中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/12946
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41764028      線上人數 : 2160
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/12946


    題名: 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究;Using the Process Tracking Method for Correlating Intrusion Alerts of Distributed Intrusion Detection Systems
    作者: 李勁頤;Jing-Yi Lee
    貢獻者: 資訊管理研究所
    關鍵詞: 入侵警示聚合;程序追蹤;程序關聯模型;程序關係;關聯分析;分散式入侵偵測系統;Distributed Intrusion Detection System;Correlation;Process Relationship;Process Relationship Correlation Model;Process Tracking;Alert Aggreation
    日期: 2002-06-21
    上傳時間: 2009-09-22 15:19:40 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 隨著網路環境愈來愈複雜,傳統單點式入侵偵測系統已不足以偵測日益精進的入侵手法。為偵測各種複雜的攻擊手法,分散式入侵偵測系統逐漸成為入侵偵測研究的主流。但目前分散式入侵偵測系統的關聯分析能力仍有許多限制,這主要導因於過去分散式入侵偵測系統,所用以進行關聯分析之資訊過於貧乏,且未能分別處理不同型態之警示資訊所致。因此本研究的目的在利用程序追蹤方法(process tracking)來補足關聯分散式入侵偵測系統之警示所需的資訊,並提出新的關聯分析模型,以解決過去分散式入侵偵測系統關聯分析方法所遭遇之問題。 在本研究中,我們首先整理歸納過去分散式入侵偵測系統研究其關聯分析方法所隱含之缺點、問題及造成此問題之原因,並提出相關解決方法。接著我們由程序的層次來思考整個網路與資訊系統的運作,進而提出一個以程序關係為基礎之關聯分析模型 --- 程序關聯模型。根據此模型,我們設計一分散式入侵測系統雛形PRIDS (Process Relationship based distributed Intrusion Detection System)。 最後我們利用於Windows 2000上實作出的PRIDS系統雛形,進行三個網路模擬攻擊,我們的實驗結果證明,對於過去分散式入侵偵測系統難以偵測的攻擊手法, 如Relay Attack式攻擊、時間關係為非決定性之攻擊類型與入侵偵測系統躲避式攻擊等複雜攻擊手法,採用程序追蹤方法進行關聯分析的PRIDS都能有效地偵測出來。 As network environments become complex, it is difficult for traditional intrusion detection systems (IDS) to detect the ingenious intrusion methods successfully. As a result, distributed intrusion detection systems (DIDS) become the main stream of the IDS researches. However, the correlation abilities of DIDS are still limited by (1) the inaccurate information that IDS uses for correlation and (2) the inability to discriminating between the heterogeneous information. To solve these shortcomings, this study uses the technology of process tracking to assist DIDS in correlating alerts and proposes a novel correlation model to solve the flaws of alert correlation that the previous DIDS have. In this study, we first sum up the flaws and the causes that lead to them in previous researches. Then we propose a novel Process Relationship Correlation Model (PRCM) to model the operations of network information system in the view of processes. Next, we present the design of a prototype intrusion system named PRIDS (Process Relationship based distributed Intrusion Detection System) based on PRCM. We have implemented PRIDS on Microsoft Win2000 System and used three artificial attacks to evaluate its detection abilities. The results of these experiments revealed that PRIDS could efficiently detect those attack methods including relay attacks, the attacks with nondeterministic temporal relationship and IDS evasion attacks that could evade detecting of other DIDS.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 大小格式瀏覽次數


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明