跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.89) 您好!臺灣時間:2024/12/04 19:43
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳奕璋
研究生(外文):Yi-Chang Chen
論文名稱:以多變量常態模式偵測網際網路惡意攻擊流量之研究
論文名稱(外文):A Study of Detecting Malicious Network Attack Using Multivariate Normal Model Analysis
指導教授:蕭漢威蕭漢威引用關係
指導教授(外文):Han-Wei Hsiao
學位類別:碩士
校院名稱:國立高雄大學
系所名稱:資訊管理學系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
論文頁數:47
中文關鍵詞:網路攻擊異常偵測多變量常態模型入侵偵測網路安全
外文關鍵詞:Network attackAnomaly detectionMultivariate normal modelIntrusion detectionNetwork security
相關次數:
  • 被引用被引用:0
  • 點閱點閱:259
  • 評分評分:
  • 下載下載:2
  • 收藏至我的研究室書目清單書目收藏:0
網際網路己成為目前社會上不可或缺的一部份,除了傳統訊息公佈的功能外, 有各式各樣在過去無法想像的創新應用也不斷的被發展。但是隨著這部份的技術 持續發展,也有許多在過去我們無法想像的負面效用產生,其中惡意網路攻擊就 是其中最值得我們重視的議題之一,近年來己有許多研究報告與相關數據報告指 出,網路惡意攻擊己經造成許多企業嚴重的損失,更令人憂心的是這類的網路惡 意攻擊所採用的技術不斷的推陳出新,而目前的網路防禦機制大多皆以目前己經 存在的各式網路攻擊特徵為樣本,對於新興未知的攻擊方式則探討較少,目前大 多數的偵測系統對於未知攻擊都無法有很好的防禦效力,並且目前的網路範圍與 頻寬皆比過去提昇了許多,對於一種未知的異常事件或是新型態的攻擊手法在網 路上發生時,在我們將防禦系統更新之前很可能就己造成大規模的損害。有鑑於 此,本研究實際以 NetFlow 為基礎彙整了11項具代表性的流量變數,提出一個 以多變量常態模式為基礎的偵測方法,希望利用統計的技術建立正常網路傳輸流 量之行為概況,以偵測網路上異常或惡意攻擊行為的發生。本研究長期蒐集了學 術網路所使用的正常網路流量資料並於現行網路上建立一個快速的偵測系統,以 目前既有的 8 種網路攻擊異常事件實證本研究所提出的偵測模式,結果在網路發 生惡意網路攻擊事件時能有很好的偵測反應,並希望能藉由本研究的成果在未來 能於新型態網路攻擊事件發動時,提供網路管理人員更多更為重要的異常事件的 判斷依據。
Internet has becoming an important platform in our modern world, except the traditional usage of sharing information to other users, there are also a lot of innovative applications being deployed. However, with the rapid development of Internet technology, it causes many negative effects. Among them, the impact of malicious network attack is one of the issues which people care about the most. Many researches have mentioned network attack cause a serious damage to many enterprises in recent years. The more anxious situation is that the techniques of Internet attacks continuing to emerge. The major methods of intrusion prevention based on using existing attacks signature as training examples; however, this kind of prevent system can detect the existing attack method but they cannot have good performance to detect the new kind or unknown Internet malicious behaviors. Moreover, the network bandwidth and range of Internet become more and more large than past world. It may cause serious damage when encounter a new and unknown attack or an anomaly event. This research generalize 11 typical network traffic variables based on NetFlow network traffic data and propose a new network attack detection module using multivariate normal distribution model. The statistical technique can build a profile of normal network traffic behavior for detecting the malicious network attacks and anomaly events in real time. Our research collected a long term normal network traffic data and built a detection system. We also use 8 existing network attack method and anomaly event to evaluate the performance of our network attack detection module. When malicious network attacks occur, our module have well performance. We hope the result of this research can help network security managers to quickly and effectively detect new kind of Internet malicious events.
