跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.170) 您好!臺灣時間:2024/12/11 04:49
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:薛來銘
研究生(外文):Lai-Ming Shiue
論文名稱:互信網路下安全管理的合作式防禦架構
論文名稱(外文):Cooperative Defensive Architecture for Security Management over Mutually Trusted Networks
指導教授:高勝助高勝助引用關係
指導教授(外文):Shang-Juh Kao
學位類別:博士
校院名稱:國立中興大學
系所名稱:應用數學系所
學門:數學及統計學門
學類:數學學類
論文種類:學術論文
畢業學年度:96
語文別:英文
論文頁數:83
中文關鍵詞:安全管理互信網路合作式防禦
外文關鍵詞:security managementmutually trusted networkscooperative defense
相關次數:
  • 被引用被引用:0
  • 點閱點閱:218
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著網際網路的急速發展,未被授權的網路存取行為威脅著網路安全,因此擁有一個有效率的防禦技術是迫切需要。常見的防禦技術包含防火牆、入侵偵測、弱點評估、服務保護及網路陷阱等,但這些防禦技術通常被獨立運用於單一網域且缺乏跨網域間的合作。對於網管人員而言,如何整合可利用的防禦技術至網管系統變成一項重要的工作,尤其是管理功能中的安全管理。
在本篇論文中,我們提出一個在聯合式網路環境下合作式防禦架構。這個架構包含三個層級:代理者層級、伺服器層級及管理者層級,其網路環境由數個獨立且相互信任的管理網域所組成。在本篇論文中亦提出兩種防禦機制的整合:網域內的整合建立了區域的安全性;同時透過互信網路間的資訊交換,網域間的整合建立了全域的安全性。其中,資訊傳輸中的資料格式亦被明確地定義。此外,我們利用三個應用實例來闡述本系統的可行性,同時也建立一個模擬環境來評估本系合作式防禦架構的系統效能。
最後,在合作式防禦架構下,我們實作兩個擴充安全功能的應用實例。在第一個實例中,一個合作式的入侵預防系統有效地改善傳統入侵預防系統的系統效能及正確性;在第二個實例中,我們提出一個名為honeyanole的網路陷阱系統,用來預防陷阱佈置被查覺同時亦強化了系統防禦。在整合這些技術後,可建立預警系統,同時強化系統防禦力。
As threats to network security from unauthorized access increases with the exponential growth of the Internet, an effective defensive technology is urgently demanded. Common defensive technologies which include firewalls, intrusion detections, vulnerability assessments, service guards, and honeypots are implemented independently without cooperation among various network environments. For a network administrator, how to integrate available defensive technologies into the network management system has become an emergent task, especially for security management.
In this dissertation, a cooperative defensive architecture of the federative network environment is proposed. The architecture takes a three-layered approach, including an agent layer, a server layer, and a manager layer. The network environment consists of several administrative domains, in which each domain is operationally independent and mutually trusted. Integration of both intra-domain and inter-domain defensive mechanisms is presented. While local security is accomplished by intra-domain integration, the global security of the federative network is provided by exchanging the shared information among mutually trusted domains. Data format, along with the transmission mechanism, is also explicitly specified for the communication of shared information. Moreover, three application scenarios are given to demonstrate the feasibility of system functionality, and a simulation experiment is established to evaluate the system performance.
Finally, two application cases are implemented by extending the security function in the cooperative defensive architecture. The first case demonstrates that cooperative intrusion prevention system can improve the performance and accuracy of traditional approach. In the second case, a honeypot system, called Honeyanole, is proposed to prevent deception deployment from hunting and to enhance the system defense. All together, an early warning system can be made and the system defense can be enhanced consequently.
