跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.169) 您好!臺灣時間:2025/01/22 02:27
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:陳宣良
研究生(外文):Xuan-Liang Chen
論文名稱:架構於虛擬機管理程式之整合式入侵偵測系統研究
論文名稱(外文):Study of Hypervisor-Based Integrated Intrusion Detection System
指導教授:王智弘王智弘引用關係
指導教授(外文):Chih-Hung Wang
學位類別:碩士
校院名稱:國立嘉義大學
系所名稱:資訊工程學系研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
畢業學年度:103
語文別:中文
論文頁數:57
中文關鍵詞:雲端運算入侵偵測系統虛擬機管理程式虛擬機開放原始碼
外文關鍵詞:Cloud SecurityIntrusion Detection SystemHypervisorVirtual MachineOpen Source
相關次數:
  • 被引用被引用:0
  • 點閱點閱:249
  • 評分評分:
  • 下載下載:21
  • 收藏至我的研究室書目清單書目收藏:1
由於雲端運算非常依賴網際網路的連接,因此惡意的攻擊者可以透過網路從遠端攻擊雲端服務,以獲取利益。在雲端環境中,為了避免被惡意入侵者所攻擊,一般最常見的解決方案是使用防火牆。此外,入侵偵測系統也經常被使用在雲端中。入侵偵測系統較常被使用的兩種類型為:主機式入侵偵測系統 (HIDS)以及網路式入侵偵測系統 (NIDS)。由於這兩種類型的入侵偵測系統,對雲端中不同的攻擊類型,都有它們各自的優勢及缺陷。為了同時具有NIDS與HIDS的優點,並且避免它們在不同攻擊類型上的缺陷。
本論文將提出一個以虛擬機管理程式為基礎的整合式入侵偵測系統 (Hypervisor-Based Integrated Intrusion Detection System, HIIDS) 的原型,這個系統同時擁有這兩種系統的優點,並且成功避免了它們使用在雲端上的缺陷。本論文所提出的HIIDS,是建構在虛擬機管理程式中,它包含三個主要的模組:HIDM 、NIDM 和APM。其中HIDM負責監控虛擬機與虛擬機管理程式。NIDM則負責檢查虛擬機管理程式以及虛擬機的傳送/接收封包。而APM則對HIDM與NIDM所產生的警報做進一步的處理。透過實驗證明HIIDS在偵測率上的表現上優於 HIDS以及NIDS,同時所發出警報透過警報關聯的技術,也可以獲取更多的入侵資訊,以協助網路管理者理解整個入侵的行為,並進行相應的策略。本論文的貢獻在於提出一個適用於雲端的入侵偵測系統架構,並且在偵測率上有很好的表現。此外,這個架構也具有很高的可實現性。
Since the cloud computing is very dependent on the Internet connection, a malicious intruder can issue an attack on the cloud services from a remote site through the network to obtain benefits. In the cloud environment, in order to avoid attacks from malicious intruders, the most common solution is to use the firewall. Furthermore, the intrusion detection system is also often used to identify in depth the attack events. Two types of the intrusion detection system, HIDS and NIDS, are popularly used in defending the different kinds of attacks.
This thesis proposes an integrated intrusion detection system prototype conducted on the virtual machine manager (Hypervisor-Based Integrated Intrusion Detection System, HIIDS) that can keep the advantages of both HIDS and NIDS systems, and also can effectively solve the integration problems. The proposed prototype has two contributions. First, it timely monitors the communications among the virtual machines and Hypervisor to detect the possible inside threats. Second, the proposed system achieves a high practicality. Compared to other Hypervisor-based IDSs, our system can be easier realized and implemented.
摘要 i
Abstract ii
致謝 iii
目錄 iv
圖目錄 vi
表目錄 vii
第1章 導論 1
1.1 研究動機 1
1.2 研究目的 5
1.3 論文架構 7
第2章 文獻探討 9
2.1 入侵偵測系統 (Intrusion Detection System, IDS) 9
2.1.1 主機式入侵偵測系統 (HIDS) 9
2.1.2 網路式入侵偵測系統 (NIDS) 11
2.1.3 以虛擬機管理程式為基礎的入侵偵測系統 (Hypervisor-based IDS) 13
2.2 警報處理技術 14
2.2.1 警報前處理 15
2.2.2 警報關聯 16
2.2.3警報後處理 20
第3章 HIIDS的架構 22
第4章 實驗與分析 28
4.1實驗環境 28
4.2實驗結果 39
第5章 結論與未來展望 47
第6章 參考文獻 48
[1] P. Ammann, D. Wijesekera and S. Kaushik, “ Scalable, graph-based network vulnerability analysis,” in Ninth ACM conference on computer and communications security, Washington, DC, 2002, pp. 217-224.
[2] J. Arshad, P. Townend and J. Xu, “An Abstract Model for Integrated Intrusion Detection and Severity Analysis for Clouds ,” International Journal of Cloud Applications and Computing (IJCAC), vol. 1, no. 1, pp. 1-17, Jan., 2011.
[3] S. Axelsson, “The base-rate fallacy and its implications for the difficulty of intrusion detection,” in 6th ACM conference on Computer and communications security, Singapore, 1999, pp. 1-7.
[4] C. Clifton and G. Gengo, “Developing custom intrusion detection filters using data mining,” in 21st Century Military Communications Conference Proceedings, Los Angeles, CA, 2000, vol. 1, pp. 440 - 443.
[5] P. Cox. (2010, March). Intrusion detection in a cloud computing environment [Online]. Available: http://searchcloudcomputing.techtarget.com/tip/Intrusion-detection-in-a-cloud-computing-environment
[6] H. Debar, D. Curry and B. Feins. (2007, March). The Intrusion Detection Message Exchange Format (IDMEF) [Online]. Available: http://www.ietf.org/rfc/rfc4765.txt
[7] T. Garfinkel and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection,” in Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2003, pp. 191-206.
[8] C. W. Geib and R. P. Goldman, “Plan recognition in intrusion detection systems,” in DARPA Information Survivability Conference &; Exposition II (DISCEX '01), Anaheim, CA , 2001, vol. 1, pp. 46 - 55.
[9] H. Hamad and M. Al-hoby, “Managing Intrusion Detection as a Service in Cloud Networks,” International Journal of Computer Application , vol. 41, no. 1, pp. 35-40, 2012.
[10] K. Julisch, “Mining alarm clusters to improve alarm handling efficiency,” in 17th Annual Computer Security Applications Conference, New Orleans, LA, 2001, pp. 12-21.
[11] S. Lagzian, F. Amiri, A. Enayati and H. Gharaee, “Frequent item set mining-based alert correlation for extracting multi-stage attack scenarios,” in Sixth International Symposium on Telecommunications (IST), Tehran, 2012, pp. 1010-1014.

[12] R. Lippmann, S. Webster and D. Stetson, “The Effect of Identifying Vulnerabilities and Patching Software on the Utility of Network Intrusion Detection,” in 5th International Symposium on Recent Advances in Intrusion Detection (RAID), Zurich , 2002, pp. 307-326.
[13] M. Marchetti, M. Colajanni and F. Manganiello, “Identification of correlated network intrusion alerts,” in Third International Workshop on Cyberspace Safety and Security (CSS), Milan, 2011, pp. 15-20.
[14] P. Mell and T. Grance. (2011, September). The NIST Definition of Cloud Computing [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
[15] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel and M. Rajarajan, “A survey of intrusion detection techniques in Cloud,” Journal of Network and Computer Application, vol. 36, no. 1, pp. 42-57, Jan., 2013.
[16] X. Qin. (2005, August). A Probabilistic-Based Framework for INFOSEC Alert Correlation [Online]. Available: https://smartech.gatech.edu/bitstream/handle/1853/7278/qin_xinzhou_200508_phd.pdf
[17] S. Roschke, F. Cheng and C. Meinel, “An Extensible and Virtualization-Compatible IDS Management Architecture,” in Fifth International Conference on Information Assurance and Security, Xian, 2009, pp. 130-134.
[18] K. Scarfone and P. Mell. (2012, July). Guide to Intrusion Detection and Prevention Systems (IDPS) (Draft) [Online]. Available: http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf
[19] O. M. Sheyner. (2004, April 14). Scenario Graphs and Attack Graphs [Online]. Available: http://www.cs.cmu.edu/~scenariograph/sheynerthesis.pdf
[20] A. Valdes and K. Skinner, “Probabilistic Alert Correlation,” in 4th International Symposium on Recent Advances in Intrusion Detection (RAID), Davis, CA, 2001, pp. 54-68.
[21] K. Vieira, A. Schulter, C. B. Westphall and C. M. Westphall, “Intrusion Detection for Grid and Cloud Computing,” IEEE IT Professional Magazine, vol. 12, no. 4, pp. 38-43, Sep., 2010.
[22] S. Zhang, J. Li, X. Chen and L. Fan, “Building network attack graph for alert causal correlation,” Computer &; Security, vol. 27, no. 5-6, pp. 188-196, Oct., 2008.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