(3.238.130.97) 您好!臺灣時間:2021/05/15 14:31
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

: 
twitterline
研究生:黃志雄
研究生(外文):Chih-Shiung Huang
論文名稱:整合代理人入侵偵測系統與陷阱誘捕系統之研究
論文名稱(外文):The Study of the Integration of Agent-based Intrusion Detection System and Deception System
指導教授:王智弘王智弘引用關係
指導教授(外文):Chih-Hung Wang, Ph. D.
學位類別:碩士
校院名稱:國立嘉義大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:中文
中文關鍵詞:代理人入侵偵測系統陷阱誘捕系統網路安全
外文關鍵詞:Agent-based Intrusion Dectection SystemDeception SystemNetwork Security
相關次數:
  • 被引用被引用:4
  • 點閱點閱:239
  • 評分評分:
  • 下載下載:53
  • 收藏至我的研究室書目清單書目收藏:0
現今的網路入侵行為已漸趨複雜與多變,單一的防衛設備如防火牆已不足以保護網路的安全。近年來提出的入侵偵測系統 (Intrusion Detection System; IDS),主要能夠發現可疑的攻擊,並對系統管理者發出警告,因此對於網路提供了更堅實的保護。然而,系統管理者卻常因為IDS 的高誤報率而十分困擾。經常許多正常的連線卻被警告為攻擊事件。而許多潛在未知的攻擊行為卻無法被IDS 偵測出來。因此,我們提出一個整合代理人入侵偵測系統(Agent-based Intrusion Detection System)與陷阱誘捕系統(Deception System)的安全防禦機制,解決傳統IDS長期以來存在的問題。
基於入侵攻擊者可能從不同的網路區段執行各式各樣性質的攻擊或嘗試,因此,整合IDS與陷阱誘捕系統之資訊將協助我們作全面性的分析。我們的作法是,針對Honeyd原始資料依照攻擊特徵作分析,將這些資訊送往AIDS作為輔助資訊以調整參數之門檻值(Threshold)使其能提早偵測出攻擊,以達到即時偵測的效果。由於我們提供了一個多層次之偵測環境,因此讓這些網路安全的設備能夠發揮最大之功能。

Currently, the intrusion behavior in the network has become more and more complicated and diverse. The conventional network defense which uses a single device, such as firewall, is not enough to safeguard the network against the various threats. Intrusion detection system proposed recently can help the administrator to detect the suspicious behaviors and alarms, so that the network communication can be protected more robustly. However, the system administrator is usually in trouble over the false alarms of IDS. Many valid connections are regarded as attack events, while many potential unknown-attacks cannot be detected by IDS. For this reason, we propose a better solution which integrates agent-based intrusion detection system and deception system to overcome the critical problems of the traditional IDS.
Since the intruders can perform a variety of attacks in different network sections, the integration of IDS and deception system will help us make a full-scale analysis. In our way, we analyze the raw data of the attack features in Honeyd are analyzed. The analyzing results will be transmitted to AIDS such that AIDS can use them to adjust threshold values and discover the potential attacks in advance. We also provide a nice solution to enhance the detection performance and security in the network by adopting multilevel checking systems.

