跳到主要內容

臺灣博碩士論文加值系統

(3.235.227.117) 您好!臺灣時間:2021/07/28 04:01
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:黃煦宸
研究生(外文):Huang, Syuchen
論文名稱:運用隱藏式貝氏分類器壓縮網路鑑識資料
論文名稱(外文):Forensic Data Reduction In Probabilistic Packet Marking Using Hidden Naive Bayes
指導教授:鄭伯炤
口試委員:孫宏民唐文祥陳煥鄭伯炤
口試日期:2012-07-27
學位類別:碩士
校院名稱:國立中正大學
系所名稱:通訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2012
畢業學年度:100
語文別:中文
論文頁數:76
中文關鍵詞:鑑識機率性封包標記資料壓縮隱藏式貝氏分類器
外文關鍵詞:forensicprobabilistic packet markingdata reductionhidden naive bayes classifier
相關次數:
  • 被引用被引用:0
  • 點閱點閱:328
  • 評分評分:
  • 下載下載:5
  • 收藏至我的研究室書目清單書目收藏:0
網路鑑識為網路安全的基本要素之一,目的是找出攻擊者的位址與攻擊源頭。當捕抓到封包時,為了要保存證據,因此巨大的儲存量需求成為了一個必須克服的議題。在本文章中,我們提出以隱藏式貝氏(Hidden Naive Bayes, HNB)為基礎的分類器將所有進入的封包分別分類至正常與可疑封包。此外,我們也將整合隱藏式貝氏分類器與機率封包標記(Probabilistic Packet Marking, PPM),此為目前眾所皆知的IP追朔解決方案。最後經由實驗結果證明,我們所提出的方法有能力減少儲存量,同時能維持高的鑑識精準度。
Network forensics is an essential security component to pinpoint the location and root cause of security attacks. To preserve the evidences after capturing packets, a huge storage requirement becomes a challenge which must be overcome. In this paper, we propose a Hidden Naive Bayes (HNB) based classifier to classify all incoming packets as normal or suspicious packets. Further, we also show the integration between the proposed classifier and probabilistic packet marking (PPM), which is an well known IP trace back solution. The experiments show that our proposed approach is able to reduce the storage amount while maintaining high forensic accuracy.
誌謝辭 I
中文摘要 II
ABSTRACT III
目錄 IV
圖目錄 VI
表目錄 VIII
第一章 簡介 1
1.1 研究背景 1
1.2 研究目的 4
1.3論文架構 7
第二章 理論背景與文獻探討 8
2.1網路鑑識模型 8
2.2 網路鑑識技術 12
2.2.1主動性的防禦 13
2.2.2被動性的防禦 15
2.3 資料縮減技術 23
2.3.1無學習機制的資料縮減技術 23
2.3.2有學習機制的資料縮減技術 23
2.4相關文獻之比較 33
第三章 HNB BASED FORENSIC MODEL 35
3.1 HNB BASED FORENSIC MODEL系統架構概述 35
3.2 TRAINING PHASE 37
3.3 CLASSIFICATION PHASE 41
3.3.1 Storage Temporary File 41
3.3.2 Preprocessor 41
3.3.3隱藏式貝氏分類器(HNB Classifier)[31] 42
3.4 TRACING PHASE 46
第四章 實驗與結果分析 47
4.1 實驗環境 47
4.2 實驗結果分析 51
4.2.1 Performance Evaluation on Classification Accuracy 52
4.2.2 Performance Evaluation on Data Reduction Ratio 56
4.2.3 Performance Evaluation on Convergence Time 58
第五章 結論與未來展望 60
參考文獻 62
作者簡介 66

