簡易檢索 / 詳目顯示
| 研究生: |
劉宏浩 Hung-Hao Liu |
|---|---|
| 論文名稱: |
以智慧型代理人為基礎的入侵偵測系統 Intrusion Detection Using Alert Correlation Methods Based on Multi-agent Systems |
| 指導教授: |
蘇豐文
Von-Wun Soo |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 資訊工程學系 Computer Science |
| 論文出版年: | 2004 |
| 畢業學年度: | 92 |
| 語文別: | 中文 |
| 論文頁數: | 47 |
| 中文關鍵詞: | 入侵偵測系統 、智慧型代理人 、警報相關 |
| 外文關鍵詞: | intrusion detection system, intelligent agent, alert correlation |
| 相關次數: | 點閱:2 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著科技的進步,網路已成為日常生活中不可缺少的一部份,不過藉由竊取他人資料賺取自身利益的駭客也就日以遽增,如何防範駭客的攻擊儼然已經變成了重要的研究課題,不幸的是,目前現有的入侵偵測系統(intrusion detection system)都不足以擔當起完整的防禦任務。
為了改善現有入侵偵測系統的缺點,本系統以現有的入侵偵測系統為基礎,並加入了下列元件,首先,加入了代理人(intelligent agent)的技術,使得入侵偵測系統能更自動化且具有防禦整個網域的功能。並且運用本體論(ontology)的技術,將駭客攻擊的方式利用本體論記錄下來,如此,我們可以在駭客入侵前推測出駭客的攻擊。最後加入了警報關聯(alert correlation)的技術,使本系統能夠整合不同入侵偵測系統所產生的警報,並且將真正的駭客攻擊過濾出來。
在本篇論文中,我們介紹了兩種不同的警報融合的方法來推算駭客的攻擊,分別是證據性融合以及推測性融合,證據性融合是利用警報代理人互相融合來推測駭客的入侵,而推測性融合則是利用貝式知識網絡(Bayesian belief network)來推測駭客的入侵。最後,在論文的實作中我們利用模擬器來模擬正常的網路行為中夾雜了駭客的入侵行為,並且測量在此種環境之下,兩種融合方法判斷駭客入侵的準確度以及是否皆能過濾掉大部分不重要的警報。
[1] A. Valdes and K. Skinner, “probabilistic-alert-correlation”, Recent Advances in Intrusion Detection (RAID), 2001.
[2] C. W. Geib and R. P. Goldman, “Plan Recognition in Intrusion Detection Systems”, DARPA Information Survivability Conference and Exposition (DISCEX), June 2001.
[3] E. Spafford, J.S. Balasubramaniyan, J.O.Garcia-Fernandez, D. Isacoff and D. Zamboni, “An architecture for intrusion detection using autonomous agents”, Purdue University, 1998.
[4] F. Cuppens, F. Autrel, A. Mi`ege and S. Benferha, “Correlation in an intrusion detection process”, Internet Security Communication Workshop (SECI), September 2002.
[5] F. Cuppens and R. Ortalo, “LAMBDA:A Language to Model a Database for Detection of Attacks”, Third International Workshop on the Recent Advances in Intrusion Detection (RAID'2000), October 2000.
[6] F. Cuppens and A. Miège, “Alert Correlation in a Cooperative Intrusion Detection Framework”, IEEE Symposium on Research in Security and Privacy, Oakland, May 2002.
[7] F. Cuppens, F. Autrel, A. Mi`ege and S. Benferhat, “Recognizing Malicious Intention in an Intrusion Detection Process”, Second International Conference on Hybrid Intelligent Systems, December 2002.
[8] Firewall, http://www.syau.edu.cn/nic/support/su7.htm.
[9] 簡易防火牆建置與流量統計, pangty.ta139.com/ipchains/0.htm.
[10] Honey pot, http://www.sarc.com/region/tw/enterprise/article/mantrap.html.
[11] J. Pikoulas, W.Buchanan, M.Mannion and K.Triantafyllopoulos, “An Intelligent Agent Security Intrusion System”, 9th Annual IEEE International Conference and Workshop on the Engineering of Computing Based Systems, April 2002.
[12] K. Boudaoud, N. Foukia and Z. Guessoum, “An Intelligent Agent Approach for Security Management”, 7th Plenary Workshop HP Openview University Association, June 2000.
[13] K. Boudaoud, Z. Guessoum and C. McCathieNevile, “Policy-based Security Management using a Multiagent system”, Proceedings of the 8th HP-OVUA Workshop, 2002.
[14] M. Bishop, “Vulnerabilities Analysis”, Proceedings of the Recent Advances in Intrusion Detection (RAID), September 1999.
[15] R. P. Goldman, C. W. Geib and C. A. Miller, “A new Model of Plan Recognition” proceedings of the Fifteenth Conference on Uncertainty in Artificial Intelligence (UAI), 1999.
[16] Snort, http://www.snort.org
[17] S. Russell and P. Norvig, “Artificial Intelligent - A Modern Approach” ,ISBN 0-13-080302-2, 2003
[18] T. Olukemi, I. Liabotis, O. Prnjat, L. Sacks, “Security and Resource Policy-based Management Architecture for ALAN”, Net-Con'2002 - IFIP and IEEE Conference on Network Control and Engineering for QoS , Security and Mobility, Paris, France, 2002.
全文公開日期 本全文未授權公開 (校內網路)全文公開日期 本全文未授權公開 (校外網路)