淡江大學覺生紀念圖書館 (TKU Library)
進階搜尋


下載電子全文限經由淡江IP使用) 
系統識別號 U0002-2706200810254300
中文論文名稱 結合異常偵測以及誤用偵測的入侵偵測模型
英文論文名稱 I AM Intrusion detection model
校院名稱 淡江大學
系所名稱(中) 資訊工程學系碩士班
系所名稱(英) Department of Computer Science and Information Engineering
學年度 96
學期 2
出版年 97
研究生中文姓名 黃吉興
研究生英文姓名 Chi-Hsing Huang
電子信箱 kind_warlock@hotmail.com
學號 695410752
學位類別 碩士
語文別 中文
第二語文別 英文
口試日期 2008-06-04
論文頁數 71頁
口試委員 指導教授-林丕靜
委員-汪柏
委員-陳穆臻
中文關鍵字 入侵偵測  誤用偵測  異常偵測  資料探勘  模糊理論  Poisson機率分配 
英文關鍵字 Intrusion detection  Misuse detection  Anomaly detection  data mining  Fuzzy theorem  Poisson distribution 
學科別分類 學科別應用科學資訊工程
中文摘要 此論文設計出一個網路入侵偵測模型,結合了入侵偵測系統現今最主要的兩個理論,誤用偵測以及異常偵測,並建構出誤用偵測引擎以及異常偵測引擎分層處理封包。誤用偵測引擎部分是以資料探勘技術加上模糊理論,找出經常一起發生的入侵行為以及入侵行為的間隔時間,減少警訊數量,並提高偵測比對封包效率。異常偵測部分則是利用Poisson機率分配,建構正常網路行為,找出新型攻擊,並降低異常偵測一般容易誤判的情形!
英文摘要 I AM Intrusion detection model Intergrades Anomaly detection and Misuse detection into Intrusion detection model. We construct Misuse detection engine and Anomaly detection engine by layering the intrusion detection models to manage packets.
Misuse detection engine uses data mining and fuzzy time theorem to discover sequential relationship among the intrusion activities and the time intervals between them. This engine could reduce alerts and make the detection more efficiently.
Anomaly detection engine uses Poisson distribution and Binomial distribution to construct normal network activities for detecting unknown network attacks, and to reduce false alarms.
論文目次 目錄 I
圖目錄 III
表格目錄 IV
第一章前言 1
1.1背景 1
1.2研究動機 1
1.3論文架構 2
第二章相關研究 2
2.1入侵偵測系統種類 2
2.1.1網路型入侵偵測系統 2
2.1.2主機型入侵偵測系統 3
2.1.3主從架構入侵偵測系統 5
2.2入侵偵測模型以及理論 6
2.2.1誤用偵測 7
2.2.2異常偵測 7
2.3 Snort 8
2.3.1 Snort規則語法 9
2.3.2 Snort規則庫 9
2.4 Poisson分配 (Poisson distribution) 10
2.5 Binomial分配(Binomial distribution) 11
2.6資料探勘(data mining)以及循序樣式探勘(sequential pattern mining) 12
2.6.1資料探勘 12
2.6.2循序樣式探勘 14
2.7 模糊理論 18
2.7.1 模糊隸屬函數(Fuzzy membership function) 18
2.7.2 模糊數種類 19
2.7.3 模糊運算(Fuzzy Arithmetic) 20
第三章 我是入侵偵測模型(I AM Intrusion detection model) 21
3.1模型架構 21
3.2誤用偵測引擎 22
3.2.1模糊時間循序樣式探勘器 25
3.2.2 取得模糊時間入侵循序樣式 29
3.2.3 修改Snort規則庫 29
3.3 異常偵測引擎 30
第四章 實驗舉例 35
第五章 結論及未來發展 52
參考文獻 54
附錄-英文論文 59

圖目錄

圖 1 3
圖 2 3
圖 3 4
圖 4 6
圖 5. 9
圖 6 10
圖 7 10
圖 8 11
圖 9 11
圖 10 12
圖 11 19
圖 12 20
圖 13 22
圖 14 23
圖 15 24
圖 16 24
圖 17 27
圖 18 27
圖 19 31
圖 20 32
圖 21 34
圖 22 49
圖 23 52
圖 24 53

表格目錄

表格 1 4
表格 2 8
表格 3 35
表格 4 36
表格 5 37
表格 6 37
表格 7 38
表格 8 39
表格 9 43
表格 10 44
表格 11 45
表格 12 46
表格 13 47
表格 14 48
表格 15 49
表格 16 50
表格 17 51

參考文獻 [1] Jay Beale, Caswell “Snort 2.1 Intrusion Detection, Second Edition”.

