跳到主要內容

臺灣博碩士論文加值系統

(44.192.38.248) 您好!臺灣時間:2022/11/30 06:21
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳俊利
研究生(外文):Chun-Li Chen
論文名稱:以類神經網路為基礎之網路入侵偵測系統
論文名稱(外文):A Study on Network Intrusion Detection System Based on Neural Network
指導教授:周義昌
指導教授(外文):I-Chang Jou
學位類別:碩士
校院名稱:國立高雄第一科技大學
系所名稱:電腦與通訊工程所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:中文
論文頁數:108
相關次數:
  • 被引用被引用:0
  • 點閱點閱:102
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
摘 要
在目前電子商務盛行的環境下,公司內部的資訊皆可透過網際網路來存取,
早已成為人們不可缺少的溝通方式,也是目前最常用的網路活動,同時也是最常
遭受攻擊的服務類型,加上網路攻擊手法日新月異、弱點資訊容易取得、系統管
理者未能及時修補漏洞、後門程式⋯等各種因素;造成目前諸多攻擊手法可以很
容易的被實現。尤其是分散阻絕服務攻擊不僅一般的網站無法解決,連著名的網
站也同樣無法避免,攻擊者瞬間的動作,往往令企業損失慘重,目前兩岸、中美
間的資訊戰也正在不斷的進行中,因此可以了解資訊安全所帶來影響之大。
然而多數的入侵偵測系統是以入侵特徵規則作為偵測條件,僅能對已知的弱
點作有效的偵測,除對於新式攻擊無法作立即偵測及預防外,更無法適時偵測出
因協定缺失或網站內因本身服務程式(ex:ie、iis...)之設計缺失所導致之資料外洩或
是更改等問題。且一般性的入侵偵測系統用在入侵偵測時,所收集到的資料中大
部分皆為二進制機器碼,在與入侵的指令及資料做樣本(Pattern)比對時,由於龐
大的資料量常常造成系統的負擔,更造成無法即時判斷入侵行為及發生未更新誤
判等情形。因此本研究採用以異常偵測的技術為基礎,利用自組織映射圖學習正
常行為的特徵,找出異於正常行為的入侵行為,期使能夠解決需定期更新規則庫
才能偵測出新的攻擊手法之問題。為了使入侵偵測系統可以達到即時偵測,且可
以藉由工作減量使系統本身的負荷量減少;而要讓入侵偵測系統工作減量,則在
特徵選取方面去改善,可以減少用來偵測入侵的資料。本研究中提出了網路型架
構的入侵偵測系統,並且以異常偵測的方法利用自組織映射圖選取所需特徵,學
習正常行為,進而找出異常於正常行為的攻擊,因此不但減少資料量,在未來如
有新的攻擊手法出現時,只要其行為偏離正常行為特徵,可以有效的偵測出來。
由實驗結果分析顯示,以異常偵測方法為基礎的SOM,具備學習正常行為特徵的
能力,能有效解決目前商業化以特徵patten比對技術,需不斷更新規則資料庫才
能檢測出新的攻擊手法,無法達到及時性的問題,並且可以減少用來偵測入侵的
資料,使系統的負荷量減少。以提高網路對攻擊和錯誤即時判斷的能力,使安全
措施的實施及維護更加有效。
ABSTRACT
In the e-business environment, business information is stored in computer and

accessed through the Internet . That has become the new way of communication today and
is the most attack service of network . Besides the known vulnerabilities, more
application-level web securities have been exploited recently, such as parameter tampering,
application buffer overflow, and backdoor program etc. Unfortunately, they can’t be
detected by traditional intrusion detection system effectively. Thus, distributed denial of
service attack not only successful on ordinary company, but also the well - known
company such as eBay.com . The attacker’s click action will make the business lost much
transaction . The impact of information security will more serious such as the war of
information.
However,when applying a regular intrusion detection system, most data collected was
binary machine code. When matching legal command pattern and data with this extremely
unintelligible binary code, huge data often burdens the system, unable to detect intrusion
behavior in real time, and creates regularly incorrect detections. In this study, we proposed
an intrusion detection system which is running on network-based with anomaly detecting
techniques used by self-organizing map(SOM) method.This method is to extract the
features of normal behaviors in order to distinguish with the abnormal behavior like
intrusion or attack. This method also can reduce the overloading of the intrusion detection
system and let intrusion detection system real-time detection. Unlike other techniques, our
method needs not to be updated regularly. Therefore, our proposed system could insure the
safety against intrusion in realtime and maintain easily.
