論文使用權限 Thesis access permission:校內一年後公開,校外永不公開 campus withheld
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus:永不公開 not available
博碩士論文 etd-0729103-165244 詳細資訊
Title page for etd-0729103-165244
論文名稱 Title |
分散式攻擊的入侵偵測 Intrusion Detection on Distributed Attacks |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
54 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2003-07-01 |
繳交日期 Date of Submission |
2003-07-29 |
關鍵字 Keywords |
入侵偵測、分散式阻斷服務攻擊、網蟲 distributed denial of service attack, worm, intrusion detection |
||
統計 Statistics |
本論文已被瀏覽 5774 次,被下載 23 次 The thesis/dissertation has been browsed 5774 times, has been downloaded 23 times. |
中文摘要 |
近年來網路上重大攻擊事件日趨增多,其中影響網路最為廣泛,造成重大損失的,就是網蟲攻擊以及分散式阻斷服務攻擊。 本論文中我們分析了分散式阻斷服務攻擊以及網蟲等兩種網路上最嚴重的分散式攻擊,提出了一套針對此種分散式攻擊的入侵偵測方法,並利用此法實作設計一攻擊偵測系統。我們利用入侵偵測中的異常偵測技術,以觀察攻擊封包欄位值的異常分布情形來達到偵測功能,此方法可以記錄下目前正常網路情況下的特徵,使欄位異常的判斷具有彈性並更為準確。最後我們以實驗來驗證這套方法。 |
Abstract |
The number of significant security incidents tends to increase day by day in recent years. The distributed denial of service attacks and worm attacks extensively influence the network and cause serious damages. In the thesis, we analyze these two critical distributed attacks. We propose an intrusion detection approach against this kind of attacks and implement an attack detection system based on the approach. We use anomaly detection of intrusion detecting techniques and observed the anomalous distribution of packet fields to perform the detection. The proposed approach records the characteristics of normal traffic volumes so that to make detections more flexible and more precise. Finally, we evaluated our approach by experiments. |
目次 Table of Contents |
Chapter 1 Introduction 1.1 The Threats of Distributed Attacks 1.2 Motivation 1.3 Thesis Organization Chapter 2 Literature Review 2.1 Distributed Denial of Service Attacks 2.2 Worm Attacks 2.3 Intrusion Detection Techniques on Distributed Attacks Chapter 3 Distributed Attack Detection 3.1 Training Stage 3.2 Detection Stage Chapter 4 System Design and Implementation 4.1 System Operation States 4.2 System architecture 4.3 System Implementation 4.4 User Interface Chapter 5 Experimental Results 5.1 Experimental Environment 5.2 Experimental Results of Normal Traffic 5.3 Experimental Results of DDoS Detection 5.4 Experimental Results of Worm Detection Chapter 6 Conclusions References |
參考文獻 References |
[Arent00] L. Arent, D. MuCullagh, “A Frenzy of Hacking Attacks”, Wired Online, February 2000. http://www.wired.com/news/business/0,1367,34234,00.html [Balasubramaniyan98] J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff et al., “An Architecture for Intrusion Detection using Autonomous Agents,” COAST Technical Report 98/05, 1998. [Barbara01] D. Barbara, N. Wu, S. Jajodia, “Detecting Novel Network Intrusions Using Bayes estimators”, SIAM Conference Data Mining, 2001 [Barlow00] J. Barlow, W. Thrower, “TFN2K – An Analysis” http://security.royans.net/info/posts/bugtraq_ddos2.shtml [CERT03] CERT Advisory CA-2003-04 MS-SQL Server Worm http://www.cert.org/advisories/CA-2003-04.html [Cohen97] F. Cohen, “Distributed Co-ordination Attacks (DCA)”, Management Analytics, 1997. http://www.all.net/books/dca/ [DARPA] 1999 DARPA Intrusion Detection Evaluation Data Set. http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html [Denning96] D. E. Denning, “An Intrusion-Detection Model”, IEEE Transactions on Software Engineering, vol.se-13, no.2, 1987 [Goeldenitz02] T. Goeldenitz, “IDS – Today and Tomorrow”, SANS Information Security Reading Room. http://rr.sans.org/intrusion/today.php [Gresty01] D.W Gresty, Q. Shi, M. Merabti, “Requirements for a General Framework for Response to Distributed Denial-of-Service”, 17th ACSAC, 2001 [Helmer00] G. Helmer, J. Wong, M. Slagell et al., “A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System”, the 1st Symposium on Requirements Engineering for Information Security, October 2000. [Houle01] K. J. Houle, G. M. Weaver, “Trends in Denial of Service Attack Technology”, CERT Coordination Center, October 2001 [Ioannidis01] J. Ioannidis, S. M. Bellovin, “Pushback: Router-Based Defence Against DDoS Attacks”. http://www.research.att.com/~smb/papers/pushbackimpl.pdf, 2001. [Javitz93] H. S. Javitz, A. Valdes, “The NIDES Statistical Component: Description and Justification,” SRI International technical report 1993 [Jong02] C.H. Jong, S. P. Shieh, “Detecting Distributed DoS/Scanning by Anomaly Distribution of Packet Fields”, ISC 2002 [Libpcap] Libpcap Library. http://www.tcpdump.org [Mahoney01] M. V. Mahoney, P. K. Chan, “Detecting Novel Attacks by Identifying Anomalous Network Packet Headers”, Florida Institute of Technology Technical Report CS-2001-2 [Mohiuddin02] S. Mohiuddin, S. Hershkop, R Bhan, S. Stolfo, “Defending Against a large scale Denial-of-Service Attack”, IEEE Workshop [Northcutt01] S. Northcutt, M. Cooper, M. Fearnow, K. Frederick, Intrusion Signatures and Analysis, New Riders Publishers, 2001 [Paxson99] V. Paxson, “Bro: A System for Detecting Network Intruders in Real-Time”, USENIX 1999. http://www.aciri.org/vern/papers/bro-CN99.html [Schiffman02] M.D.Schiffman, Building Open Source Network Security Tools, Wily Publish Inc, 2002 [Slagell01] Mark Slagell, “The Design and Implementation of MAIDS (Mobile Agents for Intrusion Detection System)”, M.S. thesis, Computer Science Department, Iowa State University, 2001 [Snapp91] S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, “DIDS -- Motivation, Architecture, and an Early Prototype”, the 14th National Computer Security Conference, 1991. [Snort] http://www.snort.org [Spafford00] E. H. Spafford, D. Zamboni, “Intrusion detection using autonomous agent”, Computer Networks, vol. 34, issues 4, 2000. [Staniford96] S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, “GrIDS-A Graph Based Intrusion Detection System for Large Networks,” National Information Systems Security Conference, 1996 [Sundaram96] A. Sundaram, “An Introduction to Intrusion Detection”, http://www.acm.org/crossroads/xrds2-4/intrus.html, 1996. [TCPDUMP] http://www.tcpdump.org/ [TCPREPLAY] http://tcpreplay.sourceforge.net/ [Todd03] M. Todd,” Worms as Attack Vectors: Theory, Threats, and Defenses”, SANS Information Security Reading Room, 2003. [Yang00] J.Yang, P. Ning, X. S. Wang, S. Jajodia, “CARDS: A distributed system for detecting coordinated attacks”, In Proceedings of IFIP TC11 Sixteenth Annual Working Conference on Information Security (SEC 2000), Kluwer Academic Publishers, August 2000. [Zhang01] Z. Zhang, Jun Li, C.N. Manikopoulos, J. Jorgenson, J. Ucles, “HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification”, IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, 2001. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 您的 IP(校外) 位址是 3.145.115.195 論文開放下載的時間是 校外不公開 Your IP address is 3.145.115.195 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS