(34.201.11.222) 您好!臺灣時間:2021/02/25 13:32
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:杜家豪
研究生(外文):Chia-Hao Tu
論文名稱:整合內部人員資訊提昇網路安全管理之研究
論文名稱(外文):A Study on Network Security Management Improvement with Insider Information
指導教授:傅振華傅振華引用關係
指導教授(外文):Chen-Hua Fu
學位類別:碩士
校院名稱:國防管理學院
系所名稱:國防資訊研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:中文
論文頁數:79
中文關鍵詞:資訊安全網路安全入侵偵測系統內部人員異常偵測機制Snort
外文關鍵詞:Information securityNetwork securityIntrusion detection systemInsiderAbnormality detection schemeSnort
相關次數:
  • 被引用被引用:0
  • 點閱點閱:333
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:72
  • 收藏至我的研究室書目清單書目收藏:0
隨著個人電腦與網路的普及,近幾年來國內外不斷有政府或企業單位傳出遭到駭客入侵植入後門及重要資料遭到竊取的資訊安全事件,當單位面對到資訊安全的課題時,購置資訊安全設備與技術並訂定相關的資訊安全政策,是通常會採取的措施。然而目前的努力大部分聚焦在來自外部的威脅,保護的對象也鎖定在重要主機或重要網段,這樣的做法忽略了單位中內部人員所造成的威脅或是面臨的網路安全風險,因此本研究提出了「整合內部人員資訊的分散式入侵偵測系統」,期望把內部人員納入到資訊安全管理的範圍之內。
本研究的系統架構中,將入侵偵測感應器的配置轉移到內部人員所使用的電腦當中,並於開機時啟動進行偵測,將產生的警告訊息傳送儲存至資料庫伺服器,透過中央管理主機進行檢視。這樣的做法可能造成警告訊息大量增加,但是透過本研究提出的內部人員與攻擊者資訊排序機制,可以從大量警告訊息中過濾出關鍵資訊,讓資訊安全管理人員能夠清楚掌握單位中面臨高度風險或是具有惡意的內部人員名單。最後對系統元件的運作進行測試,驗證系統能否正常運作;並且與目前常見的幾種防護內部人員安全的機制進行比較,找出系統的優缺點。
In the recent years, many organizations suffered information security events caused by hackers; it brings financial expense or even imperils survival of organizations. When organizations meet such an information security issue, they always buy network security productions and consti-tute security policy. But all these methods only focus on external threat from outside, they ignore the threat that caused by insider. So this study proposes the Integrated Insider Information DIDS. With the proposed scheme, information security issues caused by insiders could be initiated and monitored.
The system structure of Integrated Insider Information DIDS is de-scribed as the following. First, it installs the intrusion detection sensor in each personal computer which insiders use. Each intrusion detection sen-sor will detect attack behaviors when computer is started. If the sensor detected an attack behavior, it sends warning messages to the database server. Information security management staff can read these messages with a central management computer. Since many intrusion detection sensors install and generate a lot of warning messages. In order to process the generated warning messages, an insider and attacker information se-quence mechanism is designed to filter warning messages and get key information for information security management staffs to know who suffered a high-risk state or had animosity in an organization. Next, sev-eral test scenarios are executed to verify the functionalities of the pro-posed system. At last, this study also tries to understand the advantages and flaws in the proposed scheme by comparing with other mechanism that can protect insider security.
第一章 緒論
1.1 研究背景與動機
1.2 研究目的
1.3 研究範圍與限制
1.4 論文架構
第二章 文獻探討
2.1 內部人員
2.1.1 內部人員的威脅
2.1.2 造成威脅的內部人員分類
2.1.3 內部人員威脅的嚴重性
2.2 入侵偵測系統
2.2.1 入侵偵測系統分類
2.2.1.1 依據資料收集方式分類
2.2.1.2 依據偵測技術分類
2.2.1.3 依據系統架構分類
2.2.2 入侵偵測系統未來趨勢
第三章 整合內部人員資訊的分散式入侵偵測系統
3.1 傳統入侵偵測
3.1.1 常見網路攻擊行為分析
3.1.1.1 資訊蒐集
3.1.1.2 掃描
3.1.1.3 列舉
3.1.2 傳統入侵偵測系統的配置方式及其缺點
3.2 系統架構
3.3 入侵偵測感應器
3.3.1 Snort元件介紹
3.3.2 規則基本結構
3.3.3 規則的分類
3.4 Snort資料庫內建資料表
3.5 內部人員及攻擊者資料表
3.6 資料庫資訊排序機制
3.6.1 異常偵測機制
3.6.2 建構資訊排序機制
3.6.2.1 內部人員資訊排序機制
3.6.2.2 攻擊者資訊排序機制
3.6.2.3 使用觸發程序(Trigger)實作資訊排序機制
3.7 中央管理主機
第四章 系統測試與成效分析
4.1 系統測試計畫
4.2 系統測試環境
4.3 系統測試時使用的攻擊方式
4.4 資料蒐集與定義門檻值
4.5 想定測試
4.6 成效分析
第五章 結論
參考文獻
附錄一
附錄二
附錄三
中文文獻
[1] 林淑玲、高興宇,「政院示警—中共網軍攻台,國防部也被駭」,中國時報,民國92年9月4日。
[2] 李駿偉、田筱榮、黃世昆,「入侵偵測分析方法評估與比較」,資訊安全通訊,第八卷第二期,21~37頁,民國91年3月。
[3] 李勁頤、陳奕明,「分散式入侵偵測系統研究現況介紹」,資訊安全通訊,第八卷第二期,38~ 61頁,民國91年3月。
[4] George Kurtz, Joel Scambray, Stuart McClure, 尤焙麟譯,“駭客現形第三版:網路安全之秘辛與解決方案”,ISBN: 957-493-641-4, The McGraw-Hill Companies, Inc, 2002.