1.緒論
1.1 研究背景
1.2 研究動機
1.3 研究目的
2.文獻探討
2.1 異常偵測
2.2 網路異常的種類與事件
2.3 網路異常之相關偵測技術
2.4 NetFlow 資料簡介
3.異常偵測方法與系統架構
3.1 異常偵測系統架構
3.2 實驗變數
3.3 多變量常態分配
3.4 Hotelling's T-Square 檢定
4.實證與評估
4.1 實證方法
4.2 實驗結果
4.3 alpha值對於偵測效能之影響
4.4 正常樣本大小對於偵測效能之影響
5.結論與未來方向
1.Bacher, P., Holz, T., Kotter, M., and Wicherski, G., “Know Your Enemy: Tracking Botnets (using honeynets to learn more about bots),” 2008; http://www.honeynet.org/book/export/html/50.
2.Barbara, D., Couto, J., Jajodia, S., and Wu, N., “ADAM: a testbed for exploring the use of data mining in intrusion detection,” SIGMOD Record, vol. 30, no. 4, 2001, pp. 15-24.
3.Barford, P., Kline, J., Plonka, D., and Ron, A., “A signal analysis of network traffic anomalies,” Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, ACM, 2002, pp. 71-82.
4.Barford, P., and Plonka, D., “Characteristics of network traffic flow anomalies,” Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, ACM, 2001, pp. 69-73.
5.Chandola, V., Banerjee, A., and Kumar, V., “Anomaly detection: A survey,” ACM Computing Surveys, vol. 41, no. 3, 2009, pp. 1-58.
6.Cisco, “Introduction to Cisco IOS NetFlow - A Technical Overview,” http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555 /ps6601/prod_white_paper0900aecd80406232.html.
7.Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Kumar, V., Srivastava, J., and Dokas, P., “MINDS - Minnesota Intrusion Detection System,” Next Generation Data Mining, MIT Press, 2004.
8.Hotelling, H., “The Generalization of Student's Ratio,” The Annals of Mathematical Statistics, vol. 2, no. 3, 1931, pp. 360-378.
9.Hussain, A., Heidemann, J., and Papadopoulos, C., “A framework for classifying denial of service attacks,” Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, ACM, 2003, pp. 99-110.
10.Internet Corporation For Assigned Names and Numbers, “Factsheet Root server attack on 6 February 2007,” 2007; http://www.icann.org/en/announcements/announcement-08mar07.htm.
11.Jung, J., Krishnamurthy, B., and Rabinovich, M., “Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites,” Proceedings of the 11th international conference on World Wide Web, ACM, 2002, pp. 293-304.
12.Jung, J., Paxson, V., Berger, A.W., and Balakrishnan, H., “Fast portscan detection using sequential hypothesis testing,” Proceedings. 2004 IEEE Symposium on Security and Privacy, pp. 211-225.
13.Kienzle, D.M., and Elder, M.C., “Recent worms: a survey and trends,” Proceedings of the 2003 ACM workshop on Rapid Malcode, ACM, 2003, pp. 1-10.
14.Kruegel, C., Toth, T., and Kirda, E., “Service specific anomaly detection for network intrusion detection,” Proceedings of the 2002 ACM Symposium on Applied Computing, ACM, 2002, pp. 201-208.
15.Lakhina, A., Crovella, M., and Diot, C., “Characterization of network-wide anomalies in traffic flows,” Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, ACM, 2004, pp. 201-206.
16.Lazarevic, A., Ertz, L., Kumar, V., Ozgur, A., and Srivastava, J., “A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection,” Proceedings of the Third SIAM International Conference on Data Mining, 2003.
17.Lyon, G., Nmap network scanning: official Nmap project guide to network discovery and security scanning, Insecure.Com, LLC, 2008.
18.Miniwatts Marketing Group, “Internet World Stats,” http://www.internetworldstats.com/stats.htm.
