(34.239.176.198) 您好!臺灣時間:2021/04/23 18:58
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:蔡孟凱
研究生(外文):Meng-Kai Tsai
論文名稱:基於有限狀態機且具有預知能力的網路入侵偵測系統
論文名稱(外文):A Finite Automata Based Foresight Network Intrusion Detection System
指導教授:曾憲雄曾憲雄引用關係
指導教授(外文):Shian-Shyong Tseng
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2003
畢業學年度:91
語文別:中文
論文頁數:55
中文關鍵詞:網路入侵偵測系統有限狀態機XML資料探勘通訊協定
外文關鍵詞:NIDSFinite AutomataXMLData MiningProtocol
相關次數:
  • 被引用被引用:0
  • 點閱點閱:84
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著各式各樣的網路攻擊行為日益增加,網路安全逐漸地受到重視。近年來,已經有很多網路入侵偵測系統被開發出來協助管理者偵測這些惡意的行為。但是在眾多的網路入侵偵測系統中,大部分都只能達到偵測攻擊,卻無法達到預防攻擊的目的。在這篇論文中,我們提出一個基於有限狀態機且具有預知能力的網路入侵偵測系統 (FA-FNIDS) 來預防攻擊的發生。這個系統擁有一個管理中心以及三個處理階段。首先,我們整合通訊協定的運作模式以及使用者的使用習慣來建構一套正常的通訊協定運作知識庫。透過這個知識庫所提供的知識以及我們所提的有限狀態機比對演算法,可以在真正的攻擊開始之前,就將這些可疑的攻擊者過濾掉,以達到預防攻擊的目標。同時,我們也利用SPIRIT[13]資料探勘演算法來對我們所收集的使用者習慣定期地做進一步的挖掘,以期讓我們的系統具有更準確的判斷力。所以,我們希望可以透過這套系統達到預防攻擊的目標,進而發現新的攻擊模式。效率的追求以及一般的偵測能力也是我們所注重的議題。最後,我們也做了三個實驗來驗證FA-FNIDS的效能及偵測能力。

Due to the rapid growth of various network intrusions, network security is becoming an important issue. In recent years, a lot of network intrusion detection systems (NIDSs) have been developed to assist administrators in detecting the malevolent attacks. However, most of the NIDSs may not prevent attacks in probing phase. In order to prevent attacks, a Finite Automata Based Foresight Network Intrusion Detection System (FA-FNIDS) will be proposed in this thesis. The FA-FNIDS consists of a Management Center and three phases. Firstly, the protocol behavior and user behavior will be integrated to construct normal enhanced protocol behaviors which are provided for finite automata matching algorithm. The matching algorithm is used to calculate the malevolent probability for Management Center judging the degree of dangerous for a connection. For increasing the detection accuracy of FA-FNIDS, the SPIRIT mining algorithm[13] is used to discover the frequent user behaviors periodically. Therefore, the FA-FNIDS can prevent attacks and further find novel attacks. Finally, three experiments will also be done for evaluating the efficiency and the detection ability of our FA-FNIDS.

ABSTRACT (IN CHINESE) I
ABSTRACT II
ACKNOWLEDGEMENT III
TABLE OF CONTENT IV
LIST OF TABLE VI
LIST OF FIGURES VII
CHAPTER 1. INTRODUCTION 1
CHAPTER 2. RELATED WORK 3
2.1. INTRUSION DETECTION SYSTEM (IDS) 3
2.2. HOST-BASED INTRUSION DETECTION SYSTEM (HOST-BASED IDS) 4
2.3. NETWORK-BASED INTRUSION DETECTION SYSTEM (NIDS) 4
2.4. PACKET-BASED NETWORK INTRUSION DETECTION SYSTEM 5
2.5. CONNECTION-BASED NETWORK INTRUSION DETECTION SYSTEM 6
2.6. CONTENT-BASED NETWORK INTRUSION DETECTION SYSTEM 8
CHAPTER 3. MOTIVATIONS & GOALS 9
3.1. LIFE CYCLE OF AN ATTACK 9
3.2. SYSTEM DAMAGE IN ATTACK 12
3.3. FINITE AUTOMATA 14
3.4. GOALS 14
CHAPTER 4. SYSTEM ARCHITECTURE 16
4.1. THE CONCEPT OF OUR SYSTEM 16
4.2. THE OVERVIEW OF OUR SYSTEM 17
4.3. PACKET ENCODING PHASE 19
4.4. FINITE AUTOMATA CONSTRUCTION PHASE 25
4.5. ON-LINE DETECTION PHASE 28
4.6. MANAGEMENT CENTER 36
CHAPTER 5. FINITE AUTOMATA CONSTRUCTION APPROACH 38
5.1. THE PROCEDURE OF THE FINITE AUTOMATA CONSTRUCTION PHASE 39
5.2. KNOWLEDGE REPRESENTATION 39
5.3. MINING ALGORITHM 43
5.4. KNOWLEDGE INTEGRATION 43
CHAPTER 6. EXPERIMENT 47
6.1. EXPERIMENTAL ENVIRONMENT 47
6.2. EXPERIMENTAL RESULT 49
CHAPTER 7. CONCLUSION AND FUTURE WORK 52
REFERENCE 53

[1] J.P. Anderson, "Computer security threat monitoring and surveillance," Technique Report, Fort Washington Pa, April 1980
[2] R. Bace and P. Mell, "Intrusion Detection System," NIST Special Publication on Intrusion Detection System, 2001.
[3] S.M. Bellovin, "Security Problems in the TCP/IP Protocol Suite," ACM Computer Communications Review, Vol. 19, no. 2, pp.32-48, Apr. 1989
[4] J.B.D. Cabrera, B. Ravichandran, and R.K. Mehra, "Statistical Traffic Modeling for Network Intrusion Detection," Proceedings of the Eighth International 13 Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications System, pages 466-473, San Francisco, CA, August 2000. IEEE Computer Society.
[5] CERT, http://www.cert.org
[6] CERT Advisory CA-2000-13 Two Input Validation Problems In FTPD, http://www.cert.org/advisories/CA-2000-13.html
[7] CERT Advisory CA-2002-19 Buffer Overflows in Multiple DNS Resolver Libraries, http://www.cert.org/advisories/CA-2002-19.html
[8] C.J. Coit, S. Staniford, and J. McAlerney, "Towards Faster String Matching for Intrusion Detection or Exceeding the Speed of Snort," DARPA Information Survivability Conference & Exposition II, 2001. DISCEX ’01. Page(s): 367-373 vol.1
[9] J.E. Dickerson, J. Juslin, O. Koulousoula, and J.A. Dickerson, "Fuzzy Intrusion Detection," IFSA World Congress and 20th NAFIPS International Conference, 2001. Joint 9th, Volume: 3, 2001
[10] Ethereal — Network protocol analyzer for Unix and Windows, http://www.ethereal.com
[11] G. Florez, S.M. Bridges, and R.B. Vaughn, "An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection," Fuzzy Information Processing Society, 2002. Proceedings. NAFIPS. 2002 Annual Meeting of the North American, 2002
[12] J. Frank, "Artificial Intelligence and Intrusion Detection: Current and Future Directions," Proceedings of the 17th National Computer Security Conference, 1994
[13] M.N. Garofalakis, R. Rastogi, and K. Shim, "Mining Sequential Patterns with Regular Expression Constraints," IEEE Transactions on Knowledge and Data Engineering, Volume: 14 Issue 3, May/Jun 2002, Page(s): 530 - 552
[14] A. Ghosh, A. Schwartzbard, and M. Schatz, "Learning Program Behavior Profiles for Intrusion Detection," Proceedings of the Workshop on Intrusion Detection and Network Monitoring, 1999.
[15] J.D. Howard, An Analysis of Security Incidents on The Internet 1989 — 1995. Ph.D. Dissertation, Engineering and Public Policy Department, Carnegie Mellon University, Pittsburgh, Pennsylvania, April, 1997.
http://www.cert.org/research/JHThesis/Start.html
[16] IETF, http://www.ietf.org
[17] L.J. Konout, A. Yasinsac, and E. Mcduffie, "Activity Profiles for Intrusion Detection," Fuzzy Information Processing Society, 2002. Proceedings. NAFIPS. 2002 Annual Meeting of the North American, 2002
[18] S. Kumar, E.H. Spafford, "A Pattern Matching Model for Misuse Intrusion Detection," Proceedings of the 17th National Computer Security Conference, 1994
[19] A. Liska, The Practice of Network Security — Deployment Strategies for Production Environment. Allan Liska, Prentice Hall, Inc., 2002
[20] D. Liu, H. Wang, and X. Wang, "Data mining for intrusion detection," Info-tech and Info-net, 2001. Proceedings. ICII 2001 - Beijing. 2001 International Conference, Volume: 5 , 2001.
[21] T. Lunt, A. Tamaru, F. Gilham, R. Jagannthan, C. Jalali, H. Javitz, A. Valdos, P. Neumann, and T. Garvey, "A real-time intrusion-detection expert system (ides)," Technique Report, Computer Science Laboratory, SRI International, 1992
[22] W. Lee, and S.J. Stolfo, "A framework for constructing features and models for intrusion detection systems," ACM Transactions on Information and System Security, Vol. 3, No. 4, November 2000, Pages 227-261
[23] C.C. Michael and A. Ghosh, "Simple, State-Based Approaches to Program-Based Anomaly Detection," ACM Transactions on Information and System Security, 2002/08
[24] B. Mukherjee, L.T. Heberlein, and K.N. Levitt, "Network Intrusion Detection," IEEE Network, pages 26-41, May/June, 1994
[25] Nessus, http://www.nessus.org
[26] Nmap, Network Mapper, http://www.nmap.org
[27] POP3, http://www.ietf.org/rfc/rfc1081.txt?number=1081, Post Office Protocol version 3
[28] M. Schiffman, B. Pennington, and D. Pollino, Hacker’s Challenge 2 — Test Your Network Security & Forensic Skills. McGraw-Hill, Inc., 2nd Edition, 2002
[29] SecurityFocus, http://www.securityfocus.com
[30] R. Sekar, M. Bendre, D. Dhurjati, P. Bollineni, "A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors," Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on 2001
[31] Sniffer, http://www.sniffer.com/
[32] Snort — The Open Source Network Intrusion Detection System, http://www.snort.org
[33] SATAN, http://www.fish.com/satan/
[34] W. Stallings, Handbook of Computer Communications Standards: The Open Systems Interconnection (OSI) Model and OSI-Related Standards. 2nd Edition, Macmillan, 1990.
[35] tcpdump/libpcap, http://www.tcpdump.org
[36] TW-CERT, http://www.cert.org.tw
[37] W3C, XML Page, http://www.w3.org/XML

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊
 
系統版面圖檔 系統版面圖檔