中文摘要……… i
英文摘要 ii
誌謝….. iii
第一章 導論 1
1.1 研究動機 1
1.2 研究目的 2
1.3 論文架構 3
第二章 相關研究 4
2.1 入侵偵測系統 (Intrusion Detection System) 4
2.1.1 網路型入侵偵測系統(Network-based IDS) 5
2.1.2 主機型入侵偵測系統(Host-based IDS) 6
2.1.3 異常偵測 (Anomaly Detection) 6
2.1.4 誤用偵測 (Misuse Detection) 7
2.1.5 混合偵測 (Hybrid Detection) 7
2.2 網路型入侵偵測系統(Network-based IDS)─Snort 8
2.3 False Positive與其他問題 9
2.4 分散式入侵偵測系統 (Distributed IDS) 11
2.4.1 區網監控器(LAN Monitor) 12
2.4.2 主機監控器(Host Monitor) 12
2.4.3 分散式入侵偵測系統控制器(DIDS Director) 13
2.4.4 分散式入侵偵測系統的分析 14
2.5 代理人入侵偵測系統 (Agent-based IDS) 15
2.6 誘捕系統 (Deception System) 17
2.7 網路攻擊探討 22
2.7.1 掃描(Scanning)和刺探(Probing) 22
2.7.1.1 利用ICMP 23
2.7.1.2 損毀IP標頭 23
2.7.1.3 在IP標頭中使用無效的欄位 24
2.7.1.4 濫用碎片(Fragmentation) 24
2.7.1.5 UDP偵測法 24
2.7.2 分散式阻斷服務攻擊(DDoS) 25
2.7.2.1 散佈方式 26
2.7.2.2 設計原理 28
2.7.2.3 分散式阻斷服務攻擊工具探討 30
第三章 代理人入侵偵測系統與誘捕系統之整合 32
3.1 系統架構 32
3.2 系統設定 34
3.3 資料分析 35
3.4 Honeyd上的Scan和Probing 38
3.4.1 Scan和Prob的偵測與反制 40
3.5 Honeyd上的DDoS 43
3.5.1蠕蟲─Linux.slapper.worm 45
3.5.1.1 散佈方式與感染主機的辨識 45
3.5.1.2 DDoS的偵測與反制 46
3.5.2 Omega v3beta 47
第四章 實驗與分析 50
4.1 掃描與刺探 50
4.2 分散式阻斷服務攻擊 54
4.3 整合Honeyd之優點 56
第五章 結論與未來工作 57
參考文獻 58
附錄A: MyScan.pm 程式碼 63
附錄B:MyProb.pm程式碼 66
附錄C:MyDDoS.pm程式碼 69
[1] R. Baumann and C. Plattner. Honeypots. Diploma Thesis in Computer Science, Feb. 2002.
[2] J.S. Balasubramaniyan, J.O. Garcia-Fernandez, D. Isacoff, E. Spafford and D. Zamboni. An Architecture for Intrusion Detection using Autonomous Agents. CERIAS Technical Report 98/05, Jun. 11, 1998.
[3] S.M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Reprinted from Computer Communication Review. vol.19, pp. 32-48, Apr. 1989.
[4] M.C. Bernardes and E.S. Moreira. Implementation of an Intrusion Detection System Based on Mobile Agents. IEEE International Symposium on Software Engineering for Parallel and Distributed Systems, Jun. 2000.
[5] D. Burroughs, L. Wilson and G. Cybenko. Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods. In Proceedings of IEEE International Performance Computing and Communications Conference, Apr. 2002.
[6] M. Bykova, S. Ostermann and B. Tjaden. Detecting Network Intrusions via a Statistical Analysis of Network Packet Characteristics. 33rd Southeastern Symposium on System Theory (SSST 2001), Ohio University, Mar. 18-20, 2001.
[7] M. Bykova and S. Ostermann. Statistical Analysis of Malformed Packets and Their Origins in the Modern Internet. 2nd Internet Measurement Workshop (IMW 2002), Nov. 2002.
[8] C.J. Coit, S. Staniford and J. McAlerney. Towards faster string matching for intrusion detection or exceeding the speed of Snort. In Proceedings of DARPA Information Survivability Conference and Exposition II pp:367-373, 2001.
[9] M. Crosbie and G. Spafford. Defending a Computer System using Autonomous Agents. TR No.95-022, Mar. 1994.
[10] S. Dietrich, N. Long and D. Dittrich. Analyzing Distributed Denial of Service Tools: The Shaft Case. In Proceedings of the 14th Systems Administration Conference(LISA 2000), Dec. 3-8, 2000.
[11] S. Egorov and G. Savchuk. SNORTRAN: An Optimizing Compiler for Snort Rules. Fidelis Security Systems, Inc. 2002.
[12] W.M. Farmer, J.D. Guttman and V. Swarup. Security for Mobile Agents: Issues and Requirements. In Proceedings of the 19th National Information Systems Security Conference, pp: 591-597, 1996.
[13] R. Gopalakrishna and E.H. Spafford. A Framework for Distributed Intrusion Detection using Interest Driven Cooperating Agent. Paper for Qualifier II examination, Department of Computer Sciences, Purdue University, May. 2001.