CHAPTER 1 INTRODUCTION 1
1.1 MOTIVATION 3
1.2 CONTRIBUTIONS 4
1.3 ORGANIZATION OF THE DISSERTATION 5
CHAPTER 2 DEFENSIVE TECHNOLOGIES 6
2.1 FIREWALL SYSTEM 6
2.2 INTRUSION DETECTION SYSTEM 7
2.3 INTRUSION PREVENTION SYSTEM 8
2.4 VULNERABILITY ASSESSMENT SYSTEM 8
2.5 SERVICE GUARD SYSTEM 9
2.6 HONEYPOT SYSTEM 9
CHAPTER 3 DEFENSIVE INFORMATION INTEGRATION 11
3.1 INTRA-DOMAIN INTEGRATION 11
3.2 INTER-DOMAIN INTEGRATION 13
CHAPTER 4 COOPERATIVE DEFENSIVE ARCHITECTURE 15
4.1 SECURE DOMAIN 16
4.2 COMPONENTS OF A SECURE AREA 18
4.2.1 Local Agents 18
4.2.2 Functional Servers 19
4.2.3 Domain Servers 20
4.2.4 Secure Area Manager 21
4.3 INTRA-DOMAIN INTEGRATION 23
4.4 INTER-DOMAIN INTEGRATION 24
CHAPTER 5 SYSTEM IMPLEMENTATION 26
5.1 DATA COMMUNICATIONS 26
5.2 TRANSMISSION DESIGN 33
5.3 APPLICATION SCENARIOS 36
5.3.1 Backdoor Attacks 37
5.3.2 Scanning Attacks 39
5.3.3 Scanning Attacks Captured through Cooperation 39
CHAPTER 6 SYSTEM EVALUATION 42
6.1 ENVIRONMENT OF THE SIMULATION 42
6.2 PERFORMANCE EVALUATION 44
6.2.1 Information Exchange Test 44
6.2.2 MTD Size Test 46
6.2.3 Blacklist Entry Size Test 47
CHAPTER 7 CASE STUDY: COOPERATIVE INTRUSION PREVENTION SYSTEM 48
7.1 CHALLENGES OF IPS AND CURRENT SOLUTIONS 48
7.2 CIPS ARCHITECTURE 50
7.2.1 Two-step intrusion detection and prevention 50
7.2.2 Defensive Information Exchange 52
7.2.3 Event Analysis Algorithm 54
7.2.4 Traffic Classification Algorithm 55
7.3 SYSTEM EVALUATION OF CIPS 57
7.3.1 Environment of the Simulation 57
7.3.2 Performance Evaluation of CIPS 59
7.4 SUMMARY OF CIPS 65
CHAPTER 8 CASE STUDY: HONEYANOLE 66
8.1 PROBLEMS OF DECEPTION DEPLOYMENT AND CURRENT SOLUTIONS 66
8.2 THE HONEYANOLE SYSTEM 68
8.3 SYSTEM EVALUATION OF HONEYANOLE 72
8.3.1 Connection Latency Test 73
8.3.2 Service Support Test 74
8.3.3 Other Detection Tests 74
8.4 SUMMARY OF HONEYANOLE 75
CHAPTER 9 CONCLUSION AND FUTURE WORK 76
REFERENCES 79
[1]C. Johnson, L. P. Scanlon, K. Kimberland, and J. Cherry, "2005 eCrime Watch Survey", CSO magazine / CERT Coordination Center 2006.
[2]H. S. Venter and J. H. P. Eloff, "A Taxonomy for Information Security Technologies", Computers & Security, vol. 22, pp. 299-307, 2003.
[3]R. Zalenski, "Firewall Technologies", IEEE Potentials, vol. 21, pp. 24-29, 2002.
[4]S. Axelsson, "Intrusion Detection Systems: A Survey and Taxonomy", Chalmers Univ. Technical Report 99-15, 2000.
[5]C. Ying, A. Tsa, and H. Yu, "Vulnerability Assessment System (VAS)", in Proceedings of IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, Taipei, 2003, pp. 414-421.
[6]P. Dotti and O. Rees, "Protecting the Hosted Application Server", in Proceedings of IEEE 8th International Workshops on, Stanford, CA, 1999, pp. 164-167.
[7]Z. Feng, Z. Shijie, Q. Zhiguang, and L. Jinde, "Honeypot: a Supplemented Active Defense System for Network Security", in Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, Chengdu, China, 2003, pp. 231-235.
[8]M. Curtin, "Introduction to Network Security", Kent Information Services, Inc 1997.
[9]H. Debar, D. A. Curry, and B. S. Feinstein, "The Intrusion Detection Message Exchange Format (IDMEF)", RFC 4765, Network Working Group 2007.
[10]S. Garfinkel and G. Spafford, Practical Unix & Internet Security, Third ed. USA: O''Reilly & Associates, Inc, 2003.
[11]W. Cheswick, S. Bellovin, and A. Rubin, Firewalls and Internet Security, second ed. New York: Addison-Wesley, 2003.
[12]E. D. Zwicky, S. Cooper, and D. B. Chapman, Building Internet Firewalls, second ed. USA: O''Reilly & Associates, Inc., 2000.
[13]Y. Bai and H. Kobayashi, "Intrusion Detection Systems: Technology and Development", in 17th International Conference on Advanced Information Networking and Applications, Xi''an, 2003, pp. 710-715.
[14]R. A. Kemmerer and G. Vigna, "Intrusion Detection: A Brief History and Overview", Computer, vol. 35, pp. 27-30, 2002.
[15]R. G. Bace, "Intrusion Detection / Rebecca Gurley Bace", Macmillan Technical Publishing 2000.
[16]D. E. Denning, "An Intrusion-Detection Model", IEEE Transactions on Software Engineering, vol. SE-13, pp. 222-232, 1987.
[17]N. Ierace, C. Urrutia, and R. Bassett, "Intrusion Prevention Systems", ACM, Ubiquity archive, vol. 6, 2005.
[18]NSS_Group, "Intrusion Prevention Systems (IPS)", NSS Group, http://www.nss.co.uk, 2004.
[19]N. Desai, "Intrusion Prevention Systems: the Next Step in the Evolution of IDS", http://www.securityfocus.com/infocus/1670,, 2003.
[20]K. Scarfone and P. Mell, "Guide to Intrusion Detection and Prevention Systems (IDPS)", NIST Report Number: 800-94, 2007.
[21]Z. Xinyou, L. Chengzhong, and Z. Wenbin, "Intrusion Prevention System Design", in The Fourth International Conference on Computer and Information Technology, 2004, pp. 386-390.
[22]C.-C. Wu, S.-H. Wen, N.-F. Huang, and C.-N. Kao, "A Pattern Matching Coprocessor for Deep and Large Signature Set in Network Security System", in Global Telecommunications Conference, 2005.
[23]Y. H. Cho and W. H. Mangione-Smith, "Deep Packet Filter with Dedicated Logic and Read Only Memories", in 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2004, pp. 125-134.
[24]McAfee, "Host and Network Intrusion Prevention - Competitors or Partners", McAfee, Inc. 6-NPS-NIP-002-0205, 2005.
[25]D. Sequeira, "Intrusion Prevention Systems- Security''s Silver Bullet", Business Communications Review, vol. 33, pp. 36-41, 2003.
[26]C. Lanzilotta and A. Shah, "Avoiding Costly Outages with Intrusion Prevention", Ernst & Young, LLP. 2006.
[27]K. G. Labbe, N. C. Rowe, and J. D. Fulp, "A Methodology for Evaluation of Host-Based Intrusion Prevention Systems and Its Application", in 2006 IEEE Information Assurance Workshop, 2006, pp. 378-379.
[28]Y.-M. Chen and Y. Yang, "Policy Management for Network-Based Intrusion Detection and Prevention", in Network Operations and Management Symposium. vol. 2, 2004, pp. 219-232.
[29]S. Chen, J. Xu, Z. Kalbarczyk, and R. K. Iyer, "Security Vulnerabilities: From Analysis to Detection and Masking Techniques", in Proceedings of the IEEE, 2006, pp. 407-418.
[30]G. A. Mallah and Z. A. Shaikh, "Vulnerability Assessment Through Mobile agents", in E-Tech 2004, 2004, pp. 92-96.
[31]M. Kwon, J. Hong, and Y. Cho, "Ethernet Wrapper: Extension of the TCP Wrapper", in Proceedings of Eighth International Conference on Parallel and Distributed System, Kyongju City, 2001, pp. 573 - 580.
[32]R. Tber, "A Practical Comparison of Low and High Interactivity Honeypots", in Information Security Institute. vol. Master Australia Queensland University of Technology, 2005, p. 51.
[33]H. Artaila, H. Safab, M. Sraja, I. Kuwatlya, and Z. Al-Masria, "A Hybrid Honeypot Framework for Improving Intrusion Detection Systems in Protecting Organizational Networks", Comuters & Security, vol. 25, pp. 274-288, 2006.
[34]R. McGrew, "Experiences with Honeypot Systems: Development, Deployment, and Analysis", in HICSS ''06. Proceedings of the 39th Annual Hawaii International Conference on 2006, pp. 220a-220a.
[35]F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, "Honeypot Forensics, Part I: Analyzing the Network", IEEE Security & Privacy, vol. 2, pp. 72-78, Jul-Aug 2004.
[36]F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, "Honeypot Forensics, Part II: Analyzing the Compromised Host", IEEE Security & Privacy, vol. 2, pp. 77-80, Sep-Oct 2004.
[37]A. Chuvakin, "Honeynets: High Value Security Data", in Network Security. vol. 2003, 2003, pp. 11-15.
[38]KasperskyLab, "Kaspersky Corporate Suite", 2006.
[39]R. Ptak, "Symantec: Information Integrity and the Enterprise Executive Suite", 2004.
[40]CiscoSystems, "Cisco Security Management Suite", 2006.
[41]T. Buchheim and M. Erlinger, "Implementing the Intrusion Detection Exchange Protocol", in Proceedings 17th Annual of Computer Security Applications Conference, New Orleans, 2001, pp. 32-41.
[42]B. S. Feinstein, G. A. Matthews, and J. C. C. White, "The Intrusion Detection Exchange Protocol", RFC 4767, Network Working Group 2007.