英文文獻
[5] Nathan Einwechter, “Preventing and Detecting Insider Attacks Using IDS”, March 20, 2002. (Access from: http://www.securityfocus.com/infocus/1558)
[6] Sarah D. Scalet, “How to manage and prevent ‘insider’ attacks”. CIO Security News, June 07, 2002. (Access from: http://www.ciobriefcase.com/articles/2002/0607/insider.attacks/insider.attacks.html)
[7] Steven P. Kipp, “Espionage and the Insider”, SANS Institute 2001, 2001. (Access from: http://www.sans.org/rr/papers/48/426.pdf)
[8] Cisco System, “A Beginner’s Guide to Network Security”, 2001. (Access from: http://www.cisco.com/warp/public/cc/so/neso/sqso/beggu_pl.pdf)
[9] Chris Brenton, Cameron Hunt “Active Defense A Comprehensive Guide to Network Security”, Sybex Inc., 2001, p.6.
[10] John M. Conte, “Cybersecurity: Looking Inward Internal Threat Evaluation”, SANS Institute 2003, May 22, 2003. (Access from: http://www.giac.org/practical/GSEC/John_Conte_GSEC.pdf)
[11] Robert Richardson, “2003 CSI/FBI Computer Crime and Security Survey”, 2003. (Access from: http://www.security.fsu.edu/docs/FBI2003.pdf)
[12] Brian Caswell, “Snort 2.0 Intrusion Detection”, ISBN: 1-931836-74-4, Syngress Publishing, Inc., 2003.
[13] J. P. Anderson, “Computer security threat monitoring and surveil-lance, ”Technical Report, James P. Anderson Co., Fort Washington, PA, 1980. (Access From: http://csrc.nist.gov/publications/history/ande80.pdf)
[14] D. E. Denning, “An Intrusion-detection Model, ”IEEE Trans. Soft. Eng., Vol. SE-13, No. 2., Feb. 1987, pp. 222-232.
[15] Constantine Manikopoulos, Symeon Papavassiliou, “Network Intru-sion and Fault Detection: A Statistical Anomaly Approach”, IEEE Communications Magazine, October 2002, pp. 76-82.
[16] Susan C. Lee, David V. Heinbuch, “Training a Neural-Network Based Intrusion Detector to Recognize Novel Attacks”, IEEE Trans-actions on Systems, Man, and Cybernetics—Part A: Systems and Humans, Vol. 31, No. 4, July 2001, pp. 294-299.
[17] Koral Ilgun, Richard A. Kemmerer, Phillip A. Porras, “State Transi-tion Analysis: A Rule-Based Intrusion Detection Approach”, IEEE Transaction on Software Engineering, Vol.21, No.3, March 1995
[18] Yan Qiao, Xie Weixin, “A Network IDS with Low False Positive Rate”, IEEE, 2002.
[19] Yuebin Bai, Hidetsune Kobayashi, “Intrusion Detection Systems: Technology and Development”, Proceedings of the 17th International Conference on Advanced Information Networking and Applications (AINA ‘03), 2003.
[20] R. Durst, T. Champion, B. Witten, E. Miller, L. Spagnuolo, “Testing and evaluating computer intrusion detection systems”, Communica-tions of the ACM, 42(7), 1999, pp. 53-61.
[21] N. Puketza, K. Zhang, M. Chung, B. Mukherjee, R. A. Olsson, “A methodology for testing intrusion detection systems,'''' IEEE Transac-tions on Software Engineering, 22, 1996, pp. 719-729.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