[14] R.S. Gray, G. Cybenko, D. Kotz, R.A. Peterson and D. Rus. D'Agents: Applications and performance of a mobile-agent system. Software: Practice and Exper. Vol.32, pp:543-573, 2002.
[15] W. Jansen, P. Mell, T. Karygiannis and D. Marks. Applying Mobile Agents to Intrusion Detection and Response. NIST IR-6416, Oct0. 1999.
[16] C. Krugel and T. Toth. Applying Mobile Agent Technology to Intrusion Detection. In 10th IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE Computer Society Press, USA, Jun. 2001.
[17] R.A. Kemmerer and G. Vigna. Intrusion Detection: A Brief History and Overview. IEEE Computer Special Issue on Security and Privacy, pp:27-30, Apr. 2002.
[18] J. Levine, R. LaBella, H. Owen, D. Contis and B. Culver. The Use of Honeypots to Detect Exploited Systems Across Lagre Enterprise Networks. In Proceedings of the 2003 IEEE Workshop on Information Assurance, Jun. 2003.
[19] U. Lindqvist and P.A. Porras. Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp:146-161, May. 1999.
[20] C. McNab. Network Security Assessment Chapter 4: IP Network Scanning. O’Reilly, Mar. 2004.
[21] P. Mell, D. Marks and M. McLarnon. A denial-of-service resistant intrusion detection architecture. Computer Networks, vol.34, pp:641-658, 2000.
[22] J. Mirkovic, J. Martin and P. Reiher. A Taxonomy of DDoS Attacks and DDoS Defense Mechanism. UCLA CSD Technical Report CSD-TR-020018, 2001.
[23] S. Moore, G. Voelker and S. Savage. Inferring Internet Denial of Service Activity. In Proc. Usenix Security Symposium 2001.
[24] S. Patton, W. Yurcik and D. Doss. An Achilles’in Signature-Based IDS: Squealing False in SNORT. Fourth International Symposium on Recent Advances in Intrusion Detection (RAID 2001).
[25] N. Provos. Honeyd: A Virtual Honeypot Daemon(Extended Abstract). 10th DFN-CERT Workshop, Hamburg, Germany, Feb. 2003.
[26] M. Roesch. Snort—Lightweight Intrusion Detection for Network. In Proceedings of LISA 1999:13th System Administration Conference, Nov. 7-12, 1999.
[27] C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram and D. Zamboni. Analysis of a Denial of Service Attack on TCPProceedings of the 1997 IEEE Symposium Security and Privacy.[28] B. Scottberg, W.Yurcik and D. Doss. Internet Honeypots: Protection or Entrapment. IEEE International Symposium on Technology and Society (ISTAS), Raleigh, NC USA, Jun. 2002.
[29] S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, L.T. Heberlein, C.L. Ho, K.N. Levitt, B. Mukherjee, S.E. Smaha, T. Grance, D.M. Teal and D. Mansur. DIDS(Distributed Intrusion Detection System) — Motivation, Architecture, and An Early Prototype. In Proceedings of the 14th National Computer Security Conference, 1991.
[30] S.R. Snapp, J.Brentano, G.V. Dias, T.L. Goan, T. Grance, L.T. Heberlein, C.L. Ho, K.N. Levitt, B. Mukherjee, D.L. Mansur, K.L. Pon and S.E. Smaha. A system for Distributed Intrusion Detection. In COMPCOM Spring '91 Digest of Papers, pp:170-176, Feb/Mar. 1991.
[31] E.H. Spafford and D. Zamboni. Intrusion detection using autonomous agents. Computer Network, vol 34, pp547-570, Oct, 2000.
[32] E.H. Spafford and D. Zamboni. A framework and prototype for a distributed intrusion detection system. COAST TR 98/06, Jun. 26, 1998.
[33] N. Weiler. Honeypots for Distributed Denial of Service Attacks. In Proceedings of IEEE WET ICE Workshop on Enterprise Security 2002, Pitsburgh, USA, Jun. 2002.
[34] D. Zamboni and M. Tripunitara. AAFID2 Users Guide. Sep. 7, 1999.
