跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.85) 您好!臺灣時間:2024/12/07 16:22
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:張凱棊
研究生(外文):Kai-Chi Chang
論文名稱:使用頻繁情節法則與有限狀態機於網路入侵偵測系統之設計
論文名稱(外文):Using Frequent Episode Rules and Finite State Machine to Design Real-Time Network Intrusion Detection Systems
指導教授:蘇民揚
指導教授(外文):Ming-Yang Su
學位類別:碩士
校院名稱:銘傳大學
系所名稱:資訊工程學系碩士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:中文
論文頁數:58
中文關鍵詞:網路入侵偵測系統頻繁情節法則誘捕系統有限狀態機
外文關鍵詞:Finite State MachineHoneypotFrequent Episode RulesNIDS
相關次數:
  • 被引用被引用:1
  • 點閱點閱:391
  • 評分評分:
  • 下載下載:78
  • 收藏至我的研究室書目清單書目收藏:0
隨著電子商務的興起,網路安全也逐漸受到人們的重視。同時網路攻擊也逐漸成為電子商務的一大隱憂;於是網路安全的重要性與日俱增,入侵偵測系統也因應而生。於是本文將攻擊分為兩大部分:其一為少量封包攻擊、其二為大量封包攻擊。本文將針對前者實作一個入侵偵測系統的平台。
少量封包攻擊,如:駭客入侵(Probe/Exploit)這類的攻擊,本文使用頻繁情節法則(Frequent Episode Rules)結合有限狀態機設計一個即時的入侵防禦系統,由於頻繁情節法則在探勘的過程中加強以時間為主軸的相關性,也因此在偵測精緻化的入侵攻擊上有顯著的成效。單就Probe/Exploit(駭客入侵)這類型攻擊而言,其著重於每個動作之間的相關性以及動作發生的先後順序。在駭客進行攻擊之前必須先收集被害電腦的相關資訊,本系統能將駭客在資訊收集階段便將其阻擋於防火牆之外。我們將探勘後的頻繁情節法則製成有限狀態機,同時結合防火牆(Iptable)並動態修改其規則以即時切斷可疑連線之進行。本文以NetBIOS/NetBEUI通訊協定當中最重要的"伺服器訊息塊通訊協定"(Server Message Block Protocol, SMB )所發生的入侵攻擊為例作說明,並以實驗證實可行性。本文所提之入侵防禦架構,可輕易修改使其用以保護不同的網路服務。

關鍵字:網路入侵偵測系統、頻繁情節法則、誘捕系統、有限狀態機。
In the paper, we propose a framework to detection Probe/Exploit. Not only detection performance, real-time demand is also important for a network intrusion detection system (NIDS). So we design and implement a NIDS based on FER (Frequent Episode Rules) mining approach in the paper. Our NIDS retrieve information from a lot of audit log file for making a FSM (Finite State Machine). In the application of NIDS, the audit log file, i.e., network packet, collected by Honeypot. Our NIDS in this paper that can real-time detection Anomaly connection via FSM、Simultaneously monitors 50 connection and prevention attack occurrence.

Keywords: NIDS, Frequent Episode Rules, Honeypot, Finite State Machine
摘要 ii
誌謝 iv
第一章 緒論 8
1.1研究背景 8
1.2研究動機 8
1.3研究目的 8
1.4論文架構 9
第二章 文獻探討 10
2.1入侵偵測系統 10
2.2常見的網路攻擊 12
2.2.1大量封包攻擊 12
2.2.2少量封包攻擊 13
第三章 少量封包攻擊偵測技術與相關軟體 15
3.1頻繁情節法則 15
3.2有限狀態機 20
第四章 系統架構 23
4.1實驗環境 23
4.2訓練階段 25
4.3線上測試階段 29
第五章 實驗及數據 34
第六章 結論 42
英文論文 43
中文論文 49
附件一 KFSensor Setting 50
附件二 KFSensor連結資料庫 51
附件三 狀態機產生與連結 54
附件四 詳細有限狀態圖 56
附件五 線上偵測系統介紹 57
英文論文
[1]Peter de Boer and Martin Pels ,“Host-based Intrusion Detection Systems”, Technique Report, University of Amsterdam, pp. 1-25, 2005 .
[2]Marcos Laureano, Carlos Maziero, and Edgard Jamhour, “Intrusion Detection in Virtual Machine Environments”, IEEE Proceedings of the 30th EUROMICRO Conference (EUROMICRO’04), pp. 520-525, 2004.
[3]Viruslist.com http://www.viruslist.com/en/analysis?pubid=204791921
[4] Wu Yang, Xiao-Chun Yue, and Le-Jun Zhang, “Using Incremental Learning Method For Adaptive Netowrk Intrusion Detection” Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, 2005.
[5]Bin Cong, “Implementation of Real Time Intelligent Intrusion Detection Systems”, Proceedings of the ISCA 17th International Conference Computers and their Applications, pp. 450-453, 2002.
[6]Wenke Lee, “Applying Data Mining to Intrusion Detection: the Quest for Automation, Efficiency, and Credibility,” ACM SIGKDD Explorations Newsletter, Vol. 4, Issue 2, pp. 35-42, 2002.
[7]Chang-Tien Lu, Arnold P. Boedihardjo and Prajwal Manalwar, “Exploiting Efficient Data Mining Techniques to Enhance Intrusion Detection Systems,” IEEE International Conference on Information Reuse and Integration, pp. 512-517, 2005.
[8]Mei-Ling Shyu, Shu-Ching Chen, Kanoksri Sarinnapakorn, and LiWu Chang, “A Novel Anomaly Detection Scheme Based on Principal Component Classifier,” Proceedings of ICDM Foundation and New Direction of Data Mining workshop, pp. 172-179, 2003.
[9]Wei Fan, Matthew Miller, Salvatore J. Stolfo, Wenke Lee, and Philip K. Chan, “Using Artificial Anomalies to Detect Unknown and Known Network Intrusions,” IEEE International Conference on Data Mining (ICDM''01), pp. 123-130, 2001.
[10]Byoung-Doo Kang, Jae-Won.Lee,.Jong-Ho Kim, Hwa Kwon, Chi-Young Seong and Sang-Kyoon Kim, “An Intrusion Detection System Using Principal Component Analysis and Time Delay Neural Network,”, Proceedings of 7th International Workshop on Enterprise networking and Computing in Healthcare Industry, pp. 442 – 445, 2005.
[11]Sampada Chavan, Khusbu Shah, Neha Dave and Sanghamitra Mukherjee, “Adaptive Neuro-Fuzzy Intrusion Detection Systems,” Proceedings of the IEE International Conference on Information Technology: Coding and Computing (ITCC), 2004.
[12]Li Zhi-Tang and Li Jia-Chun, “Application of Fuzzy Neural Networks to Intrusion Detection,” Mini-Micro Systems, Vol. 23, Issue 10, pp. 1235-1238, 2002.
[13]John E. Dickerson and Julie A. Dickerson, “Fuzzy Network Profiling for Intrusion Detection,” IEEE Network, pp. 301-306, 2000.
[14]German Florez , Susan M.Bridges , and Rayford B. Vaughn , “An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection”, Proceedings of the Fuzzy Information Processing Society, pp. 457-462, 2002.
[15]Susan M. Bridges and R. B. Vaughn , “Intrusion Detection Via Fuzzy Data Mining”, Proceedings of the twelfth Annual Canadian Information Technology Security Symposium, 2000.
[16]John E. Dickerson and Julie A. Dickerson, “Fuzzy Network Profiling for Intrusion Detection,” IEEE Network, pp. 301-306, 2000.
[17]Susan M. Bridges and Rayford B. Vaughn, “Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection,” Proceedings of the National Information Systems Security Conference (NISSC), 2000
[18]Ming-Yang Su, Kai-Chi Chang, Hua-Fu Wei and Chun-Yuen Lin," A Real-time Network Intrusion Detection System Based on Incremental Mining Approach ",IEEE ISI 2008 Taipei, Taiwan, June 17, 2008
[19]Ming-Yang Su, Sheng-Cheng Yeh, and Kai-Chi Chang, “Using Incremental Mining to Generate Fuzzy Rules for Real-time Network Intrusion Detection Systems,” IEEE Proceedings of the 22nd International Conference on Advanced Information Networking and Applications, Okinawa, Japan, 2008.