[43]FIRST, "Forum of Incident Response and Security Teams", http://www.first.org/.
[44]DShield, "Dshield.org", http://www.dshield.org.
[45]SANS, "Computer Security Education and Information Security Training", http://www.sans.org/.
[46]CSIRT, "Computer Security Incident Response Teams", http://www.csirt.org/.
[47]W.-Y. Hsin, S.-S. Tseng, and S.-C. Lin, "A Study of Alert-Based Collaborative Defense", in Proceedings of the 8th International Symposium on ISPAN 2005, 2005, p. 6 pp.
[48]T. Bray, J. Paoli, and F. Yergeau, "Extensible Markup Language 1.0", Third ed http://www.w3.org/TR/2004/REC-xml-20040204/, 2004.
[49]M. T. Rose, "The Blocks Extensible Exchange Protocol Core (RFC 3080)", IETF Network Working Group 2001.
[50]J. G. Myers, "Simple Authentication and Security Layer (RFC 2222)", IETF Network Working Group 1997.
[51]T. Dierks and C. Allen, "The TLS Protocol Version 1.0 (RFC 2246)", IETF Network Working Group 1999.
[52]M. Roesch, "Snort Sourcefire", 1998.
[53]P. Mell, V. Hu, R. Lippmann, J. Haines, and M. Zissman, "An Overview of Issues in Testing Intrusion Detection Systems", National Institute of Standard and Technology Technical Report NIST IR 7007, 2005.
[54]G. Young and J. Pescatore, "Magic Quadrant for Network Intrusion Prevention System Appliances, 2H06", Gartner, Inc Report Number: G00144735, 2006.
[55]K. Xinidis, I. Charitakis, S. Antonatos, K. G. Anagnostakis, and E. P. Markatos, "An Active Splitter Architecture for Intrusion Detection and Prevention", IEEE Transactions on Dependable and Secure Computing, vol. 3, pp. 31-44, 2006.
[56]J. Huang, "Network Processor Design", in Proceedings of 5th International Conference on ASIC, 2003, pp. 26-33.
[57]W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok, "Toward Cost-Sensitive Modeling for Intrusion Detection and Response", Computer Science, Columbia University Technical Report CUCS-002-00, 2000.
[58]M. E. Locasto, K. Wang, A. D. Keromytis, and S. J. Stolfo, "FLIPS: Hybrid Adaptive Intrusion Prevention", in Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection, 2005.
[59]DFN-CERT, "European Network of Affined Honeypots - Survey on the State-of-the-Art", Report Number: D0.1, 2005.
[60]N. Krawetz, "Anti-Honeypot Technology", in IEEE Security & Privacy. vol. 2, 2004, pp. 76-79.
[61]S. Mukkamala, K. Yendrapalli, R. Basnet, M. K. Shankarapani, and A. H. Sung, "Detection of Virtual Environments and Low Interaction Honeypots", 2007, pp. 92-98.
[62]P. Defibaugh-Chavez, R. Veeraghattam, M. Kannappa, S. Mukkamala, and A. H. Sung, "Network Based Detection of Virtual Environments and Low Interaction Honeypots", in Proceedings of the 2006 IEEE SMC, Workshop on Information Assurance, 2006, pp. 283-289.
[63]X. Fu, W. Yu, D. Cheng, X. Tan, K. Streff, and S. Graham, "On Recognizing Virtual Honeypots and Countermeasures", 2006, pp. 211-218.
[64]N. C. Rowe, "Measuring the Effectiveness of Honeypot Counter Counterdeception", in HICSS ''06. Proceedings of the 39th Annual Hawaii International Conference on 2006.
[65]T. Holz and F. Raynal, "Detecting Honeypots and Other Suspicious Environments", 2005, pp. 29-36.
[66]M. A. Davis, "Sebek", 3.0.4 ed New York, USA The Honeynet project, 2003.
[67]M. Dornseif, T. Holz, and C. N. Klein, "NoSEBrEaK - Attacking Honeynets", 2004, pp. 123-129.
[68]L. Carter, "Setting Up a Honeypot Using a Bait and Switch Router", SANS'' Information Security Reading Room, 2004.
[69]G. Yang, C.-M. Rong, and L. Peng, "A Novel Approach for Redirecting Module in Honeypot Systems", The Journal of China Universities of Posts and Telecommunications, vol. 12, 2005.
[70]P. Russell, "iptables", netfilter, http://www.netfilter.org/, 2007.
[71]M. Roesch, "Snort", Snort Sourcefire, 2007.
[72]R. Chandran and S. Pakala, "Simulating Networks with Honeyd", 2003.
[73]Honeytrap, "The Honeytrap Project", http://honeytrap.mwcollect.org/, 2007.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top