跳到主要內容

臺灣博碩士論文加值系統

(44.201.97.138) 您好!臺灣時間:2024/09/09 09:07
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:魏川弼
研究生(外文):Chuan-pi Wei
論文名稱:大型網路上的網路監控
論文名稱(外文):Network Monitoring on Large Networks
指導教授:陳嘉玫陳嘉玫引用關係
學位類別:碩士
校院名稱:國立中山大學
系所名稱:資訊管理學系研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:49
中文關鍵詞:安全事件追查阻斷服務攻擊蠕蟲網路監控
外文關鍵詞:NetFlowworm propagationflow profilingnetwork monitoringDoSsecurity forensics
相關次數:
  • 被引用被引用:0
  • 點閱點閱:254
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:3
似乎有越來越多的安全事件持續在網路發生,因此網路管理者必須能夠盡快的找出惡意的流量,以迅速採取有效的對策。管理者為了要監控網路,必須即時的收集流量的相關資訊,不過,通常管理者會發現收集到的資訊不是太不詳細就是過於仔細。傳統上,最常利用的支援 SNMP 的工具,收集到的資料過於簡略。而封包截取工具探究流量內容過於深入,對網路效能會造成影響,尤其在大型網路中會更明顯。
通常將往返於兩個端點主機的一連串流量封包定義為 flow。今日,大部分的網路設備均支援輸出 flow 記錄的功能,能夠有效的提供網路使用和一些服務使用的相關記錄。Flow 似乎在簡略與詳細中取得了平衡。
NetFlow 幾乎已是 flow 技術中的產業標準。在此篇論文中,我們介紹,描述,探討了他的特性,優點,和長處。在網際網中有很多 flow 相關的工具可以自由取得。我們提出了一個架構,以讓管理者可以善加利用 flow 的記錄來有功效及有效率的監控網路。透過實際應用例子的呈現,我們證明了 flow 記錄的善加分析,可以給管理者帶來許多助益。管理者可以利用他們在即時監控,阻斷服務攻擊和蠕蟲的偵測,及追蹤驗證上等等方面。
There seems to be more security events happening on the network nowadays, so the administrators have to be able to find the malicious activities in progress as soon as possible in order to launch effective and efficient countermeasures. The Network administrators need to monitor the networks through collecting real time traffic measurement data on their networks, but they might find that the data gathered seems to be too little or too much detail. SNMP-based tools traditionally adopted most often give too little. However, packet sniffing tools investigate too much, so that the performance is sacrificed, especially on a large network with heavy traffic.
Flows are defined as a series of packets traveling between the two communicating end hosts. Flow profiling functionality is built into most networking devices today, which efficiently provide the information required to record network and application resource utilization. Flow strikes a balance between detail and summary.
NetFlow is the de facto standard in flow profiling. We introduce, describe,and investigate its features, advantages, and strengths. Many useful flow-related tools are freely available on the Internet. A mechanism is proposed to make use of the flow logs to monitor the network effectively and efficiently. Through verification, it is believed that using flow logs can benefit the network administrator so much. The administrators can use them for timely monitoring, DoS and worm propagation detection, forensics et al.
Chapter 1 Introduction 1
1.1 The Threats of Worms 3
1.2 The Threats of DoS Attacks 5
1.3 Motivation 6
Chapter 2 Related Studies 7
2.1 The Spread Pattern of Worms 7
2.2 DoS Attacking Characteristics 9
2.3 SNMP-based Monitoring Tools 10
2.4 Packet-Sniffing Monitoring Tools 12
2.5 Netflow 16
Chapter 3 NetFlow Applications 20
3.1 Timely Monitoring 21
3.2 Network planning 21
3.3 Service monitoring and profiling 22
3.4 Host monitoring and profiling 23
3.5 Detecting DoS Attacks 24
3.6 Detecting Scans 25
3.7 Detecting Worm Propagation 26
3.8 Network Forensics 27
Chapter 4 System Design 29
4.1 System Architecture 29
4.2 Collecting Module 31
4.3 Statistic Analysis 32
4.4 Rule Based Analysis 35
4.5 Forensic Query 36
Chapter 5 Verification 38
5.1 IP Protocols Traffic Monitoring 38
5.2 Service Traffic Monitoring 40
5.3 Intrusion Detection 42
Chapter 6 Conclusions 45
References 47
[1] Tobias Oetiker, Dave Rand. “MULTI ROUTER TRAFFIC GRAPHER”,
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

