淡江大學覺生紀念圖書館 (TKU Library)
進階搜尋


下載電子全文限經由淡江IP使用) 
系統識別號 U0002-2708201818335900
中文論文名稱 運用軟體定義網路流程表阻擋物聯網環境中之攻擊
英文論文名稱 Using SDN Flow Tables to Block Attacks in IoT Environments
校院名稱 淡江大學
系所名稱(中) 電機工程學系碩士班
系所名稱(英) Department of Electrical Engineering
學年度 106
學期 2
出版年 107
研究生中文姓名 洪子超
研究生英文姓名 Tzu-Chao Hung
學號 605450047
學位類別 碩士
語文別 中文
口試日期 2018-07-06
論文頁數 117頁
口試委員 指導教授-莊博任
委員-許獻聰
委員-陳省隆
中文關鍵字 物聯網  軟體定義網路  入侵檢測系統  流程表  規則生成  蜜罐  機器學習  異常檢測  特徵選擇  攻擊檢測  電腦網路安全 
英文關鍵字 Internet of Things(IoT)  Software Defined Networks(SDNs)  Intrusion Detection System(IDS)  Flow table  Rule generator  Honeypot  Machine learning  Anomaly detection  Feature selection  Attack detection  Computer network security 
學科別分類 學科別應用科學電機及電子
中文摘要 物聯網帶來了便利與安全,開啟人們新的世代。諸如智能冰箱、穿戴裝置以及網路監視器…等等,此類商品已經普及的在各個家庭中,因此產生出大量數據。但是隨之而來的缺失愈來愈明顯,隨著物聯網時代的序幕,網路攻擊也愈來愈普遍。此原因能夠歸咎於物聯網設備的密碼安全性不足,因此導致專門針對物聯網環境的惡意軟件能夠使用brute force取得密碼,並且惡意軟件攻擊讓該物聯網設備成為殭屍。所以隨著物聯網設備的增加,DDoS也隨之嚴重且普遍。
目前的論文大多數是採用入侵檢測系統(Intrusion-detection system, IDS)或是防火牆,偵測攻擊流量並且抵禦攻擊。但是此種做法不適用在高速的網路環境中,當面對流量龐大的骨幹網路,IDS會來不及偵測進而使未經檢測的攻擊封包到達目的主機。IDS使用規則辨識攻擊,在面對未知攻擊時不能夠防範,只能等到未知攻擊被專業人員解析,再新增規則至IDS內才能擋掉攻擊。在這之間所需的時間是以天數為單位在計算,攻擊早已經達成目的並且將病毒擴散的更廣。
本論文提出在Openflow switch上架設蜜罐(Honeypot)收集攻擊流量,並且使用機器學習進行異常檢測,透過此種方式能夠在不影響網路速度前提下,找到並防範未知攻擊。透過有效運用Flow table的功能,我們藉由匹配header來抵禦攻擊流量,而不是阻擋攻擊者的所有流量。在物聯網環境之下使用Flow table防範攻擊,不但能夠透過SDN支援更龐大的流量,也能夠減少流量形式的攻擊帶來的網路壅塞。
實驗結果證實,Flow table在面對DDoS的高流量以及短數據包的攻擊,比起IDS擁有更佳的捕獲率。在阻擋攻擊流量方面,能夠辨識出正常流量與攻擊流量的差異,而不用阻擋攻擊者的所有流量。我們提出在Openflow switch上架設Honeypot收集攻擊流量與既有文獻做法相比,可以在不延遲網路的情況下找到未知攻擊並且完成異常檢測。
英文摘要 The Internet of Things brings convenience and security and opens up new generations. Such products as smart refrigerators, wearable devices, and network monitors, etc., have been popularized in various households, thus generating a large amount of data. But the consequent lacks are becoming more and more obvious. With the prelude of the Internet of Things era, cyber attacks are becoming more and more common. This can be attributed to insufficient password security for IoT devices, which results in malware specifically targeting the IoT environment being able to use brute force to obtain passwords and malware attacks make the IoT device a zombie. Therefore, with the increase of IoT devices, DDoS is also serious and widespread.
Most of the current theses use an Intrusion-detection system (IDS) or a firewall to detect attack traffic and defend against attacks. However, this method is not suitable for use in a high-speed network environment. When faced with a heavy backbone network, IDS will not be able to detect packets and cause undetected attack packets to reach the destination host. IDS uses rules to identify attacks. It cannot be prevented in the face of unknown attacks. It can only wait until the unknown attack is resolved by the professional, and then add rules to the IDS to block the attack. The time required between these is calculated in units of days, and the attack has already achieved its purpose and spread the virus more widely.
This thesis proposes to set up a honeypot on the Openflow switch to collect attack traffic, and use machine learning to identify the abnormality. In this way, unknown attacks can be found and prevented without affecting network speed. By effectively using the Flow table feature, we match the headers to defend against attack traffic, rather than blocking all traffic from the attacker. Using Flow Table to defend against attacks in the IoT environment can not only support larger traffic through SDN, but also reduce network congestion caused by traffic-type attacks.
The experimental results confirm that Flow table has a better capture rate than IDS in the face of DDoS high traffic and short packet attacks. In blocking attack traffic, the difference between normal traffic and attack traffic can be identified without blocking all traffic of the attacker. We propose to set up Honeypot on the Openflow switch to collect attack traffic. Compared with the existing literature, we can find unknown attacks and complete anomaly detection without delaying the network.
論文目次 目錄
第一章、緒論 1
1.1、研究動機 1
1.2、問題描述與解決方案 2
1.3、論文架構 3
第二章、相關研究背景 4
2.1、物聯網 4
2.1.1、物聯網與SDN 5
2.1.2、物聯網中的攻擊 8
2.1.3、Flow table阻擋物聯網攻擊 14
2.2、軟體定義網路 15
2.2.1、Flow table 16
2.2.2、Ryu控制器 26
2.2.2.1、Argus 27
2.2.2.2、Honeyd 27
2.2.2.3、WEKA 28
2.2.3、Mininet 29
2.3、入侵檢測系統 30
2.3.1、基於有效載荷的入侵檢測系統 30
2.3.2、基於流的入侵檢測系統 31
2.4、過去的解決方案 32
2.4.1、IDS阻擋攻擊 32
2.4.2、Flow table阻擋攻擊 34
2.4.2.1、控制器判斷攻擊 34
2.4.2.2、機器學習判斷攻擊 37
第三章、提出之新方法 40
3.1、檢測並防範未知攻擊 40
3.1.1、收集流量 40
3.1.2、機器學習 43
3.1.3、制定規則 46
3.2、控制器辨識攻擊流量 47
3.3、Argus取出流量特徵 48
3.4、Flow table阻擋攻擊 50
第四章、模擬評估 52
4.1、實驗環境與測試資料 52
4.2、吞吐量評估 54
4.2.1、Flow based IDS 54
4.2.1.1、Snort 55
4.2.1.2、Bro 60
4.2.2、Flow table 62
4.2.3、討論 66
4.3、整體架構 67
4.3.1、檢測時間 70
4.3.2、CPU使用率 74
4.3.3、討論 74
4.4、特徵選擇 76
4.4.1、SDN 77
4.4.2、Argus 78
4.4.3、討論 81
4.5、控制器判斷嫌疑流量 82
4.5.1、Brute force 84
4.5.2、Probe 86
4.5.3、DoS 90
4.5.4、討論 94
4.6、實作 95
4.6.1、吞吐量比較 96
4.6.2、整體架構 98
4.6.3、討論 101
第五章、結論與未來工作 102
參考文獻 105


圖目錄
圖2.1、物聯網三層 5
圖2.2、提出的物聯網環境 7
圖2.3、物聯網中的攻擊 8
圖2.4、SDN分層架構圖 16
圖2.5、OpenFlow Switch架構 16
圖2.6、OpenFlow switch處理packet流程 17
圖2.7、Flow entry主要組成部分 18
圖2.8、每層的match field參數 22
圖2.9、每層主要的設定目標 23
圖2.10、Flow entry規則範例 26
圖2.11、IDS在SDN的架構圖 33
圖2.12、SDN特徵使用機器學習[45] 38
圖2.13、SDN特徵使用機器學習[46] 38
圖3.1、Honeypot回應ICMP_flood 42
圖3.2、整體架構 42
圖3.3、分類模型事前訓練流程 44
圖3.4、已知攻擊的分類法 44
圖3.5、提取蜜罐流量的特徵 45
圖3.6、WEKA的辨識結果 46
圖3.7、Flow entry擋掉DoS的攻擊 46
圖3.8、防範brute force攻擊的Flow entry 51
圖4.1、IDS在SDN的架構圖 55
圖4.2、IDS在SDN模擬的架構圖 56
圖4.3、Snort對應Flow entry規則 56
圖4.4、Snort設置的規則 57
圖4.5、不同規則數目的捕獲率以及速率的比較圖 58
圖4.6、使用SYN-flood比較規則 59
圖4.7、10000條充數規則的協議分配 59
圖4.8、不同規則數目根據協議比例的捕獲率 60
圖4.9、Bro的腳本 61
圖4.10、700mbps下的捕獲率 61
圖4.11、Bro面對短數據包的捕獲率 62
圖4.12、Flow table架構圖 63
圖4.13、Snort的三條攻擊規則做對應 64
圖4.14、Flow table與Snort互相對應的充數規則 64
圖4.15、Flow entry增加比對到的packets 65
圖4.16、Flow entry的比對數目是20mbps的兩倍 65
圖4.17、Flow table面對短數據包的捕獲率 66
圖4.18、文件大小的檢測時間 73
圖4.19、檢測時間的CPU使用率 74
圖4.20、使用C4.5評價SDN特徵的檢測率 78