目錄
中文摘要...........................................................................................................I
英文摘要..........................................................................................................II
誌謝.................................................................................................................III
目錄.................................................................................................................IV
表目錄..........................................................................................................VIII
圖目錄..............................................................................................................X
壹、緒論............................................................................................................1
1.1研究背景.............................................................................................1
1.2 研究動機...........................................................................................1
1.3 研究目的...........................................................................................2
1.4 論文架構...........................................................................................2
貳、 網路入侵行為探討..............................................................................3
2.1 網路攻擊趨勢..................................................................................4
2.1.1 自動化....................................................................................4
2.1.2 入侵工具更加複雜化..........................................................4
2.1.3 發現系統漏洞的速度加快..................................................5
2.1.4 增加對防火牆的滲透能力.................................................5
2.1.5 分散式攻擊威脅的增加......................................................6
2.1.6 對網路基礎設備的攻擊威脅增加.....................................6
2.2 攻擊手法簡介..................................................................................6
2.2.1 DoS 攻擊................................................................................6
2.2.2 DDoS 攻擊..............................................................................7
2.2.3 暴力入侵..................................................................................8
2.2.4 網路監聽................................................................................8
2.2.5 離線猜測.................................................................................8
2.2.6 主機掃描................................................................................8
2.2.7 主機假冒................................................................................8
參、網路入侵偵測系統探討.........................................................................10
3.1 入侵偵測系統之定義....................................................................10
3.2 入侵偵測系統分類........................................................................10
3.2.1主機型入侵偵測系統...........................................................11
3.2.1.1主機型入侵偵測系統之優點...................................11
3.2.1.2主機型入侵偵測系統之限制...................................12
3.2.2網路型入侵偵測系統...........................................................12
3.2.2.1網路型入侵偵測系統主要優點...............................12
3.2.2.2網路型入侵偵測系統之限制...................................13
3.2.3 誤用偵測..............................................................................13
3.2.3.1 誤用偵測概念........................................................13
3.2.3.2 誤用偵測的優點...................................................13
3.2.3.3 誤用偵測的缺點...................................................13
3.2.4. 異常偵測.............................................................................14
3.2.4.1 異常偵測的概念...................................................14
3.2.4.2 異常偵測的優點....................................................14
3.2.4.3 異常偵測的缺點...................................................14
肆、入侵偵測分析方法探討......................................................................16
4.1 統計分析.........................................................................................16
4.1.1 Argus統計分析技術.............................................................16
4.1.2 SPADE統計分析技術..........................................................17
4.2 類神經網路....................................................................................17
4.2.1 倒傳遞類神經分析技術....................................................18
4.2.2 自組映射圖類神經分析技術............................................18
4.3 FIRE模糊理論分析技術.................................................................18
4.4 有限狀態機.....................................................................................18
4.5 Bayesian Network.............................................................................19
4.6 Rule-based.........................................................................................19
4.7 本研究學習機制探討....................................................................20
伍、入侵偵測之模擬及評估.......................................................................24
5.1 系統架構.........................................................................................24
5.2 入侵偵測資料轉換模組...............................................................26
5.2.1 記錄格式轉換....................................................................26
5.2.2 建立ACCESS資料庫.........................................................27
5.2.3 將封包資料轉換為輸入向量...........................................29
5.2.4 存成輸入向量檔.................................................................31
5.3 入侵偵測分析模組........................................................................32
5.3.1 入侵偵測訓練.....................................................................32
5.3.2 入侵偵測網路回想測試....................................................41
5.3.2.1 入侵偵測網路內部測試操作..............................42
5.3.2.2 入侵偵測網路外部測試操作..............................43
5.4 網路型入侵偵測實驗....................................................................44
5.5 入侵偵測之模擬結果與評估.......................................................53
陸、結論.........................................................................................................54
6.1 結論..................................................................................................54
