論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0726112-150041 詳細資訊
Title page for etd-0726112-150041
論文名稱 Title |
基於隱藏式馬可夫模型之偵測雲端上攻擊序列 Detecting Attack Sequence in Cloud Based on Hidden Markov Model |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
58 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2012-07-16 |
繳交日期 Date of Submission |
2012-07-26 |
關鍵字 Keywords |
攻擊序列、雲端運算、隱藏式馬可夫 Cloud Computing, Hidden Markov Model, Attack Plan |
||
統計 Statistics |
本論文已被瀏覽 5701 次,被下載 380 次 The thesis/dissertation has been browsed 5701 times, has been downloaded 380 times. |
中文摘要 |
隨著雲端運算風潮興起,眾多網路公司都紛紛提供雲端服務,雲端運算並不算是一種新的技術,而是一種新型的提供資訊及服務的模式。雲端運算提供了大量的服務,在大量使用雲端服務的背後,雲端網路安全的事件也隨之增高,使用者都想知道除了強大的雲端服務,提供服務的企業都面臨使用者最想了解的安全問題。隨著強大的雲端運算能力,不僅招來駭客的覬覦,另一方面這樣的強大運算能力也被駭客利用來攻擊的其他使用雲端服務的使用者。 駭客可以執行一系列的攻擊,攻擊目標或破壞機器來達成目的。如今各家防毒軟體廠商也提供相當多的防禦機制,如防火牆或入侵偵測系統等,這也使得駭客攻擊漸漸轉為低頻攻擊隱身在雲端網路環境中,雖然當機器遭受到攻擊,入侵偵測系統或防火牆才會立即阻擋,但攻擊之間因為時間相差甚遠,常常無法關聯其相關性。也因為隱藏在雲端網路環境中的低頻攻擊容易被忽視,因此當發現攻擊時,已經是被破壞到不可收拾的局面。本研究所提出的偵測方法,已經有一定的成效,可達到相當高的判別率。 |
Abstract |
Cloud computing provides business new working paradigm with the benefit of cost reduce and resource sharing. Tasks from different users may be performed on the same machine. Therefore, one primary security concern is whether user data is secure in cloud. On the other hand, hacker may facilitate cloud computing to launch larger range of attack, such as a request of port scan in cloud with virtual machines executing such malicious action. In addition, hacker may perform a sequence of attacks in order to compromise his target system in cloud, for example, evading an easy-to-exploit machine in a cloud and then using the previous compromised to attack the target. Such attack plan may be stealthy or inside the computing environment, so intrusion detection system or firewall has difficulty to identify it. The proposed detection system analyzes logs from cloud to extract the intensions of the actions recorded in logs. Stealthy reconnaissance actions are often neglected by administrator for the insignificant number of violations. Hidden Markov model is adopted to model the sequence of attack performed by hacker and such stealthy events in a long time frame will become significant in the state-aware model. The preliminary results show that the proposed system can identify such attack plans in the real network. |
目次 Table of Contents |
致謝 I 中文摘要 II ABSTRACT III 目錄 IV 圖次 VI 表次 VIII 第一章 緒論 1 1.1 研究背景 1 1.2 研究動機 3 1.3 研究目的 5 第二章 文獻探討 6 2.2 入侵偵測系統 7 2.3 雲端入侵偵測系統 8 2.4 警訊關聯技術 9 2.5 HIDDEN MARKOV MODEL(HMM) 11 2.6結合HIDDEN MARKOV MODEL與BAUM–WELCH ALGORITHM來觀測狀態 16 2.7結合HIDDEN MARKOV MODEL與VITERBI ALGORITHM來作偵測 19 第三章 研究方法 21 3.1 資料收集方法 21 3.2 系統架構及流程 22 3.3 HMM 25 第四章 實驗結果 30 4.1 樣本收集 30 4.2 實驗評估 30 4.3 實驗一:模擬網路攻擊環境 31 4.4 實驗二:不同系統環境實驗 33 4.5 實驗三:真實網路環境實驗 36 第五章 貢獻及未來展望 43 第六章 參考文獻 45 |
參考文獻 References |
[1] Cloud security alliance, ”Top Threats to Cloud Computing V1.0”, 2010, https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf [2] 全國法規資料庫,”個人資料保護法”,2010,http://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021 [3] IDC analyze the future, “Cloud Computing 2010_An IDC update”, 2010, http://www.slideshare.net/JorFigOr/cloud-computing-2010-an-idc-update [4] Exforsys Inc, “cloud-computing-security”, 2012, Data Security http://www.exforsys.com/tutorials/cloudcomputing/ [5] S. N. Dhage, B. B. Meshram, R. Rawat, S. Padawe , M. Paingaokar and A. Misra, “Intrusion Detection System in Cloud Computing Environment” Proceedings of the International Conference & Workshop on Emerging Trends in Technology(ICWET 2011), pp. 235-239, 2011. [6] Cloud Computing use case group,”雲端運算使用案例白皮書第四版” ,2011,http://cloudusecases.org/ [7] Y. Chen, V. Paxson, R. H. Katz, “What's new about cloud computing security?” , Technical Report No. UCB/EECS-2010-5, Berkeley, 2010. [8] R. Marty, “Cloud Application Logging for Forensics”, Proceedings of the 2011 ACM Symposium on Applied Computing(SAC’11), pp.178-184, 2011. [9] S. F. Yang , W. Y. Chen and Y. T. Wang “ICAS: An inter-VM IDS Log Cloud Analysis System”, Proceedings of the Cloud Computing and Intelligence Systems (CCIS), 2011 IEEE International Conference , pp.285-289, 2011. [10] J. H. Lee, M. W. Park, J. H. Eom and T. M. Chung “Multi-level Intrusion Detection System and log management in Cloud Computing” Proceedings of the Advanced Communication Technology (ICACT), 2011 13th International Conference, pp.552-555, 2011. [11] A. Vezhnevets and O. Barinova, “Avoiding Boosting Overfitting by Removing Confusing Samples”, Proceedings of the 18th European Conference on Machine Learning(ECML 2007), . Vol.4701, pp.430-441, 2007. [12] L. E. Baum, T. Petrie, G. Soules, and N. Weiss, "A maximization technique occurring in the statistical analysis of probabilistic functions of Markov chains", Ann. Math. Statist., vol. 41, no. 1, pp. 164–171, 1970. [13] S. S. Joshi and V. V. Phoha, “Investigating Hidden Markov Models Capabilities in Anomaly Detection”, Proceedings of the 43rd annual Southeast regional conference, vol.1, pp.98-103, 2005. [14] A. Årnes, F. Valeur, G. Vigna, and R. A. Kemmerer, “Using Hidden Markov Models to Evaluate the Risks of Intrusions” ,Proceedings of the 9th International Symposium(RAID 2006), vol.4219, pp.145-164, 2006. [15] S. Singh, H. Tu, W. Donat, K. Pattipati, and P. Willett, “Anomaly Detection via Feature-Aided Tracking and Hidden Markov Models”, Proceedings of the Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions, vol.1, pp.144-159, 2009. [16] B. Bauer and K. F. Kraiss, “Towards an Automatic Sign Language Recognition System Using Subunits,” Proceedings of the Gesture Workshop, pp. 64-75, 2001. [17] L. R. Rabiner and B. H. Juang, “An introduction to Hidden Markov Models.” IEEE Acoustic, Speech, and Signal Processing Magazine, vol.3, pp.4-16, 1986. [18] Q. Zhang, D. Man and W. Yang, “Using HMM for Intent Recognition in Cyber Security Situation Awareness”, Knowledge Acquisition and Modeling(KAM '09),pp.166-169,2009. [19] D. Ourston, S. Matzner, W. Stump, and B. Hopkins, “Applications of hidden Markov models to detecting multi-stage network attacks”, Proceedings of the 36th Annual Hawaii International Conference, 2003. [20] M. Geraily, and M.V. Jahan, “Fuzzy Detection of Malicious Attacks on Web Applications Based on Hidden Markov Model Ensemble”, Proceedings of the Intelligent Systems, Modelling and Simulation (ISMS), pp.102-108, 2012. [21] S. Zhicai and X. Yongxiang, “A novel hidden Markov model for detecting complicate network attacks”, Proceedings of the Wireless Communications, Networking and Information Security (WCNIS), 2010 IEEE International Conference, pp. 312-315, 2010. [22] X. Zan, F. Gao, J. Han and Y. Sun, “A Hidden Markov Model Based Framework for Tracking and Predicting of Attack Intention”, Proceedings of the Multimedia Information Networking and Security( MINES '09), International Conference, pp.498-501, 2009. [23] M.Y. Tsai, “Mutilple Sensor Anomaly Correlation”, Master’s thesis, Univ.of National Sun Yat-sen, 2011. [24] 2000 DARPA Intrustion Detection Scenario Specific Data Sets, available at http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html [25] Yujian Li “Hidden Markov models with states depending on observations”, Pattern Recognition Letters, Volume 26, Issue 7, 15 May 2005, Pages 977–984. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS