跳到主要內容

臺灣博碩士論文加值系統

(100.28.0.143) 您好!臺灣時間:2024/07/18 05:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:修丕承
研究生(外文):Pi-Cheng Hsiu
論文名稱:情境導向之攻擊偵測與分析
論文名稱(外文):Scenario-Based Threat Detection and Analysis
指導教授:郭大維郭大維引用關係
指導教授(外文):Tei-Wei Kuo
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:34
中文關鍵詞:攻擊分析入侵偵測系統攻擊偵測
外文關鍵詞:intrusion detection systemattack analysisthreat detection
相關次數:
  • 被引用被引用:0
  • 點閱點閱:165
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
這篇論文的目的在於討論入侵偵測系統 (intrusion detection system) 設計中的兩個基本問題:規則挑選的最佳化 (rule-firing optimization) 以及攻擊分析 (attack analysis)。 我們提出了情境導向 (scenario-based) 的方法來建立攻擊封包間的關連性,進而聰明地挑選偵測攻擊的規則。針對規則挑選 (rule selection) 和攻擊手法鑑別 (attack scenario identification) 分別提出了演算法。在這篇論文
中,我們以閘道 (gateway) 和網際網路伺服器 (web server) 應用上潛在的攻擊 (threats) 為例子。 並且以Snort為基礎,實作一套入侵偵測系統來實踐我們所提出來的演算法。實驗結果證實我們所提出的方法提升了入侵偵測系統的效能,並且增加了攻擊手法鑑別的能力。
This thesis targets two essential issues in
intrusion detection system designs: the optimization of rule
selection and the attack discovery in attack analysis. A
scenario-based approach is proposed to correlate malicious packets
and to intelligently select intrusion detection rules to fire. We
propose algorithms for rule selection and attack scenario
identification. Potential threats and their relationship for a
gateway and web-server applications are explored as an example in
the study. The proposed algorithms are implemented over Snort, a
signature-based intrusion detection system, for which we have some
encouraging performance evaluation results.
Contents
1 Introduction 1
2 System Architecture 3
2.1 Common Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 Gateways and Web-Server Applications . . . . . . . . . . . . . . . . . . . 3
3 Threat Detection and Attack Analysis - A Scenario-Based Approach 6
3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Threat Dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.1 Threats and Their Dependency Relationship . . . . . . . . . . . . 7
3.2.2 A Dependency Graph of Threats . . . . . . . . . . . . . . . . . . 10
3.3 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3.1 Problem De‾nitions . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3.2 Threat Detection: Rule Firing Optimization . . . . . . . . . . . . 13
3.3.3 Attack Analysis: Subsequence Identi‾cation . . . . . . . . . . . . 17
4 Implementation 20
4.1 Introduction to Snort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2 Implementation Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.2.1 Rules and Classtypes . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.2.2 Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.3 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.3.1 Setup Environment . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.3.2 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . 25
5 Conclusion 31
Bibliography 32
Bibliography
[1] Analysis Console for Intrusion Databases. http://www.cert.org/kb/acid/.
[2] CERT Coordination Center. http://www.cert.org.
[3] fwlogwatch. http://fwlogwatch.inside-security.de/.
[4] GUN General Public License. http://www.gnu.org/licenses/licenses.html.
[5] Hping. http://www.hping.org/.
[6] Iperf. http://dast.nlanr.net/Projects/Iperf/.
[7] Nessus. http://www.nessus.org/.
[8] Snort. http://www.snort.org/.
[9] Source‾re Network Security. http://www.sourcefire.com/.
[10] Track Attack. http://trackattack.sourceforge.net/.
[11] Trusted computer systems evaluation criteria. Technical report, Department of
Defense, United States of America, December 1985.
[12] Information technology security evaluation criteria, version 1.2. Technical report,
O±ce for O±cial Publications of the European Communities, June 1991.
[13] Canadian trusted computer product evaluation criteria. Technical report, Canadian
System Security Centre, Communications Security Establishment, Government of
Canada, January 1993.