[2] Jeff R. Allen
http://cricket.sourceforge.net/

[3] Nicholas Weaver. “A Brief History of The Worm”, INFOCUS, SecurityFocus, November 2001.
http://www.securityfocus.com/infocus/1515

[4] CAIDA. “Code-Red Worms: A Global Threat”, CAIDA
http://www.caida.org/analysis/security/code-red/index.xml

[5] CAIDA. ” Code-Red: a case study on the spread and victims of an Internet worm”, 2002 Sigcomm/Usenix Internet Measurement Workshop
http://www.caida.org/outreach/papers/2002/codered/codered.pdf

[6] Andrew Mackie, Jensenne Roculan, Ryan Russell, and Mario Van Velzen., ”Nimda Worm Analysis”, Incident Analysis Report, SecurityFocus, Septemper 2001. http://aris.securityfocus.com/alerts/nimda/010921-Analysis-Nimda-v2.pdf

[7] David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and Nicholas Weaver. ”Inside the Slammer Worm”
http://www.computer.org/security/v1n4/j4wea.htm

[8] Kevin J. Houle, George M. Weaver. “Trends in Denial of Service Attack Technology”, CERT/CC, October 2001
http://www.cert.org.tw/archive/pdf/DoS_trends.pdf

[9] L. Arent, D. MuCullagh, “A Frenzy of Hacking Attacks”. Wired Online, February 2000.
http://www.wired.com/news/business/0,1367,34234,00.html
[10] N.Weaver. “WarholWorms: The Potential for Very Fast Internet Plagues”,
http://www.cs.berkeley.edu/~nweaver/warhol.html.

[11] Staniford, Stuart, Vern Paxson, and Nicholas Weaver. “How to Own the
Internet in Your Spare Time”, Proceedings of the 11th Usenet Security Symposium, San Francisco, CA. 5-9 Aug. 2002. USENIX Association.
http://www.usenix.org/publications/library/proceedings/sec02/full_papers/staniford/staniford.pdf

[12] CERT/CC. “CERT Advisory CA-2001-26 Nimda Worm”, Sept. 2001.
http://www.cert.org/advisories/CA-2001-26.html

[13] Ruby B. Lee ,“Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures”.
http://ww.ee.princeton.edu/~rblee/DoS%20Survey%20Paper_v7final.doc

[14] http://www.mrtg.org

[15] http://www.ntop.org/ntop.html

[16] http://www.tcpdump.org

[17] http://ipaudit.sourceforge.net

[18] Cisco White Paper. “NetFlow Services and Applications”
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.pdf

[19] Cisco, “NetFlow Services Solutions Guide”
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm

[20] Dave Plonka,” FlowScan: A Network Traffic Flow Reporting and Visualization Tool”
http://net.doit.wisc.edu/~plonka/lisa/FlowScan/out.ps.gz

[21] John-Paul Navarro, Bill Nickless, & Linda Winkler - Argonne National Laboratory, “Combining Cisco NetFlow Exports with Relational Database Technology for Usage Statistics, Intrusion Detection, and Network Forensics”

[22] http://www.splintered.net/sw/flow-tools/

[23] http://net.doit.wisc.edu/~plonka/FlowScan/

[24] Daniel W. McRobb, “cflowd configuration”, 1998-1999.
http://www.caida.org/tools/measurement/cflowd/configuration/configuration.html

[25] http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top