,支援弱點稽核與入侵偵測之整合性後端資料庫設計研究,中原大學研究所,碩士論文,中華民國九十年七月。
[18] R.P. Lippmann, D.J. Fried, I. Graf, and J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunninghan, and M.A. Zissman. “Evaluating Intrusion Detection Systems: The 1998 Darpa Off-line Intrusion Detection Evaluation.” Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, January 2000.
[19] RFC 2570 Introduction to SNMPv3 (April 1999).
[20] ICAT, <http://icat.nist.gov/icat.cfm>.
[21] Rebecca Bace and Peter Mell , “Intrusion Detection Systems,” National Institute of Standards and Technology , 1999.
[22] Tiger Analytical Research Assistant, <http://www-arc.com/tara/>.
[23] Whisker, <http://www.wiretrip.net>.
[24] Security Auditor’s Research Assistant, <http://www-arc.com/sara/>.
[25] GNU-Prolog, <http://gnu-prolog.inria.fr/>.
[26] G.F. Luger and W.A. Stubblefield, Artificial Intelligence: Structures and Strategies for Complex problem solving, Second Edition, The Benjamin. Cummings Publishing Company. INC., 1993.
[27] T. Dodd, Prolog: a Logical Approach, Oxford University Press, 1990.
[28] T. Aslam, “A Taxonomy of Security Faults in the UNIX Operating System,” Master Thesis, Department of Computer Sciences, Purdue University, 1995.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top