論文使用權限 Thesis access permission:校內公開,校外永不公開 restricted
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus:永不公開 not available
論文名稱 Title |
使用有限狀態機偵測迴避攻擊之模組設計
The Model of Evasion Attack Detection using Finite State Machine |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
33 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2003-07-11 |
繳交日期 Date of Submission |
2003-08-09 |
關鍵字 Keywords |
網路型入侵偵測系統、迴避攻擊、入侵偵測 IDS, Evasion Attack, NIDS |
||
統計 Statistics |
本論文已被瀏覽 5669 次,被下載 48 次 The thesis/dissertation has been browsed 5669 times, has been downloaded 48 times. |
中文摘要 |
隨著電子商務盛行,許多企業都轉往網際網路上發展。隨著商業電子化,將帶來了許多安全上問題,安全的重心將在企業網站的資料和客戶的隱私。單靠防火牆雖然可以確保其安全,但並不是絕對安全,還要和入侵偵測系統結合才能提供一定程度的安全。利用網路監控及入侵偵測的技術,我們可以偵測出入侵者所發動的攻擊種類,對網路管理者提出警訊,並將其紀錄,日後提供網路管理者此攻擊的特徵行為,使日後避免相同的入侵,確保整個系統安全。近幾年,發現一些可以躲過入侵偵測系統檢測的攻擊。這樣的攻擊將帶給使用者很大的傷害。我們詳細研究這纇的攻擊方法,試著設計一個模組可以偵測此攻擊,並且希望可以用這樣模組來設計入侵偵測系統。 |
Abstract |
With the electronic commerce is going popular, many enterprise turn their business to the internet. The electronic commerce brings many problems on security and the key point is the data of the enterprise and the privacy of the customer. Firewall is not enough and the IDS is needed to provide the acceptable security. With the network monitoring and intrusion detection techniques, we can detect the attacks, alarm the administrators, and write to log files. The log files can be analyzed to provide the prevention to the same types of attacks and protect the security of the system. Recently, some attacks are proposed which can avoid the familiar IDS such as SNORT. The attack will bring a serious damage to the system. We analyze one of these attacks and try to propose a model which can detect it. We believe that the model is useful in the research of the IDS. |
目次 Table of Contents |
1 緒論 1.1 入侵偵測系統的簡介 1.2 入侵偵測系統的種類 1.3 偵測入侵技術 2 Snort 概要 2.1 Snort架構的簡介 2.2 Detection Engine 2.2.1 Pattern Matching 2.2.2 Overview of Snort Rule 2.2.3 Rule Rarsing and Detection Engine 2.3 Preprocessors 2.4 Snort存在的問題 3 相關研究討論與設計原理 3.1 迴避攻擊 3.1.1 Insertion 3.1.2 Evasion 3.1.3 現實世界的 Insertion 和 Evasion 3.2 相關研究 3.3 設計原理 3.3.1 設計理論 3.3.2 有限狀態機定義 3.3.3 検測方法 4 結論與未來展望 參考文獻 |
參考文獻 References |
1 可使非法入侵偵測系統失效. http://texh.sina.com.cn/s/n/58376.shtml 2 入侵偵測系統與入侵方法. http://www.csie.nctu.edu.tw/sjhuang/ids.php 3 永遠的 UNIX, 怎樣使用 Snort. http://www.fanqiang.com/a5/b6/ 4 永遠的 UNIX, Snort 分析報告. http://www.fanqiang.com/a5/b6/ 5 Network-based intrusion detection using neural. 6 Real time data mining-based intrusion detection. 7 Intrusion detection using sequences of system calls. 8 Optimization of network traffic parameters via an evolution strategy. 9 Snort, the open source network intrusion detection system. 10 Snrot Users Manual Snort Release : 1.8. 11 Increasing performance in high speed nids. 12 An Achilles' Heel in Signature-Based IDS : Squealing False Positives in Snort 13 Insertion, evasion, and denial of service : Eluding network intrusion detection. 14 Network intrusion detection: Evasion, traffic normalization, and end-to-end jprotocol semantics. 15 Towards faster string matching for intrusion detection or execcding the speed of snort. 16 Snort, the open source network intrusion detection . |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:校內公開,校外永不公開 restricted 開放時間 Available: 校內 Campus: 已公開 available 校外 Off-campus:永不公開 not available 您的 IP(校外) 位址是 44.200.23.133 論文開放下載的時間是 校外不公開 Your IP address is 44.200.23.133 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |