中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/8092
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41655127      Online Users : 2272
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/8092


    Title: 以系統呼叫為基礎改良式迴圈簡化演算法之異常入侵偵測系統理論與實作
    Authors: 邱建宏;Jian-Hung Chiou
    Contributors: 通訊工程研究所
    Keywords: 異常入侵偵測;系統呼叫;迴圈簡化演算法;Linux核心;system call;anomaly intrusion detection;and Linux kernel;loop reduction algorithm
    Date: 2006-06-27
    Issue Date: 2009-09-22 11:17:54 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 近年來,網路安全事件頻傳,使用誤用入侵偵測技術可以有效偵測出已知攻擊,然而對於新型態的攻擊便無法偵測出。此時,異常入侵偵測正好提供了另外一個思考觀點,亦即對應用程式建立正常行為的資料庫,若有異於正常的行為則視為攻擊。Forrest (1996)發現程式所產生的系統呼叫可用來表示程式的行為,之後,陸陸續續有許多相關研究發表,本論文基於迴圈簡化演算法所造成的缺點來進行改良,且進一步可以判斷是否為攻擊者的偽造系統呼叫。此外,針對系統呼叫截取所造成的效能下降,亦提供了一項核心修改解決方案。透過本論文所提出的方式可以更具體地描述程式的行為,且為作業系統本身提供一個更加安全的防護。 In recent years, network security events have undergone a major renaissance. Using misuse intrusion detection technology can detect attacks effectively, however, it cannot detect new kind of attacks. At this time, anomaly intrusion detection techniques provide another viewpoint that the database of normal behavior can be constructed according to application program, and it will detect deviations from this norm as attacks. Forrest (1996) shows the novel idea that system calls derived from application program can describe the behavior of program. Afterwards, a body of research has been published continually. In this paper, we modify the main drawbacks of loop reduction algorithm and determine whether the faked system calls made by attackers or not. Furthermore, we also put up a modified kernel approach to improve the declined effectiveness caused by system call interception. Therefore, in this paper we provide a method to describe the program behavior concretely, and afford a safer protection to operating systems.
    Appears in Collections:[Graduate Institute of Communication Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明