(3.237.20.246) 您好!臺灣時間:2021/04/17 15:42
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:林韋成
研究生(外文):Wei-Cheng Lin
論文名稱:User-based行為探勘及異常行為偵測機制之設計
論文名稱(外文):The Design of User-based Behavior Miner and Anomaly Detection Mechanism
指導教授:伍麗樵伍麗樵引用關係
指導教授(外文):Lih-Chyau Wuu
學位類別:碩士
校院名稱:國立雲林科技大學
系所名稱:電子與資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:中文
論文頁數:97
中文關鍵詞:來源端防禦流量調節資料探勘異常偵測網路型入侵偵測系統
外文關鍵詞:Traffic throttleSource-end defenseAnomaly detectionNetwork intrusion detection systemData mining
相關次數:
  • 被引用被引用:0
  • 點閱點閱:191
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:29
  • 收藏至我的研究室書目清單書目收藏:1
近年來,網際網路的應用不斷進展,人們的日常生活與電腦網路產生了密不可分的關係;同時,網際網路的攻擊事件也日益嚴重,各式的入侵防禦機制也因應而生。目前大部份的異常偵測系統皆以一個正常網路的Baseline做為異常偵測的準則;但此Baseline並不能完全代表不同使用者的行為,所以我們提出以各使用者平常的行為習性做為偵測的依據,並在網路端口佈署User-based Anomaly Detector以偵測行為異常的User;為了實現這個系統,本篇論文設計(1)以AAA伺服器控管使用者身份;(2)利用資料探勘之技術,設計一探勘器(Miner)以發掘User的正常行為的樣本;(3)設計異常偵測器(Anomaly detector),結合探勘器所得到之正常行為的樣本,使其具有即時偵測使用者異常行為之能力;(4)實現可調式之流量控管,保障合法使用者應有的網路頻寬。
Recently, Internet applications have been developed rapidly that bring people new life style. At the same time, maliciocus activities occur on the Internet that many defense mechanisms are proposed to prevent the enterprise systems from illegal intrusion. Many anomaly detection systems assume a baseline of normal network to detect intrusion activities, but such a baseline represents the behavior of a group not individual. We implement the following four functions to make the anomaly detection based on behavior of individual user to cause high wrong. (a)Identify legal user by AAA server. (b)Monitor and analyze the network behavior for each user to mine his/her normal behavior pattern. (c)Design an anomaly detector with normal behavior pattern of each user to detect anomaly events. (d)Construct a flow control mechanism to provide the bandwidth for legal users.
中文摘要
英文摘要
誌 謝
目 錄
圖目錄
表目錄
一、 緒論
1.1 研究動機
1.2 網路型入侵偵測系統(Network-based Intrusion Detection System)
1.2.1 誤用偵測(Misuse detection)
1.2.2 異常偵測(Anomaly detection)
1.3 研究目的
1.4 論文架構
二、 相關研究
2.1 AAA協定
2.2 以IP位址為驗證公鑰之封包簽章機制
2.3 CBQ(Class-based Queuing)頻寬管理機制
2.4 資料探勘技術
2.4.1 關聯規則(Association rule)
2.5 應用資料探勘技術於異常偵測之相關文獻
三、 User-based行為探勘與異常偵測系統之概觀
3.1 系統架構
3.2 系統運作概觀
3.2.1 系統初始化階段
3.2.2 使用者身份認證階段
3.2.3 學習階段
3.2.4 偵測階段
四、 各子系統運作原理
4.1 FreeRADIUS
4.1.1 操作概念
4.1.2 設計方式
4.2 User-based 行為探勘器 (User-based Behavior Miner,UBM)
4.2.1 操作概念
4.2.2 設計方式
4.3 User-based 行為異常偵測器 (User-based Behavior Anomaly Detector,UBAD)
4.3.1 操作概念
4.3.2 設計方式
五、 實驗結果
5.1 探勘正常行為樣本
5.1.1 正常行為樣本分析
5.1.2 探勘正常行為樣本效能評估
六、 結論與未來研究方向
6.1 結論
6.2 未來研究方向
參考文獻
[1]IEEE Std 802.11, “Wireless Lan Medium Access Control (MAC) And Physical Layer (PHY) Specifications”, IEEE Std 802.11, 1997.
[2]Mtthew S. Gast, “802.11 Wireless Networks: The Definitive Guide”, O’Reilly & Associates Inc., 2002.
[3]IEEE std 802.16, “Coexistence of Fixed Broadband Wireless Access Systems”, April 2002.
[4]IEEE std 802.16a, “Air Interface for Fixed Broadband Wireless Access Systems”, January 2003.
[5]Wuu, L.C., Chen, Y.H., “A Practice of the Intrusion Prevention System”, IEEE International Conference on TENCON 2007, TAIWAN.
[6]H. Han, X.L. Lu, J. Lu, C. Bo, and R.L. Yong, “Data Mining Aided Signature Discovery in Network-based Intrusion Detection System”, ACM SIGOPS Operating Systems Review, Volume 36 Issue 4, October 2002, pp.7-13.
[7]W. Lee and S.J. Stolfo, “Data mining approaches for intrusion detection”, 7th USENIX Security Symposium, 1998, pp.79-94.
[8]W. Lee, S.J. Stolfo, K.W. Mok, “A data mining framework for building intrusion detection models”, IEEE Symposium on Security and Privacy, 1999, pp.120-132.
[9]W. Lee, “A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems”, PhD thesis, Columbia University, June 1999.
[10]W. Lee, S.J. Stolfo, K.W. Mok, “Data mining in work flow environments: Experiences in intrusion detection”, ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD-99), August 1999, pp.114-124.
[11]W. Lee, S.J. Stolfo, P. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, J. Zhang, “Real Time Data Mining-based Intrusion Detection”, IEEE Second DARPA Information Survivability Conference and Exposition, 2001, pp.I85-100.
[12]J. Ayres, J. Flannick, J. Gehrke and T. Yiu, “Sequential PAttern Mining using a bitmap representation”, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 2002.
[13]R. Agrawal, R. Srikant, “Fast Algorithms for Mining Association Rules”, 20th Int''l Conference on Very Large Databases(VLDB), September 1994, pp.487-499.
[14]R. Srikant, R. Agrawal, “Mining Generalized Association Rules”, 21th Int''l Conference on Very Large Databases, September 1995, pp. 407-419.
[15]R. Agrawal and R. Srikant, “Mining sequential patterns”, in Proceedings of the Eleventh International Conference on Data Engineering (ICDE), 1995, pages 3–14.
[16]R. Agrawal and R. Srikant, “Mining sequential patterns: Generalizations and performance improvements”, in Proceedings of the Fifth International Conference on Extending Database Technology (EDBT), vol.1057, 1996, pp.3–17.
[17]J. Pei, J. Han, B. Mortazavi-Asl, H. Pinto, Q. Chen, U.Dayal, and M.-C. Hsu, “PrefixSpan: Mining sequential patterns efficiently by prefix projected pattern growth”, In Proceedings of the 17th International Conference on Data Engineering (ICDE), 2001, pp.215–224.
[18]B. D. Kang, J. W. Lee, J. H. Kim, O. H. Kwon, C.Y. Seong and S.K. Kim, “An intrusion detection system using principal component analysis and time delay neural network”, Proceedings of 7th International Workshop on Enterprise networking and Computing in Healthcare Industry, June 2005, pp.442–445
[19]D. S. Kim, H. N. Nguyen and J. S. Park, “Genetic algorithm to improve SVM based network intrusion detection system”, 19th International Conference on Advanced Information Networking and Applications, Vol.2, March 2005, pp.155 - 158.
[20]S. M. Bridges, “Fuzzy Data Mining And Genetic Algorithms Applied To Intrusion Detection”, 23rd National Information Systems Security Conference, October 2000.
[21]FreeRADIUS Team, “FreeRADIUS” ,http://freeradius.org/,
[22]伍麗樵、詹士賢,2005, “入侵偵測系統之IP Tracaback機制”,2005 Workshop on Wireless, Ad Hoc, and Sensor Networks, TAIWAN.
[23]Chyouhwa Chen, Huei-Wen Ferng, Jun-Chuan Chen, Hao-Lun Chin, and David Shiung, “A Class-Based Queueing Service for IEEE 802.11e Wireless Networks”, IEEE 2004
[24]S. Floyd and V. Jacobson, “Link-Sharing and resource management models for packet networks”, IEEE/ACM Transactions on Networking, August 1995.
[25]KJ. Loh, I. Gui and KC. Chua, “Performance of a Linux Implementation of Class Based Queueing”, Computer Communications and Networks Proceeding, October 1998.
[26]IEEE std 802.1x, “Port-based Network Access Control”, 2004.
[27]Matthew Gast. , “802.11 Wireless Networks: The Definitive Guide”, O’ RELLY
[28]Bert Hubert et al., “Linux Advanced Routing and Traffic Control HOWTO”, http://lartc.org/
[29]Paul E. McKenney, “Stochastic Fairness Queueing”, IEEE 1990
[30]Wu-chang Feng, et al., “Stochastic Fair Blue A Queue Management Algorithm for Enforcing Fairness”, IEEE INFOCOM 2001
[31]Jiawei Han, Micheline Kamber, “Data Mining: Concepts and Techniques”, Morgan Kaufmann Publishers, March 2006.
[32]R. Agrawal, T. Imielinski and A. Swami(1993), “Mining Association Rules between Sets of Items in Large Database,” ACM, pp.207-216.
[33]R. Agrawal and R. Srikant(1994), “Fast Algorithm for Mining Association Rules in Large Databases,” Proceeding of the 20th International Conference on Very Large Data Bases, September, pp487-499.
[34]J. Han, J. Pei, and Y. Yin (2000), “Mining Frequent Patterns without Candidate Generation”, Proc. 2000 ACM-SIGMOD Int’l Conf. Management of Data (SIGMOD ’00), May 2000, pp. 1-12.
[35]Winpcap, ” WinPcap: The Windows Packet Capture Library” http://www.winpcap.org/
[36]Transmission Control Protocol , “RFC 793 (rfc793) - Transmission Control Protocol”, RFC 793
[37]J.Zheng, M.Z.HU, H.L.Zhang , “A New Method of Data Preprocessing and Anomaly Detection”, Proceedings of the Third International Conference on Machine Learning and Cybernetics, Shanghai, 26-29 August 2004
[38]HainingWang, Danlu Zhang, and Kang G. Shin. “Detecting SYN Flooding attacks.” In Proceedings of IEEE Infocom’2002, June 2002.
[39]Jian Kang, Zhe Zhang, Jiu-bin Ju, “Protect E-commerce against DDoS Attacks with Improved D-WARD Detection System” , IEEE International Conference on e-Technology, e-Commerce and e-Service, March 2005
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊
 
系統版面圖檔 系統版面圖檔