基於精確時間間隔之網路入侵行為事件序列研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：10

、訪客IP：18.224.73.157

姓名

何順全(Shun-Chuan Ho) 查詢紙本館藏

畢業系所

企業管理學系

論文名稱

基於精確時間間隔之網路入侵行為事件序列研究
(Network Intrusion Sequence Research Based on Specific Time Interval)

相關論文

★ 在社群網站上作互動推薦及研究使用者行為對其效果之影響	★ 以AHP法探討伺服器品牌大廠的供應商遴選指標的權重決定分析
★ 以AHP法探討智慧型手機產業營運中心區位選擇考量關鍵因素之研究	★ 太陽能光電產業經營績效評估－應用資料包絡分析法
★ 建構國家太陽能電池產業競爭力比較模式之研究	★ 以序列採礦方法探討景氣指標與進出口值的關聯
★ ERP專案成員組合對績效影響之研究	★ 推薦期刊文章至適合學科類別之研究
★ 品牌故事分析與比較-以古早味美食產業為例	★ 以方法目的鏈比較Starbucks與Cama吸引消費者購買因素
★ 探討創意店家創業價值之研究- 以赤峰街、民生社區為例	★ 以領先指標預測企業長短期借款變化之研究
★ 應用層級分析法遴選電競筆記型電腦鍵盤供應商之關鍵因子探討	★ 以互惠及利他行為探討信任關係對知識分享之影響
★ 結合人格特質與海報主色以類神經網路推薦電影之研究	★ 資料視覺化圖表與議題之關聯

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

本研究主要在運用事件序列和精確時間間隔的資料探勘演算法，提供精確的網路入侵行為規律辨識方法。為了維護網路安全，一般的入侵偵測系統必需全面的監控網路環境的所有訊息。然而，大多數傳統的入侵偵測方法產生太多的入侵警報，迫使網路管理者必需面對繁多的可疑事件進行大量調查，以確定其潛在的入侵行為的可能程度。
為了解決這個問題，本研究針對網路用戶行為進行精確時間間隔集群分析與序列型樣分析，以便比較有效的找出入侵行為模式。研究結果所產生的入侵行為事件序列型樣，除了列出所有入侵事件的順序關係之外，同時也針對所有可能的時間間隔進行分群分析，比較以往的研究更能確切找出入侵事件之間的頻繁時間間隔。藉由本研究的結果，網路管理者可以更加精確的辨識網路攻擊的事件類型與可能發生的順序以及時間點，讓網路管理者有效的集中時間與心力來監督並維護網路的安全。

摘要(英)

This research models the sequences and time-intervals of network intrusion. In order to maintain network security, common intrusion detection systems have to monitor the entire network environment. However, most traditional detection methods generate too many intrusion alerts, which forces network administrators to conduct numerous investigations of suspicious incidents to determine potential intrusion behavior. To solve this problem, this research combines specific time-interval clustering analysis of online user’s behaviors with sequential pattern analysis to provide specific rules of intrusion behaviors. The acquired sequential pattern of the intrusion events lists the ordered relationship of all intrusion related events. In addition, the possible time-intervals between events are analyzed and clustered to indentify exact frequent time-intervals. The proposed method can provide specific intrusion information to the network administrator, which effectively helps him to monitor and maintain network security with less time and effort.

關鍵字(中)

★ 序列型樣探勘
★ 時間間隔
★ 網路入侵行為
★ 網路安全

關鍵字(英)

★ intrusion behaviors
★ mining sequential pattern
★ time-interval
★ network security

論文目次

Chapter 1. Introduction 1
1.1 Research Motivation 3
1.2 Research Objectives 4
Chapter 2. Literature Review 6
2.1 Network Intrusion Behavior 6
2.2 Behavioral Intention of Network Administrators 12
2.3 Intrusion Protection Technique 16
2.4 Data Mining Techniques on Intrusion Behaviors 19
2.5 Time-interval based Sequence Pattern Mining Techniques 22
Chapter 3. Mining Frequent Intrusion Rules Based on Specific Time-interval 25
3.1 The Notations and Assumptions 25
3.2 The Algorithm to Mine Frequent Intrusion Rules 27
3.3 Demonstration of Algorithm 31
Chapter 4. Assessment of Practical Application 35
4.1 The Need for Mining Frequent Sequencial Rules 36
4.2 Intrusion Behavior Prediction and Prevention 38
Chapter 5. Conclusions and Future Work 41
5.1 Conclusions 41
5.2 Recommendation to future research 43
References 44