[1]P. Passeri, April 2012 Cyber Attacks Statistics, May 2012, Available: http://hackmageddon.com/2012/05/06/april-2012-cyber-attacks-statistics/ .
[2]Cisco, Cisco Visual Networking Index: Forecast and Methodology, 2010–2015, June 2011, Available: http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-481360_ns827_Networking_Solutions_White_Paper.html .
[3]Cisco, Cisco Visual Networking Index: Global Mobile Data Traffic Forecast Update, 2011–2016, February 2012, Available: http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-520862.html .
[4]A. Shahzad, R. Naseem, F. Aadil and S. Khayyam, Trends in defensive techniques against Denial of Service (DoS) Attacks, Canadian Journal on Network and Information Security, vol. 1, no. 1, April 2010.
[5]A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent and W. Strayer, Hash-Based IPTraceback, SIGCOMM, 2001.
[6]S. Bellovin, Internet Draft: ICMP Traceback Messages, technical report, Network Working Group, Mar 2000.
[7]S. Savage, D. Wetherall, A. Karlin and T. Anderson, Practical Network Support for IP Traceback, in Proceedings of ACM SIGCOMM, 2000.
[8]F.R. Van Staden and H.S. Venter, Adding digital forensic readiness to the email trace header, Information Security for South Africa (ISSA), 2010.
[9]Y. Xie, V. Sekar, D. Maltz, M.K. Reiter and H. Zhang, Worm origin identification using random moonwalks, in Proc. of IEEE Symposium on Security and Privacy, May 2005.
[10]FBI, Proposed Standards for the Exchange of Digital Evidence, April 2000, Available: http://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/april2000/swgde.htm/ .
[11]W. WenQi and L. Weiguang, The Research on Forensic Model Based Network, 2009 Second International Workshop on Computer Science and Engineering, vol. 1, pp.119-122, 2009.
[12]A.C. Snoeren et al., Single Packet IP Trace back, IEEE/ACM Trans. Net., vol. 10, pp. 721–34, Dec. 2002.
[13]H. Tsunoda, T. Tochiori, Y. Waizumi, N. Kato, Y. Nemoto, Improving the Efficiency of Dos Trace back Based on the Enhanced Itrace-Cp Method for Mobile Environment (Invited Paper), Communications and Networking in China, pp. 680 - 685, August 2008.
[14]A. Belenky and N. Ansari, IP Traceback with Deterministic Packet Marking, IEEE Commun. Lett., vol. 7, no. 4, pp.162–64, Apr. 2003.
[15]Z. Gao, N. Ansari, Tracing Cyber Attacks from the Practical Perspective, IEEE Communications Magazine, vol. 43, Issue 5, pp. 123–131, May 2005.
[16]Z. Xu, H. Hsu, X. Chen, S. Zhu and A. Hurson, AK-PPM: An Authenticated Packet Attribution Scheme for Mobile Ad Hoc Networks, To appear in Proceedings of The 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2012.
[17]S.M.I. Alam and S. Fahmy, Energy-efficient provenance transmission in large-scale wireless sensor networks, in Proc. of IEEE International Workshop on D-SPAN, 2011.
[18]J.R. Quinlan, Induction of decision trees, Mach. Learning, vol. 1, no. 1, pp. 81-106, Mar. 1986.
[19]J.R. Quinlan. C4.5: Programs for Machine Learning, San Francisco: Morgan Kaufmann Publishers, 1993.
[20]J.A. Hertz, A. Krogh, and R.G. Palmer, Introduction to the Theory of Neural Computation, New York: Addison-Wesley, 1981.
[21]J.A. Freeman and D.M. Skapura, Neural Networks Algorithms Applications and Programming Techniques, Addison-Wesley, Reading, Michigan, 1992.
[22]謝邦昌,類神經網路概述及實例,http://140.136.11.11/Teachonline/謝邦昌/DOWNLOAD/neural.doc,擷取於2006年6月。
[23]J. Pearl, Bayesian Networks: A Model of Self-Activated Memory for Evidential Reasoning. In Proceedings of the Cognitive Science Society (CSS-7), 1985.
[24]Wiki, Bayesian network, Available: http://en.wikipedia.org/wiki/Bayesian_network .
[25]UCI, UCI Machine Learning Repository Iris Data Set, Available: http://archive.ics.uci.edu/ml/datasets/Iris/ .
[26]D.M. Chickering, Learning Bayesian Networks is NP-Complete, Learning from Data: Artificial Intelligence and Statistics V, D. Fisher and H. Lenz, eds., pp. 121-130, Springer-Verlag, 1996.
[27]N. Friedman, D. Geiger and M. Goldszmidt, Bayesian Network Classifiers, Machine Learning, vol. 29, pp. 131-163, 1997.
[28]S. Benferhat, A. Boudjelida and H. Drias, An Intrusion Detection Approach Based on Tree Augmented Naive Bayes and Expert Knowledge, MAICS 2010 Program.
[29]Z.H. Wang, H.K. Huang and L.P. Jing, Text Classification Based on the TAN Model, IEEE Proceeding TENCON’02, 2002.
[30]L.M. Chen, M.C. Chen, Y.S. Sun, M, Hsiao, V, Sekar and H, Zhang, Scalable Long-term Network Forensics for Epidemic Attacks, IEEE First International Conference on Network and Service Security (N2S), 2009.
[31]L. Jiang, H. Zhang and Z. Cai, A novel bayes model: Hidden naive bayes, Knowledge and Data Engineering, IEEE Transactions on, vol. 21, pp. 1361-1371, December 2008.
[32]S. Pukkawanna, P. Pongpaibool and V. Visoottiviseth, LD2: A System for Lightweight Detection of Denial-Of-Service Attacks, In Proc. of MILCOM 2008, Conventional Center, San Diego, CA, USA, 17-19 November, 2008.
[33]Kdd cup 99 intrusion detection data set, Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html .
[34]S. Vodithala, S. Nagaraju and V.C. Shekhar Rao, A Resolved IP Traceback through Probabilistic PacketMarking Algorithm, International Journal of Computer Science and Telecommunications, vol 2, Issue 7, October 2011.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top