跳到主要內容

臺灣博碩士論文加值系統

(3.234.211.61) 您好!臺灣時間:2021/10/18 18:37
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:莊芳昇
研究生(外文):Fang-sheng Chuang
論文名稱:網路蠕蟲主動防禦機制之研究
論文名稱(外文):The Active Defense Mechanism of Internet Worm
指導教授:程毓明程毓明引用關係鄭進興鄭進興引用關係
指導教授(外文):Yuh-Ming ChengJinn-Shing Cheng
學位類別:碩士
校院名稱:樹德科技大學
系所名稱:資訊管理研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:中文
論文頁數:123
中文關鍵詞:網路蠕蟲主動防禦網路訊務日誌分析可適應網路安全模型
外文關鍵詞:Internet WormActive DefenseNetflowLog AnalyzerP2DR Model
相關次數:
  • 被引用被引用:2
  • 點閱點閱:413
  • 評分評分:
  • 下載下載:82
  • 收藏至我的研究室書目清單書目收藏:0
近年來隨著網際網路的普及,網際網路將數以千萬計的電腦連結起來,然而伴隨著網路應用及複雜性的增加,以及近年來網路頻寬的劇增,使得網路蠕蟲的發生頻率增高、潛伏期更長、覆蓋面更廣,造成的有形及無形的損失也越來越大,使得網路蠕蟲成為網路安全研究中的重要議題。而網路蠕蟲的攻擊手法也由被動式攻擊轉為主動式的攻擊模式,攻擊模式也由原有透過電子郵件、網路芳鄰傳播,逐漸演變成利用作業系統和終端用戶應用程式的軟體漏洞並夾帶著分散式阻斷式服務攻擊(DDoS)的複合式入侵模式。網管人員面對著日益複雜和千變萬化的網路蠕蟲以近乎零時差的攻擊態勢,加上傳統的被動式的防禦機制,像是防火牆、入侵偵測(IDS)、入侵防禦(IPS)及防毒等防禦技術幾乎都獨立存在的部署在網路邊界上彼此之間缺乏合作協防。加上這些機制均依賴著蠕蟲特徵定義檔更新來偵測網路蠕蟲,使得在面對多樣化的蠕蟲攻擊逐漸顯得力不從心。因此,本研究運用網路訊務(Netflow)及日誌分析(Syslog)為基礎的網路蠕蟲偵測機制,並為使各網路邊界上的偵測和防禦機制之間能進行有效的合作防禦,並運用合作防禦概念來實現各機制上的合作協防,使網路蠕蟲防禦系統能即時偵測出蠕蟲攻擊進而達到主動防禦網路蠕蟲的攻擊。
With the popularization and the complexity of the Internet that connects tens of millions of computers, the Internet worms are easy to increase faster, hide longer incubation period longer, and spread wider. The damages caused by the Internet worms were so substantial that they become the primary issue in the study of network safety. The Internet worms become more aggressive. They used to spread via Email or Windows Network and caused minor damages. But now, they can even attack the operating system loopholes and application software with DDoS. Facing the mutating network worms, the traditional passive protection techniques that deployed on the network border independently become obsolete because they cannot work with each other. The purpose of the study is to develop a cooperatively Internet worm’s detective and defense mechanism that based on the analysis of Netflow and Syslog. Whenever the Internet worms attack, the system can detect and then activate the defense mechanism that corporate with different defensive techniques to minimize the damages.
中文摘要 -------------------------------------------- i
英文摘要 -------------------------------------------- ii
誌謝 -------------------------------------------- iii
目錄 -------------------------------------------- iv
表目錄 -------------------------------------------- vi
圖目錄 -------------------------------------------- vii
符號說明 -------------------------------------------- ix
第一章 緒論---------------------------------------- 1
第一節 研究背景與動機------------------------------ 1
第二節 研究目的------------------------------------ 4
第二章 文獻探討------------------------------------ 6
第一節 作業系統與應用程式之缺失-------------------- 6
第二節 網路安全威脅趨勢---------------------------- 8
第三節 網路蠕蟲之探討------------------------------ 10
第四節 網路蠕蟲的傳播------------------------------ 11
第五節 網路蠕蟲的功能模組-------------------------- 13
第六節 網路蠕蟲的傳播途徑-------------------------- 16
第七節 網路蠕蟲的行為特徵-------------------------- 18
第八節 網路蠕蟲的掃描策略-------------------------- 20
第九節 阻絕服務攻擊與分散式阻斷服務攻擊------------ 22
第三章 相關安全技術研究---------------------------- 27
第一節 傳統靜態資訊安全模型之侷限------------------ 27
第二節 動態資訊安全模型理論------------------------ 27
第三節 網路管理協定-------------------------------- 31
第四節 網路蠕蟲的偵查機制-------------------------- 42
第五節 網路蠕蟲的防禦機制-------------------------- 64
第六節 相關協同防禦技術---------------------------- 71
第四章 系統建置與實作------------------------------ 82
第一節 雛型系統架構-------------------------------- 82
第二節 實驗環境硬體及軟體資訊---------------------- 83
第三節 系統分析規劃-------------------------------- 84
第四節 功能模組------------------------------------ 86
第五節 攻防實驗與驗證------------------------------ 95
第五章 結論與未來研究方向-------------------------- 109
第一節 結論---------------------------------------- 109
第二節 未來研究方向-------------------------------- 110
參考文獻 -------------------------------------------- 111
附錄一 -------------------------------------------- 115
附錄二 -------------------------------------------- 118
附錄三 -------------------------------------------- 120
附錄四 -------------------------------------------- 123
自傳 -------------------------------------------- 126
[1]文偉平,卿斯漢,蔣建春,2004,"網路蠕蟲研究與進展",軟體學報,Vol.15,No.8,1208-1219頁
[2]李武耀,丁致中,廖百齡,江清泉,2003,〞電子郵件日誌分析及異常偵測系統〞,台灣網際網路研討會,台北,10月30日。
[3]陳嘉玫,黃世昆,陳年興,鍾明勛,2002,〞即時偵測防治Internet Worm〞,台灣電腦網路危機處理中心〞, http://www.cert.org.tw/document/docfile/InternetWorm.pdf
[4]游啟勝,2003,合作式防火牆之設計與應用,國立中央大學,碩士論文。
[5]黃文穗,林守仁,2001,〞利用NetFlow建置Code Red Worm偵測系統〞,台灣網際網路研討會,10月26日。
[6]黃志雄,2005,智慧型網路安全防衛系統之設計與實作,私立東海大學,碩士論文。
[7]嚴大中,廖百齡,俞齊醒,何應魁,江清泉,2002,"以防火牆日誌分析之網路攻擊偵測系統〞,台灣網際網路研討會,10月31日。
[8]Andre’ Muscat, 2003, “A Log Analysis based Intrusion Detection System for the creation of a Specification Based Intrusion Prevention System”, Computer Science Annual Research Workshop, July.
[9]CERT Coordination Center, 2005, “Carnegie Mellon University. CERT/CC Overview Incident and Vulnerability Trends”, http://www.cert.org/present/cert-overview-trends/
[10]CERT Coordination Center, 2005, “Carnegie Mellon University. CERT-CC Statistics 1988-2005”, https://www.cert.org/stats/index.html
[11]Cisco NetFlow, http://www.cisco.com/warp/public/732/Tech/nmp/NetFlow/index.shtml
[12]Cliff Changchun Zou, Lixin Gao, Weibo Gong, and Don Towsley, “Monitoring and Early Warning for Internet Worms”, CCS’03, 2003.
[13]Cohen, Fred, “Computer Viruses: Theory and Experiments”, Proceedings Of The 7th National Computer Security Conference, 1984, pp. 240-263. http://vx.netlux.org/lib/afc01.html
[14]Computer Security Institute, 2005, “CSI/FBI 2005 Computer and Security Survey”, http://www.gocsi.com/
[15]Darrell M. Kienzle and Matthew C. Elder, 2003, “Recent Worms: A Survey and Trends”, WORM ‘03, Washington, DC, USA, October 27.
[16]David Moore and Colleen Shannon, “The Spread of the Witty Worm”, http://www.caida.org/analysis/security/witty/
[17]David Newman, 1999, Benchmarking Terminology for Firewall Performance, IETF.
[18]Distributed Intrusion Detection System, http://www.dshield.org/
[19]Don Libes, 1990, http://expect.nis.gov/, Expect.