參考文獻

[1] 江美淨，「有時間區間的循序探勘」，國立中央大學資訊管理研究，民國91年。
[2] 林柏伸，「行動環境下之使用者行為樣式研究-以二維度序列型樣進行探勘」，中原大學資訊管理研究所，民國93年。
[3] 張凱棊，「使用頻繁情節法則與有限狀態機於網路入侵偵測系統之設計」，銘傳大學資訊工程研究所，民國97年。
[4] 陳奕明、黃世昆，資訊與通訊系統之程式安全，初版，行政院國家科學委員會技術資料中心，民國92年。
[5] 陳培德，賴溪松，「入侵偵測系統簡介與實現」，Communications of the CCISA，Vol. 8，No. 2，民國92年。
[6] 游信文，「入侵偵測系統中基於機器學習方法技術之開發與比較」，國立中正大學資訊管理研究所, 民國96年。
[7] 黃程斌，「入侵偵測系統中雞魚群集演算法之異常偵測技術評比」，成功大學資訊工程研究所，民國94年。
[8] 葉乃菁、李順仁，網路安全理論與實務，初版，文魁資訊股份有限公司，民國93年。
[9] 賴溪松，資通安全專輯之十四-網路攻防實驗教材，初版，財團法人國家實驗研究院科技政策研究與資訊中心，民國94年。
[10] 謝續平，資通安全專輯之十五-網際網路攻防技術與實例，初版，財團法人國家實驗研究院科技政策研究與資訊中心，民國94年。
[11] A. Patcha and J.-M. Park, “Network Anomaly Detection with Incomplete Audit Data “, Elsevier Computer Networks, Vol. 51, Issue 13, 2007.
[12] Agenda and Work Plan. Computer Security Incident Response Team (CSIRT), Florida State University, http://www.security.fsu.edu/csirt_mtg
[13] Ajzen, I., & Fishbein, M., Belief, attitude, intention, and behavior: An introduction to theory and research, MA: Addison-Wesley Publishing Company, Inc., 1975.
[14] Ajzen, I., & Fishbein, M., Understanding attitudes and predicting social behavior, Englewood Cliffs, NJ: Prentice-Hall, 1980.
[15] Ajzen, I., & Madden, T. J., “Prediction of goal-directed behavior: Attitudes, intentions and perceived behavioral control”, Journal of Experimental Social Psychology, Vol 22, pp 453-474, 1986.
[16] Ajzen, I., “From intentions to actions: A theory of planned behavior”, In J. Kuhl and J. Beckman (Eds.), Action-control: From cognition to behavior (pp. 11-39), Heidelberg: Springer, 1985.
[17] Ajzen, I., “The theory of planned behavior”, Organizational Behavior and Human Decision Process, Vol 50, pp 179-211, 1991.
[18] Anderson, J. C., & Gerbing, D. W., “Structural equation modeling in practice: A review and recommended Two step approach”, Psychological Bulletin, Vol 103(3), pp 411-23, 1988.
[19] Byoung-Doo Kang, Jae-Won.Lee,.Jong-Ho Kim, Hwa Kwon, Chi-Young Seong and Sang-Kyoon Kim, “An Intrusion Detection System Using Principal Component Analysis and Tim Delay Neural Network”, Proceedings of 7th International Workshop on Enterprise networking and Computing in Healthcare Industry, pp. 442-445, 2005.
[20] C. Anley. Advanced SQL Injection in SQL Server Applications. An NGSSoftware Insight Security Research (NISR) publication, 2002. http://www.nextgenss.com/papers/advanced_sql_injection.pdf.
[21] CERT Coordination Center, Overview of Attack Trends, 2002. http://www.arcert.gov.ar/webs/textos/attack_trends.pdf
[22] Chechen, L., Chen, J. L., & Yen, D. C., “Theory of planning behavior (TPB) and customer satisfaction in the continued use of e-service: An integrated model”, Computers in Human Behavior, Vol 23, pp 2804-2822, 2007.
[23] Chueh, H.-E., Lin, N. P., “Mining Time-Interval Sequential Patterns Using Clustering Analysis”, 2008 International Computer Symposium, Taipei, 2008.
[24] Constant, D., Kiesler, S., & Sproull, L., “What’s mine is ours, or is it? A study of attitudes about information sharing”, Information Systems Research, Vol 5(4), pp 400-421, 1994.
[25] Davis, F. D., Bagozzi, R. P., & Warshaw, P. R., “User acceptance of computer technology: a comparison of two theoretical models”, Management Science, Vol 35(8), pp 982-1002, 1989.
[26] Denning, D. E., “An intrusion detection model”, IEEE Transactions on Software Engineering, Vol 13, pp 222-232, 1987.
[27] Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Srivastava, J., Kumar, V., Dokas, P., “The MINDS – Minnesota Intrusion Detection System”, Next Generation Data Mining, MIT Press, 2004.
[28] Event Monitoring Enabling Responses to Anomalous Live Disturbances (EMERALD), http://www.sdl.sri.com/projects/emerald/
[29] Guan, Y., Ghorbani, A. A., Belacel, N., “Y-means: A clustering method for intrusion detection”, IEEE Canadian Conference on Electrical and Computer Engineering, Montreal, Quebec, Canada, 2003.
[30] H. Mannila, H. Toivonen, and A. Inkeri Verkamo, “Discovery of frequent episodes in event sequences,” Data Mining and Knowledge Discovery, Vol 1(3), pp 259-289, Novermber 1997.
[31] Han,J., Kamber, M., Data mining: Concepts and Techniques, San Francisco, CA: Morgan Kaufmann Publishers, 2001.
