跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.171) 您好!臺灣時間:2024/12/09 12:45
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳智迪
研究生(外文):Chih-Di Chen
論文名稱:結合全狀態與流量檢驗技術之郵件入侵防禦系統
論文名稱(外文):A Stateful and Flow-Based Intrusion Prevention System for Email Applications
指導教授:朱元三
指導教授(外文):Yuan-Sun Chu
學位類別:碩士
校院名稱:國立中正大學
系所名稱:電機工程所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:95
語文別:中文
論文頁數:93
中文關鍵詞:SMTP入侵防禦系統通訊協定異常偵測垃圾郵件郵件攻擊
外文關鍵詞:SMTPIPSAPADSpam MailsMail Attacks
相關次數:
  • 被引用被引用:0
  • 點閱點閱:993
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
在網路的蓬勃發展之下,近年來,電子郵件對於使用者而言,在網路上已經變成越來越重要的溝通工具了。也由於此通訊協定的方便性和重要性,現在的攻擊者會對於郵件伺服器同時發動SMTP攻擊和垃圾郵件。然而,現在的研究都致力於解決SMTP攻擊和垃圾郵件,並沒有一個整合的方法來面對這些安全問題。
為了能夠有效率的偵測且預防SMTP攻擊和垃圾郵件,在本篇論文裡,我們提出一個整合性的方法,這個方法是以通訊協定異常偵測的原理為基礎,此原理由有限狀態機所實現,被用來全狀態式的檢測每個電子郵件流是否有偏離正常的行為。我們將本篇論文所提出的方法和Snort整合,讓我們的方法不僅有正面表列還有負面表列的偵測機制。最後也希望本篇論文的研究,可以提供一個解決方案給予未來想對Snort整合新的防禦技術與弁鄐妞蒫o人員。
Recently years, an email has become more important communication for most users over Internet. As this popularity for emails, there are many email attackers who abuse emails to launch SMTP attacks and Spam mails to receivers.Although some technical countermeasures against SMTP attacks and Spam mails are proposed respectively, there is not an approach to prevent Spam mails as well as SMTP attack effectively. These proposed security technologies usually aim at signal threat so that it lack for an integral security technology to defend these problems.
In order to prevent both Spam mails and SMTP attacks more effectively, in this thesis, we propose an integral approach which bases on the concept of PAD (Protocol Anomaly Detection) , adopting this concept implemented by finite state machine to inspect statefully whether email flows deviate from the normal behavior. We integrated the porposed approach with Snort to make it possess not only positive approach but also negative approach. Finally, we would hope the study that it can be a soulution for researchers who strong Snort more and more.
第一章 簡介 1
1.1 現況概要 1
1.2 研究動機 3
1.3 論文架構 7
第二章 背景知識與相關研究 8
2.1 簡單郵件傳輸協定(SMTP) 8
2.1.1 SMTP的由來與歷史簡介 8
2.1.2 SMTP簡介 11
2.1.3 SMTP模型 11
2.1.3.1基本結構 11
2.1.3.2 一般語法原理和交易模型 13
2.1.4 SMTP程序 13
2.1.4.1 Session初始化 13
2.1.4.2 Client端初始化 14
2.1.4.3 郵件交易 14
2.1.5 郵件路由傳送與網域系統 16
2.1.5.1 Domain Servers所知道的資訊 16
2.1.5.2 Internet Mail Routing 17
2.1.5.3 Mail Relay 17
2.1.6 SMTP命令 18
2.1.7 SMTP回覆 21
2.2 網路安全技術介紹 24
2.2.1 防火牆 24
2.2.2 防火牆種類及其弁鄔?25
2.2.3 入侵偵測系統 29
2.2.3.1 入侵偵測系統之歷史 29
2.2.3.2 入侵偵測系統簡介 33
2.2.4 入侵防禦系統 40
2.3 協定異常偵測 41
2.3.1 基本原理 42
2.3.2 技術演變歷史 43
