Title page for etd-0730104-095705


[Back to Results | New Search]

URN etd-0730104-095705
Author Wang-tzu Han
Author's Email Address No Public.
Statistics This thesis had been viewed 5095 times. Download 0 times.
Department Information Management
Year 2003
Semester 2
Degree Master
Type of Document
Language zh-TW.Big5 Chinese
Title Detecting Remote Attacks
Date of Defense 2004-07-05
Page Count 68
Keyword
  • Data mining
  • classification
  • network traffic analysis
  • vulnerability scan
  • Denial-of-service
  • Abstract With the advanced technology, our life has improved, however, it also brings the new model of crime events. Because the intrusion technique and intrusion tools are developed day by day, many computer crimes such as overstep system authority, intrusion events, computer crime, and network attack incidents are happening everywhere and everyday. In fact, those kinds of animus attack behaviors are troublesome problems.
    Staffs of network management may have to read security advisory, which is sent out by security organization. For example, they have to subscribe advisories for Computer Emergency Response Team or security mail list to continuously accumulate their security information. In addition, in the security protect system, they may need to spend huge fund to purchase firewall system, intrusion detection system, antivirus system and other related security protect systems.
    These attack behaviors have been evolved from one computer attacked to heavy attack by new intrusion model such as worm to proceed large scale spread attacking recently. Furthermore, each attack use different communication protocol and port, which is aimed at the system vulnerability, it is not easy to detect these attacks. If we can observe the variation of network traffic to detect the unusual hosts, for controlling the usage of network or occurring extraordinary phenomenon, it could help network managers to discover and solve network attack problems in time.
    Lately, many intrusion events have been happened increasingly, and the denial-of-service has become the most serious network event of the Computer Crime and Security Survey of FBI/CSI in 2003. Therefore, in various attacking types, we choose vulnerability scan and denial-of-service as our research direction.
    This research extend to develop IPAudit[16], a network traffic monitor system, which is to detect hosts flows traffic of the local area network. We establish network attack rules by using data miningclassification (C4.5) to analyze attack data, and we estimate the correctness percentage of classification. This study also uses different attack applications for the same attack type to process the cross experiment. The result has shown that the technology of data mining classification (C4.5) can help us to forecast efficiently the same attack type events.
    Advisory Committee
  • Cheng-hsien Tsung - chair
  • Wei-chih Ping - co-chair
  • Chen-chia Mei - advisor
  • Files
  • etd-0730104-095705.pdf
  • indicate not accessible
    Date of Submission 2004-07-30

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys