跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.169) 您好!臺灣時間:2025/01/22 03:47
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:楊吉閔
論文名稱:使用貝式網路模型建構可調式特徵權重之警報關聯系統
論文名稱(外文):Adaptive Feature-Weighted Alert Correlation System using Bayesian Network Model
指導教授:王智弘王智弘引用關係
指導教授(外文):Chih-Hung Wang
學位類別:碩士
校院名稱:國立嘉義大學
系所名稱:資訊工程學系研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
畢業學年度:101
語文別:中文
中文關鍵詞:警報關聯貝式網路特徵權重矩陣入侵偵測系統攻擊圖
外文關鍵詞:alert correlationBayesian NetworkFeature Weight Matrixintrusion detection systemattack graph
相關次數:
  • 被引用被引用:0
  • 點閱點閱:237
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
  隨著網路及分散式計算的科技不斷的進步,雲端帶給大眾更便利的生活,雲端計算的特性也使得公司內也會架設自己的雲端服務。隨著科技的進步,在雲端環境中也出現許多新的攻擊,雲端環境和一般主機不同,一旦遭受惡意攻擊,民眾或公司的財產將面臨重大的危害。因此雲端網路安全是非常重要的,我們提出了一個使用貝式網路模型建構可調式特徵權重的警報關聯系統來防止入侵者的攻擊。
  雲端環境中有大量的資料流量,其中包含了許多惡意的封包,因此在雲端環境中會產生大量的警報,直接分析這些大量的警報資料是相當耗時,常常無法即時分析出攻擊者的攻擊策略。近年來研究的趨勢是朝向將大量的警報進行警報關聯,分析攻擊者的攻擊步驟及策略,並進一步對攻擊者接下來的動作進行回應及預防。
  在本論文中提出了一個新的警報關聯的方法,透過貝氏網路模型分析兩個不同警報型別之間的關係並建立特徵權重矩陣,根據特徵權重矩陣來選擇警報型別之間相關性高的特徵來計算關聯機率。而每次關聯結果紀錄於警報關聯矩陣內,警報關聯矩陣會在每一次關聯時更新,透過警報關聯矩陣內的資訊,我們可以分析出攻擊者的攻擊策略並建立攻擊圖。管理者可以藉由攻擊圖快速的了解攻擊者的攻擊策略,並立即做出回應。我們期望提出的警報關聯方法能實作於雲端環境中,希望面對雲端大量的資料流量及未知風險下,我們的方法也能準確並即時回應目前雲端環境的網路安全狀況。
  With the Internet and distributed computing technology advancing continuously, Cloud Computing brings more convenience for people and many companies setup their own private cloud because of the characteristics of Cloud Computing. Growing with the technology, there are many new attack techniques presented in the cloud environment. Different from the general server, once the cloud environment suffered from malicious attacks, people or companies will get caught in extreme dangers. Therefore, it is important for network security in Cloud, and we proposed the Adaptive Feature-Weighted Alert Correlation System using Bayesian Network Model to defense the attacks of intruders.
  There are many network traffic include malicious packets, thus huge amounts of alerts will be generated by the intrusion detection system. Analyzing these alert data is time-consuming and it is difficult to obtain the attack steps and strategies immediately by directly performing these analyses. In recent year, the trend of research in this area is towards alert correlation. We can analysis these alerts and obtain the attack strategies of attacker, and then response and prevent the next step of the attacker intrusion.
  In this thesis we proposed a new correlation method that employs a Bayesian Network to choose the features with high relevance and then build the Feature Weight Matrix (FWM) and adjusts the feature weights according to the statistics of Bayesian Network in a period of time. According to FWM, we choose the features of two alert types with high relevance to calculate the correlation probabilities. The correlation probability is recorded in the Alert Correlation Matrix (ACM). ACM is updated in each time correlation. Using the information in ACM, we can extract high level attack strategies and build up the attack graphs. The administrator can recognize the attack strategies of attacker and react the attack immediately.
  We expect for our proposed correlation method can be implemented in the cloud environment. Face the huge number of network traffic, we hope that our proposed method can accurately report the network security situation in real-time.
中文摘要 i
Abstract ii
誌 謝 iv
CONTENTS v
LIST OF FIGURES vii
LIST OF TABLES viii
Chapter 1. Introduction 1
1.1 Intrusion Detection System (IDS) 1
1.2 Alert Correlation 2
1.3 IDS in Cloud 3
1.4 Motivation and Organization of This Thesis 4
Chapter 2. Related Works 5
2.1 Alert Correlation Based on Neural Network 5
2.2 Alert Correlation Based on Bayesian Network 9
2.3 CloudStack 11
Chapter 3. Adaptive Feature-Weighted Alert Correlation System using Bayesian Network Model 14
3.1 Overview of the Proposed System 14
3.2 Implementation of the Proposed System 18
3.3 Improve Our Proposed System 28
Chapter 4. Experiment Results 32
4.1 DARPA 2000 Intrusion Dataset 32
4.2 Performance 36
4.3 Accuracy 36
Chapter 5. Conclusions and Future Work 38
Reference 39
[1] F. Cuppens and R. Ortalo, “Lambda: A language to model a database for detection of attacks,” Proc. Recent Advances in Intrusion Detection, 3rd International Symposium, (RAID 2000), LNCS 1907, Springer-Verlag, Toulouse, France, Oct. 2000, pp. 197-216.

[2] S. T. Eckmann, G. Vigna, and R. A. Kemmerer, “STATL: an attack language for state-based intrusion detection,” Journal of Computer Security, vol. 10, no. 1-2, 2002, pp. 71-103.

[3] C. C. Lo, C.-C. Huang, and J. Ku, “A Cooperative Intrusion detection system framework for cloud computing networks,” Proc. 39th International Conference on Parallel Processing Workshops (ICPPW), Sept. 2010, pp. 280–284.

[4] H. L. Ren, N. Stakhanova, and A. Ghorbani, “An online adaptive approach to alert correlation,” Proc. 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Jul. 2010, pp. 153-172, doi: 10.1007.

[5] S. Roschke, C. Feng, and C. Meinel, “An extensible and virtualization compatible IDS management architecture,” Proc. Fifth International Conference on Information Assurance and Security, vol. 2, Aug. 2009: pp.130–134.

[6] B. Zhu and A. A. Ghorbani, “Alert correlation for extracting attack strategies,” International Journal of Network Security, vol. 3, no. 3, Nov. 2006, pp. 244–258.

[7] MIT Lincoln Laboratory, 2000 Darpa Intrusion Detection Scenario Specific Data Sets, 2000.
Available: http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