2.3.3 協定異常偵測之優缺點 45
第三章 SMTP所衍生出的安全威脅與目前防禦技術 46
3.1 SMTP攻擊 46
3.2 垃圾郵件攻擊 49
3.2.1 垃圾郵件概況 49
3.3 針對SMTP攻擊與垃圾郵件之防禦技術 51
3.3.1 現今SMTP攻擊之防禦技術 51
3.3.2 現今垃圾郵件防禦技術 52
3.3.3 垃圾郵件預防相關papers 54
第四章 系統架構 56
4.1 Snort Block Diagram 56
4.2 Snort與系統架構整合之方法 59
4.3 防禦垃圾郵件與SMTP攻擊之系統架構 61
4.3.1 SMTP攻擊預防之系統架構 61
4.3.1.1 Initial State 65
4.3.1.2 Ready State 66
4.3.1.3 Ehlo State 67
4.3.1.4 Mail State 69
4.3.1.5 Rcpt State 70
4.3.1.6 Quit State、Reset State and Verify State 71
4.3.2 垃圾郵件預防之系統架構 72
4.3.2.1 DATA State 73
第五章 架構實現與測試 79
5.1 所需硬體與軟體 79
5.2 進入preprocessors of Snort Inline的封包流程 79
5.3 性能測試 80
5.3.1 SMTP DoS防禦測試 81
5.3.2 SMTP Buffer Overflow防禦測試 82
5.3.3 郵件炸彈防禦測試 83
5.3.4 垃圾郵寄防禦測試 84
第六章 結論與未來工作 88
6.1 結論 88
6.2 未來工作 89
參考文獻 90
[1]J. Klensin, AT&T Laboratories, "SIMPLE MAIL TRANSPORT PROTOCOL" , RFC2821, April, 2001
[2]David Harris, "Drowning in Sewage", at: http://www.ictlex.net/wp-content/spamwp.pdf
[3]Openfind, at: http://www.openfind.com.tw
[4]Qiu Xiaofeng, Hao Kihong, Chen Ming. "Flow-Based Anti-Spam", IP Operations and Management, 2004. Proceedings IEEE Workshop on 11-13 Oct. 2004 Page(s): 99-103
[5]Satio T, “Anti-SPAM System: Another Way of Preventing Spam”, Database and Expert System Applications, 2005. Proceeding. Sixteeth International Workshop on 22-26 Aug. 2005 Page(s): 57-61
[6]The History and Future of SMTP, at: http://www.freesoftwaremagazine.com/articles/focus_spam_smtp/
[7]History of SMTP, at: http://www.circleid.com/posts/history_of_smtp/
[8]Suzanne Sluizer, Jonathan B. Postel, “MAIL TRANSFER PROTOCOL”, RFC780, May, 1981
[9]Jonathan B. Postel, “SIMPLE MAIL TRANSFER PROTOCOL”, RFC788, November, 1981
[10]David H. Crocker, John J. Vittal, “STANDARD FOR THE FROMAT OF ARPA NETWORK TEXT MESSAGE(1)”, RFC733, November, 1977
[11]Jonathan B. Postel, “SIMPLE MAIL TRANSFER PROTOCOL”, RFC821, August, 1982
[12]David H. Crocker, “STANDARD FOR THE FROMAT OF ARPA NETWORK TEXT MESSAGE”, RFC822, Augest 13 1982
[13]J. Klensin, WG Chair, “SMTP Service Extensions”, RFC1425, February 1993
[14]P. Resnick, “Internet Message Format”, RFC2822, April 2001
[15]Craig Partridge, “MAIL ROUTIGN AND THE DOMAIN SYSTEM”, RFC974, Janurary 1986
[16]Wikipedia, “firewall”, at: http://zh.wikipedia.org
[17]Massachusetts Institute of Technology, at: http://web.mit.edu/
[18]王岳中, “防護邊界安全-防火牆”, at: http://www.eisi.com.tw/asp/index.asp
[19]Rebecca Bace, Peter Mell, “Intrusion Detection Systems(IDS)” NIST SP800-31, July 2002.
[20]Price, K.E. “Host-Based Misuse Detection and Conventional Operating Systems Audit Data Collection.”Master thesis, Purdue University, December 1997.
