博碩士論文 89423031 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊管理學系zh_TW
DC.creator李勁頤zh_TW
DC.creatorJing-Yi Leeen_US
dc.date.accessioned2002-7-11T07:39:07Z
dc.date.available2002-7-11T07:39:07Z
dc.date.issued2002
dc.identifier.urihttp://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=89423031
dc.contributor.department資訊管理學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract隨著網路環境愈來愈複雜,傳統單點式入侵偵測系統已不足以偵測日益精進的入侵手法。為偵測各種複雜的攻擊手法,分散式入侵偵測系統逐漸成為入侵偵測研究的主流。但目前分散式入侵偵測系統的關聯分析能力仍有許多限制,這主要導因於過去分散式入侵偵測系統,所用以進行關聯分析之資訊過於貧乏,且未能分別處理不同型態之警示資訊所致。因此本研究的目的在利用程序追蹤方法(process tracking)來補足關聯分散式入侵偵測系統之警示所需的資訊,並提出新的關聯分析模型,以解決過去分散式入侵偵測系統關聯分析方法所遭遇之問題。 在本研究中,我們首先整理歸納過去分散式入侵偵測系統研究其關聯分析方法所隱含之缺點、問題及造成此問題之原因,並提出相關解決方法。接著我們由程序的層次來思考整個網路與資訊系統的運作,進而提出一個以程序關係為基礎之關聯分析模型 --- 程序關聯模型。根據此模型,我們設計一分散式入侵測系統雛形PRIDS (Process Relationship based distributed Intrusion Detection System)。 最後我們利用於Windows 2000上實作出的PRIDS系統雛形,進行三個網路模擬攻擊,我們的實驗結果證明,對於過去分散式入侵偵測系統難以偵測的攻擊手法, 如Relay Attack式攻擊、時間關係為非決定性之攻擊類型與入侵偵測系統躲避式攻擊等複雜攻擊手法,採用程序追蹤方法進行關聯分析的PRIDS都能有效地偵測出來。zh_TW
dc.description.abstractAs network environments become complex, it is difficult for traditional intrusion detection systems (IDS) to detect the ingenious intrusion methods successfully. As a result, distributed intrusion detection systems (DIDS) become the main stream of the IDS researches. However, the correlation abilities of DIDS are still limited by (1) the inaccurate information that IDS uses for correlation and (2) the inability to discriminating between the heterogeneous information. To solve these shortcomings, this study uses the technology of process tracking to assist DIDS in correlating alerts and proposes a novel correlation model to solve the flaws of alert correlation that the previous DIDS have. In this study, we first sum up the flaws and the causes that lead to them in previous researches. Then we propose a novel Process Relationship Correlation Model (PRCM) to model the operations of network information system in the view of processes. Next, we present the design of a prototype intrusion system named PRIDS (Process Relationship based distributed Intrusion Detection System) based on PRCM. We have implemented PRIDS on Microsoft Win2000 System and used three artificial attacks to evaluate its detection abilities. The results of these experiments revealed that PRIDS could efficiently detect those attack methods including relay attacks, the attacks with nondeterministic temporal relationship and IDS evasion attacks that could evade detecting of other DIDS.en_US
DC.subject入侵警示聚合zh_TW
DC.subject程序追蹤zh_TW
DC.subject程序關聯模型zh_TW
DC.subject程序關係zh_TW
DC.subject關聯分析zh_TW
DC.subject分散式入侵偵測系統zh_TW
DC.subjectDistributed Intrusion Detection Systemen_US
DC.subjectCorrelationen_US
DC.subjectProcess Relationshipen_US
DC.subjectProcess Relationship Correlation Modelen_US
DC.subjectProcess Trackingen_US
DC.subjectAlert Aggreationen_US
DC.title利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究zh_TW
dc.language.isozh-TWzh-TW
DC.titleUsing the Process Tracking Method for Correlating Intrusion Alerts of Distributed Intrusion Detection Systemsen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明