Responsive image
博碩士論文 etd-0809103-150442 詳細資訊
Title page for etd-0809103-150442
論文名稱
Title
使用有限狀態機偵測迴避攻擊之模組設計
The Model of Evasion Attack Detection using Finite State Machine
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
33
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2003-07-11
繳交日期
Date of Submission
2003-08-09
關鍵字
Keywords
網路型入侵偵測系統、迴避攻擊、入侵偵測
IDS, Evasion Attack, NIDS
統計
Statistics
本論文已被瀏覽 5669 次,被下載 48
The thesis/dissertation has been browsed 5669 times, has been downloaded 48 times.
中文摘要
隨著電子商務盛行,許多企業都轉往網際網路上發展。隨著商業電子化,將帶來了許多安全上問題,安全的重心將在企業網站的資料和客戶的隱私。單靠防火牆雖然可以確保其安全,但並不是絕對安全,還要和入侵偵測系統結合才能提供一定程度的安全。利用網路監控及入侵偵測的技術,我們可以偵測出入侵者所發動的攻擊種類,對網路管理者提出警訊,並將其紀錄,日後提供網路管理者此攻擊的特徵行為,使日後避免相同的入侵,確保整個系統安全。近幾年,發現一些可以躲過入侵偵測系統檢測的攻擊。這樣的攻擊將帶給使用者很大的傷害。我們詳細研究這纇的攻擊方法,試著設計一個模組可以偵測此攻擊,並且希望可以用這樣模組來設計入侵偵測系統。

Abstract
With the electronic commerce is going popular, many enterprise turn their business to the internet. The electronic commerce brings many problems on security and the key point is the data of the enterprise and the privacy of the customer. Firewall is not enough and the IDS is needed to provide the acceptable security. With the network monitoring and intrusion detection techniques, we can detect the attacks, alarm the administrators, and write to log files. The log files can be analyzed to provide the prevention to the same types of attacks and protect the security of the system.

Recently, some attacks are proposed which can avoid the familiar IDS such as SNORT. The attack will bring a serious damage to the system. We analyze one of these attacks and try to propose a model which can detect it. We believe that the model is useful in the research of the IDS.


目次 Table of Contents
1 緒論
1.1 入侵偵測系統的簡介
1.2 入侵偵測系統的種類
1.3 偵測入侵技術
2 Snort 概要
2.1 Snort架構的簡介
2.2 Detection Engine
2.2.1 Pattern Matching
2.2.2 Overview of Snort Rule
2.2.3 Rule Rarsing and Detection Engine
2.3 Preprocessors
2.4 Snort存在的問題
3 相關研究討論與設計原理
3.1 迴避攻擊
3.1.1 Insertion
3.1.2 Evasion
3.1.3 現實世界的 Insertion 和 Evasion
3.2 相關研究
3.3 設計原理
3.3.1 設計理論
3.3.2 有限狀態機定義
3.3.3 検測方法
4 結論與未來展望
參考文獻
參考文獻 References
1 可使非法入侵偵測系統失效. http://texh.sina.com.cn/s/n/58376.shtml
2 入侵偵測系統與入侵方法. http://www.csie.nctu.edu.tw/sjhuang/ids.php
3 永遠的 UNIX, 怎樣使用 Snort. http://www.fanqiang.com/a5/b6/
4 永遠的 UNIX, Snort 分析報告. http://www.fanqiang.com/a5/b6/
5 Network-based intrusion detection using neural.
6 Real time data mining-based intrusion detection.
7 Intrusion detection using sequences of system calls.
8 Optimization of network traffic parameters via an evolution strategy.
9 Snort, the open source network intrusion detection system.
10 Snrot Users Manual Snort Release : 1.8.
11 Increasing performance in high speed nids.
12 An Achilles' Heel in Signature-Based IDS : Squealing False Positives in Snort
13 Insertion, evasion, and denial of service : Eluding network intrusion detection.
14 Network intrusion detection: Evasion, traffic normalization, and end-to-end jprotocol semantics.
15 Towards faster string matching for intrusion detection or execcding the speed of snort.
16 Snort, the open source network intrusion detection .
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內公開,校外永不公開 restricted
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus:永不公開 not available

您的 IP(校外) 位址是 44.200.23.133
論文開放下載的時間是 校外不公開

Your IP address is 44.200.23.133
This thesis will be available to you on Indicate off-campus access is not available.

紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code