[32] James P Anderson, Computer Security Threat Monitoring and Surveillance, Techniqueal report, James P Anderson Co., Fort Washington, Pennsylvania, April 1980.
[33] Jianxiong Luo and Susan M. Bridges, “Mining Fuzzy Association Rules and Fuzzy Frequency Episodes for Intrusion Detection”, International Journal of Intellignet Systems, Vol. 15, No. 1, pp 687-703, 2001.
[34] Kai Hwang, Min Cai, Ying Chen and Min Qiu, “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes”, IEEE Transactions of Dependable and Secure Computing, Vol. 4, No. 1, pp 41-55, 2007.
[35] Kemmerer, R. A., Vigna, G. , “Intrusion Detection: A Brief History and Overview”, Computer, Vol 35(4), pp 27-30, 2002.
[36] Kevin J.Houle and George M., “Weaver, Trends in Denial of Service Attack Technology(v1.0)”, CERT® Coordination Center, pages 1-20, October 2001.
[37] Kruegel, C., Vigna, G., Robertson, W., “A multi-model approach to the detection of web-based attacks”, Computer Networks, Vol 48(5), pp 717-738, 2005.
[38] Lee W. Stolfo, S. J. , “A framework for constructing features and models for intrusion detection systems”, ACM Transactions on Information and System Security, Vol 3(4), pp 227-261, 2000.
[39] Li Zhi-Tang and Li Jia-Chun, “Application of Fuzzy Neural Networks to Intrusion Dectection”, Mini-Micro Systems, Vol. 23, Issue 10, pp 1234-1238, 2002.
[40] Li, T.-R., Pan, W.-M. , “Intrusion detection system based on new association rule mining model”, 2005 IEEE International Conference on Granular Computing, Beijing, China, 2005.
[41] Mei-Ling Shyu, Shu-Ching Chen, Kanoksri Sarinnapakorn, and LiWu Chang, “A Novel Anomaly Detection Scheme Based on Principal Component Classifier”, Proceedings of ICDM Foundation and New Direction of Data Mining workshop, pp 172-179, 2003.
[42] P.H. Wu, W.C. Peng, and M. S. Chen, “Mining Sequential Alarm Patterns in a Telecommunication Database”, Workshop on Databases in Telecommunications (VLDB 2001), Sept. 2001.
[43] Portnoy, L., Eskin, E., Stolfo, S., “Intrusion detection with unlabeled data using clustering”, ACM Workshop on Data Mining Applied to Security, Philadelphia, USA, 2001.
[44] Prelude, http://www.prelude-ids.org/
[45] R. Srikant and R. Agrawal, “Mining Sequential Patterns: Generalizations and Performance Improvements”, In Proc. Of the Fifth Int’l Conference on Extending Database Technology (EDBT’96), Avignon, France, Mar.1996.
[46] R. Srikant and R. Agrawal, “Mining Sequential Patterns”, IEEE International Conference on Data Engineering, pp 3-114, 1995.
[47] Rebecca G Bace，駭客入侵偵測專業手冊，賴冠州編譯，旗標出版股份有限公司，民國91年。
[48] Search Security Definitions, http://searchsecurity.techtarget.com
[49] Sheng Yi Jiang et al., “A clustering-based method for unsupervised intrusion detections”, Pattern Recognition Letters, 2006.
[50] Taylor, S., & Todd, P. , “Understanding information technology usage: A test of competing models”, Information Systems Research, Vol 6(2), pp 144-176, 1995.
[51] W. Lee, S.J. Stolfo, and K. Mok, “Adaptive Intrusion Detection: A Data Mining Approach”, Artificial Intelligence Review, pp 533-567, 2000.
[52] Wang, Q., Mehalooikonomou, V., “A Clustering Algorithm for Intrusion Detection”, The SPIE Conference on Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, Orlando, USA, 2005.
[53] Wenke Lee, “Applying Data Mining to Intrusion Detection: The Quest for Automation, Efficiency, and Credibility”, ACM SIGKDD Explorations Newsletter, Vol. 4, Issue 2, pp 35-42, 2002.
[54] Witten, I. H., Frank, E., Data Mining: Practical Machine Learning Tools and Techniques, San Francisco, CA: Morgan Kaufmann Publishers, 2005.
[55] Wuu, L.-C., Hung, C.-H., Chen, S.-F., “Building intrusion pattern miner for Snort network intrusion detection system”, Journal of Systems and Software, 80(10), 1699-1715, 2007.
[56] Yen-Liang Chen, Mei-Ching Chiang, Ming-Tat Kob, ‘‘Discovering time-interval sequential patterns in sequence databases’’, Expert Systems with Applications, Vol 25, pp 343–354, 2003.
[57] Zhong, S., Khoshgoftaar, T., Seliya, N., “Clustering-based network intrusion detection”, International Journal of Reliability, Quality and Safety, Vol 14(2), pp 169-187, 2007.

指導教授

許秉瑜(Ping-Yu Hsu)

審核日期

2010-7-28

推文