[2] http://www.snort.org

[3]薛宇盛.”入侵偵測系統實務”.文魁資訊股份有限公司,松崗電腦圖書有限公司,(2006年)

[4] The Snort Core Team. “The Snort FAQ”.

[5] http://www.informit.com/articles

[6] Boyer RS, Moore JS. “A fast string searching algorithm”. Communications of the ACM20. (1977), 762-772.
[7] Aho AV, Corasick MJ. “Efficient string matching: an aid to bibliographic search”, Communications of the ACM 18 (June 1975), pp. 333-340.

[8] Sun Wu, Udi Manber. “A Fast Algorithm For Multi-Pattern Searching”, Technical Report TR 94-17, University of Arizona at Tuscon, (May 1994).

[9] Yang Dong hong, Xu Ke, Cui Yong. “An Improved Wu-Manber Multiple Patterns Matching Algorithm”. Department of Computer Science and Technology, Tsinghua University, Beijing 100084, IEEE (2006)

[10] PO-CHING LIN, ZHI-XIANG LI, YING-DAR LIN, AND FRANK LIN.
“PROFILING AND ACCELERATING STRING MATCHING ALGORITHMS IN THREE NETWORK CONTENT SECURITY APPLICATIONS”.
NATIONAL CHIAO TUNG UNIVERSITY YUAN-CHENG LAI, NATIONAL TAIWAN UNIVERSITY OF SCIENCE AND TECHNOLOGY, CISCO SYSTEMS, INC, IEEE Communications Surveys & Tutorials • 2nd Quarter (2006)

[11] Marc Norton, Daniel Roelker. “Snort 2.0: High Performance Multi-Rule Inspection Engine”. Sourcefire, Inc. (2003).

[12] Daniel Roelker, Marc Norton. “Snort 2.0: Rule Optimizer”. Sourcefire, Inc. (2003)

[13] YAN Shu-ting, LIU Jia-Xin, WANG Xin-sheng. “Analysis and improvement of structure of snort rule chain”. Journal of Yanshan University (May 2006)

[14] PAN Wei-sheng. “Dissecting of Quick-rule Matching Module in Snort ”, School of computer Science, Zhaoqing University, Zhaoqing 526061 China. MODERN COMPUTER (April 2005)

[15]胡軍, 左明. “基於Snort的入侵檢測規則匹配技術研究”. 中國礦業大學計算機科學與技術學院. 計算機安全www.nsc.org.cn. (2007年2月)

[16]胡大輝, 劉乃琦. “高效的Snort規則匹配機制”. 成都電子科技大學,重慶西南大學. 中文核心期刊<微計算機信息>(2006年),第22卷,第2-3期.
[17] CHEN Tie-zhu. “Optimization on the Rule Sets of Snort”. Journal of naval aeronautical engineering institute. (Nov. 2006)

[18] Jamil Farshchi “Statistical-Based Intrusion Detection.” Privacy Statement copyright 2006, SecurityFocus. (2006)

[19] James Graham, Yingbing Yu, University of Louisville “Fuzzy Logic Model for computer security”.

[20] J.T. Yao, S.L. Zhao, L. V. Saxton, Department of computer Science University of Regina “A study on fuzzy intrusion detection”, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, pp. 23-30 (2005).

[21] Susan M. Bridges, Rayford B. Vaughn, Department of Computer Science Mississippi State University, “INTRUSION DETECTION VIA FUZZY DATA MINING”, Accepted for Presentation at The Twelfth Annual Canadian Information Technology Security Symposium June 19-23, 2000, The Ottawa Congress Centre. (2000)

[22] Jianxiong Luo, Susan M. Bridges. “MINING FUZZY ASSOCIATION
RULES AND FUZZY FREQUENCY EPISODES FOR INTRUSION DETECTION”. International Journal of Intelligent Systems, Volume 15, (August 2000)

[23] Wengdong Wang, Susan M. Bridges. “Genetic Algorithm Optimization of Membership Functions for Mining Fuzzy Association Rules”. International Joint Conference on Information Systems, Fuzzy Theory and Technology Conference, Atlantic City, N.J. (March 2, 2000).
[24] Susan M. Bridges, Rayford B. Vaughn. “An Improved Algorithm for Fuzzy Data Mining for Intrusion Detection”. IEEE (2002)