[35] R. Zhang, D. Qian, C. Bao, W. Wu and X. Guo. Multi-agent Based Intrusion Detection Architecture. Proceedings of ICCNMC01, Oct. 2001.
[36] 尤培麟譯. Linux駭客現形─Linux安全之秘辛與解決方案初版. 麥格羅‧希爾國際出版公司, 2001.
[37] O. Arkin. ICMP Usage in Scanning Version 2.5 Chapter 3. http://www.sys-security. com/archive/papers/ICMP_Scanning_v2.5.pdf. Dec. 2000.
[38] CERT Advisory CA-2002-23:Multiple Vulnerabilities In OpenSSL. http://www. cert.org/advisories/CA-2002-27.html.
[39] N. Desai. Increasing Performance in High Speed NIDS. http://www.cis.udel.edu /~zhi/www.docshow.net/ids/Increasing_Performance_in_High_Speed_NIDS.pdf.
[40] F-Secure Virus Description : Slapper. http://www.f-secure.com/v-descs/slapper. shtml.
[41] J.Gelinas. The Omega Distributed Denial of Service Tool. http://packetstormsecur ity.org/distributed/omegav3.tgz.
[42] Honeyd. http://www.citi.umich.edu/u/provos/honeyd/.
[43] A. K. Jones and R. S. Sielken. Computer System Intrusion Detection: A Survey.http://www.cs.Virginia.edu/~jones/IDS-research/Documents/jones-sielken-survey-v11.pdf.
[44] S. Joseph. Why Autonomy Makes the Agent. http://citeseer.nj.nec.com/ joseph01 why.html.
[45] Know your Enemy: Honeynets. http://project.honeynet.org/.
[46] L.Spitzner. Honeypots: Definitions and Value of Honeypots. http://www.enteract. com/~lspitz/honeypot.html.
[47] L. Spitzner. To Build a Honeypot. http://www.spitzner.net/honeypot.html.
[48] L. Spitzner. Open Source Honeypots, Part Two : Deploying Honeyd in the Wild. http://www.securityfocus.com/infocus/1675, Mar 12, 2003.
[49] L. Spitzner. Open Source Honeypots: Learning with Honeyd. http://www.securityfocus.com/infocus/1659, Jan. 20, 2003.
[50] Vulnerability Note VU#102795. http://www.kb.cert.org/vuls/id/102795.
[51] J. Werrett. Implementing and testing an Intrusion Detection Honeypot. http://www.csse.uwa.edu.au/~werrej01/docs/honeypot.pdf, Jun. 2, 2003.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 胡幼慧、林芸芸、吳肖琪(1990),台灣地區社會流行病學之分佈六項死因之小區域分析,人口學刊,13,83-106。
2. [2]王宏文, “淺談表面聲波感測器”,工業材料-精密陶瓷專輯,第89期83年5月,p44~p45.
3. 林芸芸(1982),健康指標之探討,公共衛生,9(3),271-280。
4. 李怡娟(1988),護理對於老人健康政策的重要性.護理雜誌,45,16-20。
5. 吳就君(1981),台灣地區居民社會醫療行為研究,公共衛生,8(1),25-49。
6. 王廷輔(1990),台中地區居民中西醫療行為取項之研究,公共衛生,17,21-33。
7. 陳菊(1998),談台北市獨居老人照顧方案,社區發展季刊,83,20-25。
8. 陳肇男(1993),台灣地區鰥寡老人之居住安排,中國社會學刊,17,163-179。
9. 陳燕禎(1998),老人社區照顧—關懷獨居老人具體做法,社區發展季刊38,244-254。
10. 詹火生(1987),老人福利需求研究的回饋與展望,科學發展月刊,11(12), 1625- 1632。
11. 蔡秀欣、陳美戎、蔡芸芳(2001),九二一地震災區某鄉村獨居人憂鬱症及其相關因素之探討,慈濟醫學,13,169-175。
12. 蔡秀美(1995),由身心保健與醫療照護談兩性的健康.婦女與兩性學刊,6,1-23。
13. 蔡秀美(1995)•由身心保健與醫療照護談兩性的健康,婦女與兩性學刊,6,1-23。
14. 關華山(1994),台灣老人的居住安排與住宅問題,建築學報,11,53-72。