6.2未來發展方向...................................................................................55
參考文獻.........................................................................................................56
附錄一.............................................................................................................58
表目錄
表一、輸出收斂加權值................................................................................36
表二、實驗一參數值....................................................................................45
表三、實驗一內部測試.................................................................................46
表四、實驗一外部測試...............................................................................46
表五、實驗二參數值...................................................................................47
表六、實驗二內部測試................................................................................48
表七、實驗二外部測試.................................................................................48
表八、實驗三參數值....................................................................................49
表九、實驗三內部測試.................................................................................50
表十、實驗三外部測試.................................................................................50
表十一、實驗四參數值................................................................................51
表十二、實驗四內部測試............................................................................52
表十三、實驗四外部測試............................................................................52
表十四、模擬結果評估表...........................................................................53
表十五、實驗一輸出收斂加權值...............................................................62
表十六、實驗二輸出收斂加權值................................................................78
表十七、實驗三,四訓練資料......................................................................90
表十八、實驗三,四測試資料......................................................................90
表十九、實驗三,四輸出收斂加權值........................................................105
圖目錄
圖3.1 入侵偵測系統分類架構圖...............................................................11
圖3.2 誤用偵測與異常偵測.......................................................................15
圖4.1 產生Profile 表示圖...........................................................................17
圖4.2 狀態轉換圖........................................................................................19
圖4.3 二維陣列 SOM 模型.......................................................................21
圖5.1 系統架構.............................................................................................25
圖5.2 記錄格式轉換....................................................................................26
圖5.3 利用VB開發轉換介面程式建立資料庫.........................................27
圖5.4 開發程式將封包欄位建立ACESS資料...........................................28
圖5.5 利用本研究開發的VB轉換介面程式產生SOM輸入向量...........30
圖5.6 讀入訓練資料檔................................................................................33
圖5.7 設定網路初始參數............................................................................34
圖5.8 學習循環至網路收斂.......................................................................35
圖5.9 讀取網路收斂所儲存結果weight.txt檔...........................................41
圖5.10 內部測試...........................................................................................42
圖5.11 外部測試...........................................................................................43
圖5.12 實驗一訓練資料轉檔資料庫.........................................................58
圖5.13 實驗一訓練......................................................................................59
圖5.14 實驗一內部測試..............................................................................60
圖5.15 實驗一外部測試..............................................................................61
圖5.16 實驗二訓練資料.............................................................................74
圖5.17 實驗二訓練......................................................................................75
圖5.18 實驗二內部測試..............................................................................76
圖5.19 實驗二外部測試..............................................................................77
圖5.20 實驗三,四訓練資料轉換................................................................91
圖5.21 實驗三,四轉檔資料庫....................................................................92
圖5.22 實驗三,四訓練資料轉換................................................................93
圖5.23 實驗三,四轉檔資料庫....................................................................94
圖5.24 實驗三,四訓練資料轉換................................................................95
圖5.25 實驗三,四轉檔資料庫....................................................................96
圖5.26 實驗三,四資料訓練.........................................................................97
圖5.27 實驗三內部測試..............................................................................98
圖5.28 實驗三外部測試資料庫.................................................................99
圖5.29 實驗三外部測試............................................................................100
圖5.30 實驗四內部測試............................................................................101
圖5.31 實驗四外部測試資料轉檔...........................................................102
圖5.32 實驗四外部測試資料庫...............................................................103
圖5.33 實驗四外部測試............................................................................104
參考文獻
[1]
Taiwan Computer Emergency Response Team / Coordination Center
http://www.cert.org.tw, July 2003., [CERT/CC, 2001].
AXENT Technology Ltd., “Everything You Need to Know About Intrusion Detection”,
1999 http://
[2]
www.axent.com .
[3] J. Scambray, S. Mcclure and G. Kurtz, Hacking Exposed: Network Security Secrets &
[4]
M
[5]
[6] 袁鴻第九屆全國資訊安
[7] Di
http://
Solutions, 2nd ed. McGraw-Hill, 2001.
K. Mandia and C. Prosise, Incident Response''s: Investigating Computer Crime,
cGraw-Hill, 2001.
伍麗樵, 陳世仁, “網路安全與管理”, 第一版, 全華科技圖書股份有限公司.
文, 劉育銘, “ICMP DoS 攻擊之原理與防禦方法”,
全會議, 民88年.
stributed Denial of Service (DDoS) Attacks/tools,
staff.washington.edu/dittrich/misc/ddos/, July 2003.