圖4.21、使用Argus全部特徵的檢測率 78
圖4.22、CfsSubsetEval選擇的特徵 79
圖4.23、對CfsSubsetEval選擇的特徵執行C4.5 79
圖4.24、InfoGainAttributeEval選擇的特徵 80
圖4.25對InfoGainAttributeEval選擇的特徵執行C4.5 80
圖4.26、Brute force攻擊的Flow entry 85
圖4.27、Controller面對brute force攻擊的準確率 86
圖4.28、Probe攻擊的Flow entry 88
圖4.29、Controller設置Flow entry將嫌疑流量流進蜜罐 88
圖4.30、將攻擊者後續流量轉至蜜罐 88
圖4.31、Controller面對probe攻擊的準確率 89
圖4.32、機器學習面對各種攻擊的分類結果 90
圖4.33、ICMP協議 91
圖4.34、ICMP_flood的Flow entry 92
圖4.35、Flow entry阻擋攻擊封包個數 92
圖4.36、Controller面對DoS攻擊的準確率 93
圖4.37、IDS架構圖 97
圖4.38、Snort IDS的掉包率 97
圖4.39、Flow table架構圖 98
圖4.40、Flow table面對短數據包的捕獲率 98
圖4.41、實作架構圖 99
圖4.42、Controller下達drop的Flow entry 100
圖4.43、Switch的CPU使用率 101











表目錄
表2.1、物聯網中的物理攻擊 9
表2.2、物聯網中的網路攻擊 10
表2.3、物聯網中的軟件攻擊 12
表2.4、物聯網中的加密攻擊 13
表2.5、Flow entry說明 18
表2.6、Openflow1.3的match fields參數 20
表2.7、OpenFlow Switch Counters 24
表2.8、Action常用指令 25
表2.9、使用Flow tale防範DDoS論文比較 35
表3.1、Flow entry的流量統計資訊 47
表3.2、Argus特徵 49
表4.1、使用的流量資料 53
表4.2、整體架構使用的特徵 67
表4.3、與既有文獻比較 69
表4.4、檢測時間 70
表4.5、異常檢測步驟 72
表4.6、使用SDN特徵的檢測時間 73
表4.7、機器學習使用的數據集 76
表4.8、從switch取得的特徵 77
表4.9、Controller判斷攻擊的依據 83
表4.10、實作異常檢測步驟 100


參考文獻 參考文獻
[1] Anna Sperotto, Gregor Schaffrath, Ramin Sadre, Cristian Morariu, Aiko Pras, Burkhard Stiller, “An Overview of IP Flow-Based Intrusion Detection,” IEEE Communications Surveys & Tutorials, vol. 12, Third Quarter 2010, pp.343 – 356
[2] M Anirudh, S Arul Thileeban, Daniel Jeswin Nallathambi, “Use of honeypots for mitigating DoS attacks targeted on IoT networks” International Conference on Computer, Communication and Signal Processing (ICCCSP) , Jan. 2017
[3] S. Khan, M. Ali, N. Sher, Y. Asim, W. Naeem, M. Kamran, “Software-Defined Networks (SDNs) and Internet of Things (IoTs): A Qualitative Prediction for 2020,” International Journal of Advanced Computer Science and Applications, vol. 7, no. 11, 2016, pp.385-404
[4] Suman Sankar Bhunia, Mohan Gurusamy, “Dynamic attack detection and mitigation in IoT using SDN,” International Telecommunication Networks and Applications Conference (ITNAC), Nov. 2017
[5] Eun Joo Kim, Jong Arm Jun, Nae-Soo Kim “The method of controlling traffic paths in IoT-based software defined network,” IEEE 7th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), Oct. 2016
[6] Akram Hakiri, Bassem Sellami, Prithviraj Patil, Pascal Berthou, Aniruddha Gokhale, “Managing Wireless Fog Networks using Software-Defined Networking” 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), Nov. 2017, pp.1149-1156
[7] Lina Huang, Gaolei Li, Jun Wu, Lan Li, Jianhua Li, Rosario Morello, “Software-defined QoS provisioning for fog computing advanced wireless sensor networks” 2016 IEEE SENSORS, Nov. 2016, pp.1-3
[8] Jyoti Deogirikar, Amarsinh Vidhate, “Security attacks in IoT: A survey,” IoT in Social, Mobile, Analytics and Cloud (I-SMAC), Feb. 2017, pp.32-37
[9] S.N Uke, A. R Mahajan, R. C Thool, “UML Modeling of Physical and Data Link Layer Security Attacks in WSN,” International Journal of Computer Applications, vol. 70, no. 11, May 2013, pp.25-28