[20]Heikki Mannila ,Hannu Toivonen ,A. Inkeri Verkamo, ”Discovery of Frequent Episodes in Event Sequences,” Data Mining and Knowledge Discovery, pp. 259–289, 1997
[21]W. Lee, S.J. Stolfo, and K. Mok, “Adaptive Intrusion Detection: A Data Mining Approach,” Artificial Intelligence Review, pp. 533-567, 2000.
[22]Jianxiong Luo and Susan M. Bridges, “Mining Fuzzy Association Rules AND Fuzzy Frequency Episodes for Intrusion Detection,” International Journal of Intelligent Systems, Vol. 15, No. 1, pp. 687-703, 2001.
[23]Jianxiong Luo Bridges, S.M.Vaughn, R.B., Jr., “Fuzzy Frequent Episodes for Real-Time Intrusion Detection,” Fuzzy Systems, 2001. The 10th IEEE International Conference on .pp. 368-371, 2001.
[24]Min Qin and Kai Hwang, “Frequent Episode Rules for Internet Anomaly Detection”, Proceedings of the Third IEEE International Symposium on Network Computing and Applications (NCA’04), 2004
[25]Kai Hwang, Min Cai, Ying Chen and Min Qin, “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes”, IEEE Transactions on Dependable and Secure Computing, Vol. 4, No. 1, pp. 41-55, 2007.
[26]Kevin J. Houle and George M. Weaver, “Trends in Denial of Service Attack Technology(v1.0)” CERT® Coordination Center, pages 1-20, October 2001.
[27]Andrey Belenky and Nirwan Ansari, “On IP Traceback,” in IEEE Communication Magazine, pp. 142-153, July 2003.
[28]Zhiqiang Gao and Nirwan Ansari, “Traceing Cyber Attacks from the Practical Perspective,” in IEEE Communications Magazine, pp. 123-131, May 2005
[29]Rocky K. C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” in IEEE Communications Magazine, pp. 42-51, Oct. 2002.
[30]Jelena Mirkovic and Peter Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” in ACM SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-54 , Apr. 2004.
[31]Noureldien, N, “Protecting web servers from DoS/DDoS flooding attacks: a technical overview,” in International Conference on Web-Management for International Organizations, October 2002.
[32]“The smurf denial-of-service attack,” in Network Security, vol. 1998, no. 1, pp. 2, Jan. 1998.
[33]“TCP SYN flooding and IP spoofing attacks,” in Network Security, vol. 1996, no. 49 10, pp. 2, Oct. 1996.
[34]UDP Attacks, http://www.javvin.com/networksecurity/UDPFloodAttack.html
[35]ICMP flood attacks, http://www.anml.iu.edu/ddos/types.html
[36]Yoohwan Kim, Ju-Yeon Jo, Chao, H.J. and Merat, F., “High-speed router filter for blocking TCP flooding under DDoS attack,” IEEE, International Performance, Computing, and Communications Conference ,2003
[37]Ming-Yang Su, Sheng-Cheng Yeh, and Kai-Chi Chang, “Using Incremental Mining Approach to Analyze Network Traffic Online Based on Fuzzy Rules,” Journal of Internet Technology, Vol. 9, No. 1, pp. 1-10, 2008
[38]Ming-Yang Su, Kai-Chi Chang and Hua-Fu Wei,"A Fast Algorithm for Generating Fuzzy Rules - Online for Network Intrusion Detection Systems",ISC 2007.
[39]Ming-Yang Su, Kai-Chi Chang, Hua-Fu Wei and Chun-Yuen Lin," Feature Weighting and Selection for a Real-Time Network Intrusion Detection System Based on GA with KNN ",IEEE PAISI 2008 Taipei, Taiwan, June 17, 2008
[40]Lincoln Laboratory, Massachusetts Institute of Technology, “1999 DARPA Intrusion Detection Evaluation Data Set,” http://www.ll.mit.edu/SST/ideval/data/1999/1999_data_index.html
[41]Richard P. Lippmann et al., “The 1999 DARPA Off-line Intrusion Detection Evaluation”, http://www.ll.mit.edu/SST/ideval/pubs/pubs_index.html
[42]Symantec Corp."Symantec Internet Security Threat Report: Trends for July 05-Decamber 05" Volume IX, Published March 2006.