[8] D. E. Denning, “An Intrusion Detection Model” , IEEE Transactions on Software
pp. 222-232 .
[9] E. Biermann, E. Cloete, L. M. Venter, “A comparison of Intrusion Detection
Systems", Computers & Security, Vol. 20, No 8, 2001, pp. 676-683 .
[10] Theuns Verwoerd, Ray Hunt, “Intrusion detection techniques and approaches”,
Computer Communications, Vol. 25, 2002, pp. 1356-1365 .
[11] 陳培德, 賴溪松, “入侵偵測系統簡介與實現”, Communications of the CCISA,
Vol. 8, No. 2, 民91年.
[12] 黃于爵, “網站入侵偵測系統之研究” 民91年.
[13] McHugh J. Intrusion and intrusion detection. [Journal Paper] International Journal of
Information Security, vol.1, no.1, Aug. 2001, pp.14-35. Publisher: Springer-Verlag,
Germany.
[14] 賴冠州 譯, 民90年, “駭客入侵偵測專業手冊”, 初版, 旗標出版股份有限公
司.
[15] 李駿偉, 田筱榮, 黃世昆, “入侵偵測分析方法評估與比較”, Communications
of the CCISA, Vol. 8, No. 2, 民91年
[16] Iguchi, M. and Goto, S., “Network surveillance for detecting intrusions”, Internet
Workshop, 1999. IWS 99, Waseda Univ., Tokyo, Japan, pp. 99-106.
[17] Argus Open Project, http://qosient.com/argus/
Engineering, Vol. SE-13, No. 2, 1987,
,
.
(13 November 2000).
[18] Staniford, S., Hoagland, J.A. and McAlerney, J.M., “Practical Automated Detection of
Stealthy Portscans”, Silicon Defense, 513 2nd Street Eureka, CA 95501.
[19] The Stealthy Portscan and Intrusion Correlation Engine, a project at Silicon Defense
to detect portscans, http://www.silicondefense.com/software/spice/ (14 May 2001).
-5 6-
[20] Ghosh, A.K., Wanken, J. and Detecting anomalous and unknown
ity Applications
, VA, USA, pp. 259-267.
and Network Monitoring, UBS, Ubilab, April
[22] tor(s): Whalen, T., “Fuzzy network profiling
of the
0, Iowa State Univ., Ames, IA, USA, pp. 301-306.
A
21 No.3, March 1995.
orks with Undirected Links for
EE Workshop on Information
une,
ugh the
the 1999 IEEE
[26] IEEE, Volume:78,
m IJCNN ''93-Nagoya. Proceedings of 1993 International
462.
ww.ll.mit.edu/IST/ideval/data/data_index.html
Charron, F., “
intrusions againstprograms”, Proceedings of Computer Secur
Conference, 1998. Reliable Software Technol., Sterling
[21] Girardin, L., “An eye on network intruder-administrator shootouts”, Proceedings of
the Workshop on Intrusion Detection
9-12,1999.
Dickerson, J.E., Dickerson, J.A. and Edi
for intrusiondetection”, Proceedings of NAFIPS. 19th International Conference
North American, 200
[23] Ilgun, K., Kemmerer, R.A. and Porras, P.A., “State Transition Analysis:
Rule-Based Intrusion Detection Approach”, IEEE Transactions on Software
Engineering , VOL.
[24] Ye, N., Xu, M. and Emran, S.M., “Probabilistic Netw
Anomaly Detection”, Proceedings of the 2000 IE
Assurance and Security United States, Military Academy, West Point, NY, 6-7 J
2000.
[25] Porras, P.A., “Detecting Computer and Network Misuse Thro
Production-Based Expert System Toolset (P-BEST)*”, Proceedings of
Symposium on Security and Privacy, Oakland, California, MAY 9-12, 1999.
Kohonen T., “The Self-Organizing Map”, Proceedings of the
Issue:9, 1990, Sept, pp. 1464 –1480 and “Generalizations Of The Self-organizing
ap”, Neural Networks, 1993.
Joint Conferenceon, on Volume: 1, 1993, pp. 457 –
[27] 葉怡成, 民91年, “類神經網路模式應用與實作”, 第二版, 儒林圖書有限公
司.
[28] 網址 http://www.ll.mit.edu/IST/ideval/data/data_index.html
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文