[21]Ricky M. Magalhaes, “Host-Based IDS vs Network-Based IDS”, at http:// http://www.windowsecurity.com/, Jul 23, 2004
[22]Przemyslaw Kazienko & Piotr Dorosz, “Intrusion Detection Systems (IDS) Part 2 - Classification; methods; techniques”, Jun 15, 2004
[23]Jason Larsen & Jed Haile, “Understanding IDS Active Response Mechanisms”, Jan 29, 2002
[24]Erwan, Lemonnier “Protocol Anomaly Detection in Network-based IDSs” Defcom Sweden, Stockholm, 28 June 2001
[25]Kumar Das, “Protocol Anomaly Detection for Network-based Intrusion Detection”, SANS, August, 13,2001
[26]Marcus Ranum, “What is Deep Inspection” at: http://www.ranum.com/security/computer_security/editorials/deepinspect/index.html
[27]Symantec, “Symantec Internet Security Threat Report” Trends for January 05 – June 05, September 2005
[28]Check Point, “Protocols and Related Defenses – Application Layer”, at: http://www. checkpoint.com/appint/appint_application_layer.html
[29]Gordano, “Gordano Knowledge Base - Do partial messages bypass SMTP Content Protection? ”, at: http://www.gordano.com/
[30]Infopeople, “Network Security - Basic Firewall Configuration”, at: http://www.infopeople.org/
[31]Syngress, “Attack Detection and Defense”, at: http://www.syngress.com/book_catalog/312_NetScr/sample.pdf
[32]David Harris, "Drowning in Sewage", at: http://www.ictlex.net/wp-content/spamwp.pdf
[33]Felipe Arboleda, Edward Bedón, “Snort diagrams for developers”, April 2005, at: http://www.snort.org/
[34]Raven Alder, Jacob Babbin, SYNGRESS, “Snort 2.1 Intrusion Detection”, Second Edition, May 2004
[35]Drumea, A.; Popescu, C., “Finite State Machines and their Application in Software for Industrial Control”, Electronics Technology: Meeting the Challenges of Electronics Technology Progress, 2004. 27th International Spring Seminar on
Volume 1, 13-16 May 2004 Page(s):25 - 29 vol.
[36]F. Wanger, “Moore or Mealy model”, at: http://www.stateworks.com/active/content/en/product/links.php
[37]N. Brwnlee, C. Mills, “Traffic Flow Measurement: Architecture”, RFC 2722, Oct 1999
[38]At: http://www.webopedia.com/TERM/F/FQDN.html
[39]Benny Pinkas, “Securing Passwords Against Dictionary Attacks”, Proceedings of the ACM Computer and Communications Security Conference, November 2002.
[40]F. Wang , “What’s All This State Machine Stuff”, March 2006
[41]R. Sekar, A. Gupta, “Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions”, Proceedings of the 9th ACM conference on Computer and communications security, 2002
[42]Livemore Software Laboratories, “PORTUS SMTP Application Defenses”, September 2004
[43]MIT Lincoln Laboratory, at: http://www.ll.mit.edu/
[44]CiperTrust, “What E-mail Hackers Know That You Don’t”, October 2005
[45]SNORT.ORG, at http://www.snort.org/
[46]N. Freed, N. Borenstein, “Multipurpose Internet Mail Extensions”, RFC2045, November, 1996
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 魯炳炎,2004,〈我國工商專用港轉型改制為工商綜合港之公共政策觀點—政策網絡與政策變遷的應用〉,《政治科學論叢》,第19期,頁255-296。
2. 陳恆鈞,2001b,〈團體在決策過程中的運作分析模式〉,《政治科學論叢》,第15期,頁241-264。
3. 劉阿榮,2001,〈治權轉移與政策變遷-以環保、經濟政策為例〉,《社會文化學報》,第12期,頁85-113。
4. 鄭欽龍,1994,〈環保議題的專家決策與公眾選擇〉,《思與言》,頁51~62。
5. 鍾寶珠,2000,〈令人頭昏眼花的蘇花高速公路〉,《東海岸評論》,146期,頁10-12。
6. 楊守全,2000,〈請新政府重視東部建設〉,《東海岸評論》,第144期,頁12-15。
7. 陳正芬,2002,〈老人福利推動聯盟在未立案養護機構法制化過程的倡導角色之分析〉,《社會政策與社會工作學刊》,第6卷,第2期,頁223-267。
8. 梁明煌,2000,〈臺灣地區環保團體的角色與環保糾紛解決機制的變遷〉,《環境與管理研究》,第1卷,第1期,頁79-95。
9. 張岱屏,2003,〈迢迢後山路〉,《東海岸評論》,第182期,頁24-28。
10. 孫煒,2002,〈政策次級系統與政策典範:政策變遷之模型建構〉,《政治學報》,第34期,頁123-148。
11. 施建生:〈制度學派與現代政治經濟學〉,《臺灣經濟研究月刊》,第23卷第6期,頁8-11。
12. 林茂耀,2004,〈微弱而有力的聲音-花蓮的環境運動與環保團體〉,《東海岸評論》,第197期,頁46-50。
13. 吳勁毅,2003,〈千山萬水,走自己的路〉,《東海岸評論》,第182期,頁31-33。
14. 丘昌泰,2000b,〈後現代社會公共管理理論的變遷:從『新公共管理』到『新公民統理』〉,《中國行政評論》,第10卷,第1期,頁1-32。