[20]EEye Digital Security, 2003, Blaster worm analysis. http://www.eeye.com/html/Research/Advisories/AL20030811.html
[21]EEye Digital Security, 2001 Code Red worm, http://www.eeye.com/html/research/advisories/al20010717.html
[22]Eugene H .Spatfhrd, 1989, “The internet worm program: an analysis”, ACM SIGCOMM Computer Communication Review, vol. 19, no. 1, pp.17-57.
[23]Eugene H. Spafford, 1991, “The Internet Worm Incident”, Technical Report CSD-TR-933, Purdue University.
[24]F-Secure Secure Information Center, 2002, Global Slapper Worm Information Center, http://www.f-secure.com/slapper/
[25]Fyodor, 1997, “The art of port scanning”, Phrack Magazine, 7(51):11~17.
[26]Internet Software Consortium, http://www.isc.org/
[27]J. F. Shoch and J. A. Hupp, 1982, “The worm' programs - early experience with a distributed computation”, Communications of the ACM, vol. 25, no. 3, pp.172-180.
[28]Jeffrey D. Case, et al., 1990, “A Simple Network Management Protocol (SNMP)”, IETF.
[29]Jose Nazario, Jeremy Anderson, Rick Wash, Chris Connelly, 2001, “The Future of Internet Worms”, Presented at the Blackhat Briefings, July, Las Vegas. http://www.crimelabs.net/docs/worm.html
[30]Moore D, Paxson V, Savage S, Shannon C, Staniford S, Weaver N, 2003, “Inside the slammer worm”, IEEE Magazine of Security and Privacy, 1(4):33~39.
[31]myNetWatchMan, http://www.mynetwatchman.com/
[32]Nazario J, Anderson J, Wash R, Connelly C, 2001, “The future of Internet worms”, Blackhat Briefings, Las Vegas.
[33]Nicholas Weaver, Potential Strategies for High Speed Active Worms, http://www.cs.berkeley.edu/~nweaver/worms.pdf
[34]Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham, 2003, “A Taxonomyof Computer Worms”, WORM ‘03, Washington, DC, USA, October 27.
[35]Prabhat K. Singh and Arun Lakhotia, 2002, “Analysis and Detection of Computer Viruses and Worms-An Annotated Bibliography”, ACM SIGPLAN Notices 29 V. 37(2), February.
[36]Renaud Deraison, 2003, http://www.hlfl.org/, HLFL.
[37]S. Staniford, V. Paxson, and N. Weaver, 2002, “How to own the Internet in Your Spare Time”, 11th Usenix Security Symposium.
[38]SANS Institute, 2005, The SANS Top 20 Internet Security Vulnerabilities, http://www.sans.org/top20/
[39]Shoch, John F, Jon A. Hupp, 1982, “The Worm Programs Early Experience with a Distributed Computation”, Communications of the ACM, 25(3), pp. 172-180.
[40]The CERIAS Intrusion Detection Research Group, 2002, “Digging for Worms, Fishing for Answers”, Proceedings of the Annual Computer Security Application Conference (ACSAC'02), Las Vegas, USA, December 9-13.
[41]U.S. NCSC, 1985, Department of Defense Trusted Computer System Evaluation Criteria, NCSC.
[42]Uriel Maimon, 1996, “Port Scanning without the SYN flag”, Phrack Magazine, 49(15), Nov. http://www.phrack.com
[43]Vincent Berk and George Bakos, 2003, “Designing a Framework for ActiveWorm Detection onGlobal Networks”, IEEE International Workshop on Information Assurance (IWIA’03).
[44]Vogt T, 2003, “Simulating and optimizing worm propagation algorithms”, http://web.lemuria.org/security/WormPropagation.pdf
[45]William Stallings, 1999, “Cryptography and Network Security: Principles and Practice”, 2nd Ed, Prentice-Hall, Inc.,.
[46]Winn Schwartau, 1999, “Time Based Security”, Interpact Press.
[47]Winn Schwartau, 1998, “Time-Based Security Explained: Provable Security Models and Formulas for the Practitioner and Vendor”, Computer & Security, pp.693-714.
[48]Zou CC, Towsley D, Gong W, Cai S, 2003, “Routing worm: A fast, selective attack worm based on IP address information”, Technical Report, Electrical and Computer Engineering Department, University of Massachusetts.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top