19.Mirkovic, J., and Reiher, P., “A taxonomy of DDoS attack and DDoS defense mechanisms,” SIGCOMM Computer Communication Review, vol. 34, no. 2, 2004, pp. 39-53.
20.Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., and Weaver, N., “Inside the Slammer Worm,” IEEE Security and Privacy, vol. 1, no. 4, 2003, pp. 33-39.
21.Mukherjee, B., Heberlein, L.T., and Levitt, K.N., “Network intrusion detection,” IEEE Network, vol. 8, no. 3, 1994, pp. 26-41.
22.Needham, R.M., “Denial of service: an example,” Communications of the ACM, vol. 37, no. 11, 1994, pp. 42-46.
23.Nychis, G., Sekar, V., Andersen, D.G., Kim, H., and Zhang, H., “An empirical evaluation of entropy-based traffic anomaly detection,” Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, ACM, 2008, pp. 151-156.
24.Patcha, A., and Park, J.-M., “An overview of anomaly detection techniques: Existing solutions and latest technological trends,” Computer Networks, vol. 51, no. 12, 2007, pp. 3448-3470.
25.Peng, T., Leckie, C., and Ramamohanarao, K., “Survey of network-based defense mechanisms countering the DoS and DDoS problems,” ACM Computing Surveys, vol. 39, no. 1, 2007, pp. 3.
26.Peters, S., “14th Annual CSI Computer Crime,” 2009; http://gocsi.com/node/577.
27.Ramadas, M., Ostermann, S., and Tjaden, B., “Detecting Anomalous Network Traffic with Self-organizing Maps,” Recent Advances in Intrusion Detection, Springer, 2003, pp. 36-54.
28.Sanfilippo, S., “Hping,” http://www.hping.org/.
29.Sharma, S., Applied Multivariate Techniques, Wiley, 1995.
30.Shon, T., and Moon, J., “A hybrid machine learning approach to network anomaly detection,” Information Sciences: an International Journal, vol. 177, no. 18, 2007, pp. 3799-3821.
31.Staniford, S., Hoagland, J.A., and McAlerney, J.M., “Practical automated detection of stealthy portscans,” Journal of Computer Security, vol. 10, no. 1-2, 2002, pp. 105-136.
32.Tan, P.N., Steinbach, M., and Kumar, V., Introduction to Data Mining, Addison Wesley, 2005.
33.The Apache Software Foundation, “ab - Apache HTTP server benchmarking tool,” http://httpd.apache.org/docs/2.0/programs/ab.html.
34.Trend Micro, “Trend Micro 2008 Annual Threat Roundup and 2009 Forecast,” 2009; http://us.trendmicro.com/imperia/md/content/us/pdf/threats/securitylibrary /trend_micro_2009_annual_threat_roundup.pdf.
35.Valdes, A., and Skinner, K., “Adaptive, Model-Based Monitoring for Cyber Attack Detection,” Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, Springer-Verlag, 2000, pp. 80-92.
36.Weaver, N., Paxson, V., Staniford, S., and Cunningham, R., “A taxonomy of computer worms,” Proceedings of the 2003 ACM workshop on Rapid malcode, ACM, pp. 11-18.
37.Ye, N., Emran, Chen, Q., and Vilbert, S., “Multivariate statistical analysis of audit trails for host-based intrusion detection,” IEEE Transactions on Computers, vol. 51, no. 7, 2002, pp. 810-820.
38.Yeung, D.Y., and Ding, Y., “Host-based intrusion detection using dynamic and static behavioral models,” Pattern Recognition, vol. 36, no. 1, 2003, pp. 229-243.
39. 吳宗儒, “以網路探勘技術偵測隱藏惡意網站之研究,” 國立高雄大學資訊管 理學系碩士論文, 2009.
電子全文 電子全文(本篇電子全文限研究生所屬學校校內系統及IP範圍內開放)
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