[43]Morin, B. and Debar, H."Correlation of Intrusion Symptoms: an Application of Chronicles", Proceedings of the 6th symposium on Recent Advances in Intrusion Detection, September 2003.
[44]Ilgun, K., Kemmerer, R.A. and Porras, P.A., “State Transition Analysis: A Rule-Based Intrusion Detection Approach”, IEEE Transaction on Software Engineering, 1995,
[45]SMC http://smc.sourceforge.net/
[46]L. Spitzner, “To Build a Honeypot,” http://www.spitzner.net/honeypot.html.
[47]D. Burroughs, L. Wilson and G. Cybenko. “Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods. IEEE Proceedings of the International Conference on Performance Computing and Communications, Apr. 2002.
[48]J. Levine, R. LaBella, H. Owen, D. Contis and B. Culver. “The Use of Honeypots to Detect Exploited Systems Across Lagre Enterprise Networks.” Proceedings of the 2003 IEEE Workshop on Information Assurance, 2003.
[49]Marc Dacier, Fabien Pouget, and Herve Debar, “Attack Processes found on the Internet”, NATO Research and technology symposium IST-041/RSY-013, 2004.
[50]Marc Dacier and Fabien Pouget, “Honeypot-based Forensics”, Asia Pacific Information technology Security Conference, 2004
[51]Vmware, http://www.vmware.com/products/.
[52]PHP:levenshtein http://tw2.php.net/manual/en/function.levenshtein.php
[53]KFSensor http://www.keyfocus.net/kfsensor/
[54]Winpcap http://www.winpcap.org/
[55]RFC 1001 http://www.faqs.org/rfcs/rfc1001.html
[56]FSensor http://www.keyfocus.net/kfsensor/help/AdminGuide/adm_TKFNBT.php
[57]金山防毒http://publish.it168.com/2002/1009/20021009000101.shtml
[58]Bintext http://www.foundstone.com/us/index.asp







中文論文
[59]蘇民揚, 葉生正, 林呈俞, 張瑞德, “植基於模糊關聯規則的網路入侵偵測系統,” Journal of Internet Technology, 2007, Vol. 8, No. 2, pp. 221-228.
[60]蘇民揚, 戴宏偉, 龍京佑, “模糊探勘於入侵偵測系統之應用,” 第十一屆人工智慧與應用研討會, 15-16 December, 2006.
[61]蘇民揚, 葉生正, 林呈俞, 張瑞德, “植基於模糊關聯規則的網路入侵偵測系統,” Journal of Internet Technology, Vol. 8, No. 2, pp. 221-228, 2007. (TSCI, EI)
[62]蘇民揚, 戴宏偉, 龍京佑, “適用於即時網路流量分析的快速模糊關聯規則產生方法,” TANET 2006, 1-3 November, 2006.
[63]蘇民揚,張凱棊,魏華甫,林俊淵,簡聖瑋,"使用漸進式探勘於即時網路入侵偵測系統之設計", 銘傳大學2008國際學術研討會.
[64]蘇民揚, 張凱棊, 魏華甫, 林俊淵, 甘懷誠,“使用改良型基因演算法於網路入侵偵測系統之特徵選取,” TANET 2007, 23-25 October, 2007.
[65]蘇民揚, 張凱棊, 魏華甫, 林俊淵, 莊淵全, 謝瑞峰,“特徵權重與數量對網路入侵偵測系統影響之研究,”NCS2007, 20-21 December, 2007.
[66]閻雪, “中國大陸的駭客技術”, 2001, 松崗
[67]朱亮愷、黃晟誌、游宗瀚編譯,Robert L. Ziegler原著,實戰 Linux防火牆:iptables應用全蒐錄,初版,上奇科技,民國93年。
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top