[25] Kumar Das, “Protocol Anomaly Detection for Network-based Intrusion Detection”. SANA Institute, (2002)

[26]曾憲雄,蔡秀滿,蘇東興,曾秋蓉,王慶堯. “資料探勘”. 旗標出版股份有限公司. (2006年3月)

[27] Lih-Chyau Wuu, Sout-Fong Chen, Department of Electronic Engineering National Yunlin University of Science and Technology, Taiwan, R.O.C.,
“Building Intrusion Pattern Miner for Snort Network Intrusion Detection System”,2003 IEEE. (2003)

[28]蘇民揚,張凱棊,魏華甫,林俊淵,甘懷誠, “使用改良型基因演算法於網路
入侵偵測系統之特徵選取”. TANET2007台灣網際網路研討會論文集
(2007)

[29] Susan M. Bridges, Rayford B. Vaughn, “Fuzzy data mining and Genetic algorithms applied to intrusion detection”.23rd National Information Systems Security Conference, (October 16-19, 2000)

[30] Ding-An Chiang, Nancy P. Lin and Louis R. Chow, “Fitting A Statistical Model For Dynamic Clustering Of Object-Oriented Database”. Department of information engineering, Tamkang University.

[31] Norbik Bashah, Idris Bharanidharan Shanmugam, and Abdul Manan Ahmed, “Hybrid Intelligent Intrusion Detection System”. PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY VOLUME 6 JUNE 2005 ISSN 1307-6884, (2005)

[32] Nancy. P. Lin and Pei-Yu Liao “Mining Fuzzy Time Sequential Patterns”. (2007)

[33] Nancy P. Lin, Chung-I Chang, Hao-En Chueh, Pei-Yu Liao, “Sequential Patterns Mining with Fuzzy Time-Intervals”. Department of information engineering, Tamkang University. (2008)

[34] R. Agrawal, R. Srikant, Mining sequential patterns, in: Proc. 1995 Internet. Conf. Data Engineering, pp.3–14, (1995).

[35] Han, J., Kamber, M., Data mining: Concepts and Techniques, Academic Press, (2001). Klir, G. J., Yuan, B., Fuzzy sets and Fuzzy Logic’, Theory and Applications, Prentice Hall PTR, (1995).

[36] Mannila, H., Toivonen, H., Inkeri Verkamo, A., ‘‘Discovery of frequent episodes in event sequences, ’’Data Mining and Knowledge Discovery, 1(3), pp.259-289, (1997).

[37] M. N. Garofalakis, R. Rastogi, and K. Shim, ‘‘SPIRIT: Sequential Pattern Mining with Regular Expression Constraints,’’ Proc. Int. Conf. on Very Large Data Bases (VLDB), pp. 223-234, (1999).

[38] J. Pei, J. Han, B. Mortazavi-Asl, H. Zhu, Mining access patterns efficiently from web logs, in: Proc. 2000 Pacific-Asia Conf. Knowledge Discovery and Data Mining, pp. 396–407, (2000).

[39] P. C. Wong, W. Cowley, H. Foote, E. Jurrus, and J. Thomas, ‘‘Visualizing sequential patterns for text mining,’’ Pacific Northwest National Laboratory. In Proceedings of IEEE Information Visualization,(2000).

[40] Yen-Liang Chen,*, Mei-Ching Chiang, Ming-Tat Kob, ‘‘Discovering time-interval sequential patterns in sequence databases,’’ Expert Systems with Applications, 25, pp.343–354, (2003).

[41] Yen-Liang Chen and Tony Cheng-Kui Huang, ‘‘Discovering Fuzzy Time-Interval Sequential Patterns in Sequence Databases,’’ IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART B: CYBERNETICS, VOL. 35, NO. 5, (Octobers 2005).

[42] Wu, P.-H, Peng, W.-C., Chen, M.-S., ‘‘Mining sequential alarm patterns in a telecommunication database,’’ Proceedings of Workshop on Databases in Telecommunications (VLDB 2001), pp. 37-51, (2001).
論文使用權限
  • 同意紙本無償授權給館內讀者為學術之目的重製使用,於2009-07-03公開。
  • 同意授權瀏覽/列印電子全文服務,於2009-07-03起公開。


  • 若您有任何疑問,請與我們聯絡!
    圖書館: 請來電 (02)2621-5656 轉 2281 或 來信