[14] Federal criteria for information technology security, draft version 1.0. Technical
report, National Institute of Standards and Technology, National Security Agency,
January 1993.
32
[15] Common criteria for information technology security evaluation, version 2.1. Tech-
nical report, August 1999.
[16] Persona 5.0 security target. Technical report, Esker, Inc., December 2002.
[17] J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner. State of
the practice of intrusion detection technologies. Technical report, Carnegie Mellon
University Software Engineering Institute, January 2000.
[18] B. Caswell and J. Hewlett. Snort User Manual 2.1.2. Source‾re, March 2004.
[19] J. Chirillo. Hack Attacks Revealed. John Wiley & Snos, Inc., 2001.
[20] D.E. Denning. An intrusion detection model. In IEEE Transactions on Software
Engineering, February 1987.
[21] K. V. Dolan, P. A. Wright, and R. R. Montequin. U.s. department of defense
application-level ‾rewall protection pro‾le for medium robustness environments,
version 1.0. Technical report, June 2000.
[22] K. V. Dolan, P. A. Wright, R. R. Montequin, B. Mayer, L. Gilmore, and C. Hall.
U.s. department of defense tra±c-‾lter ‾rewall protection pro‾le for medium ro-
bustness environments, version 1.4. Technical report, National Security Agency
and SPARTA, May 2000.
[23] S. Egorov and G. Savchuk. Snortran: An optimizing compiler for snort rules. Tech-
nical report, Fidelis Security System, Inc., October 2002.
[24] B. Galbraith, W. Hankison, A. Hiotis, M. Janakiraman, Prasad D. V., Ravi Trivedi,
and D. Whitney. Professional Web Services Security. Wrox Press, 2002.
[25] R. Hirschfeld. Three-tier distribution architecture. In Third Annual Conference on
the Pattern Languages of Programs (PLoP), September 1996.
[26] H. S. Javits and A. Valdes. The sri statistical anomaly detector. In The 14th
National Computer Security Conference, October 1991.
[27] C. Kruegel, F. Valeur, G. Vigna, and R. Kemmerer. Stateful intrusion detection
for high-speed networks. In 2002 IEEE Symposium on Security and Privacy, May
2002.
33
[28] B. Laing. How to guide-implementing network based intrusion detection system.
Technical report, 2000.
[29] W. Lee and S. Stolfo. Data mining approaches for intrusion. In The 7th USENIX
Security Symposium, January 1998.
[30] W. Lee, S. Stolfo, and K. Mok. A data mining framework for building intrusion
detection models. In 1999 IEEE Symposium on Security and Privacy, May 1999.
[31] B. Lewis and D. Berg. Multithreaded Programming with Pthreads. Sun Microsystems
Press, 1998.
[32] N. Nannman. Gilian g-server version 2.5 security target. Technical report, Gilian
Technologies Inc., July 2003.
[33] M. Norton and D. Roelker. Snort 2.0 rule optimizer. Technical report, Source‾re,
Inc., February 2003.
[34] T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding
network intrusion detection. Technical report, Secure Networks, Inc., January 1998.
[35] M. Roesch. Snort-lightweight intrusion detection for network. In LISA ''99: 13th
Systems Administration Conference, November 1999.
[36] D. Sadoski and S. Comella-Dorda. Three tier software architectures. February 2000.
http://www.sei.cmu.edu/str/descriptions/threetier_body.html.
[37] R. Sedgewick. Algorithms in C: Fundamentals, Data Structures, Sorting, Searching.
Addison-Wesely Publish Company, 1997.
[38] W. R. Stevens. TCP/IP Illustrated, Volume 1: The Protocols. Addison Wesley,
1994.
[39] V.Paxson. End-to-end internet packet dynamics. In ACM SIGCOMM ''97, Septem-
ber 1997.
[40] C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system
calls: Alternative data models. In 1999 IEEE Symposium on Security and Privacy,
May 1999.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top