[10] Li Hong, Y. Chen, Z. He, “The Survey of RFID Attacks and Defenses,” Wireless Communications, Networking and Mobile Computing, Sept. 2012, pp.1-4
[11] F. Kandah, Y. Singh, W. Zhang and C. Wang, “Mitigating colluding injected attack using monitoring verification in mobile ad-hoc networks,” Security and Communication Networks, pp. 1939–0122, 2013.
[12] Tapalina Bhattasali, Rituparna Chaki, Sugata Sanyal, “Sleep Deprivation Attack Detection in Wireless Sensor Net-work,” in International Journal of Computer Applications, Vol. 40, no. 15, 2012, pp.19-25
[13] Priyanka S. Fulare, Nikita Chavhan, “False Data Detectionin Wireless Sensor Network with Secure Communication,” in International Journal of Smart Sensors and AdHoc Networks(IJSSAN), vol. 1, 2011, pp.66-71
[14] I. Andrea, C. Chrysostomou, G. Hadjichristofi, “Internet of Things: Security vulnerabilities and challenges,” IEEE Symposium on Computers and Communication (ISCC), pp. 180-187, 2015.
[15] Md. I. Abdullah, M. M. Rahman and M. C. Roy, “Detecting Sinkhole Attacks in Wireless Sensor Network using Hop Count,” I. J. Computer Network and Information Security, pp. 50–56, 2015.
[16] Wahid, Abdul, P. Kumar, “A Survey on attacks, Challenges and Security Mechanism In wireless Sensor Network,” JIRST- International Journal for Research in Science & Technology, vol. 1, pp. 189–196, January 2015.
[17] M.U. Farooq, M. Waseem, A. Khairi, S. Mazhar, “A Critical Analysis on the Security Concerns of Internet of Things (IoT),” International Journal of Computer Applications, vol.111, no. 7, February 2015.
[18] John R. Douceur, “The Sybil Attack,” in Peer-to-Peer Systems- IPTPS, 2002, pp. 251-260
[19] C. Kolias, G. Kambourakis, A. Stavrou, J. Voas, “DDoS in the IoT: Mirai and Other Botnets,” IEEE Computer, vol. 50, no. 7, pp. 80-84, July 2017
[20] Michele De Donno, Nicola Dragoni, Alberto Giaretta, Angelo Spognardi “Analysis of DDoS-capable IoT malwares,” Federated Conference on Computer Science and Information Systems (FedCSIS), Sept. 2017, pp.807-816
[21] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, “OpenFlow,” ACM SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, p. 69, Mar. 2008.
[22] 王協源, 鄭力維, 張華婷, “軟體定義網路技術簡介及發展趨勢,” NCP Newsletter, no.57, November .2013.
[23] “ONF White Paper.” [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf.
[24] 廖振宇, “以軟體定義網路改善Hadoop叢集之運作效能,” June.2015
[25]“OpenFlow Switch Specification, version 1.3.4.” [Online]. Available: https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-switch-v1.3.4.pdf.
[26] J.-R. Jiang, H.-W. Huang, J.-H. Liao, and S.-Y. Chen, “Extending Dijkstra’s shortest path algorithm for software defined networking,” in The 16th Asia-Pacific Network Operations and Management Symposium, 2014, pp. 1–4.
[27]“Flowgrammable” [Online]. Available: “http://flowgrammable.org/sdn/openflow/classifiers/#tab_ofp_1_3_0”
[28] O. Flauzac, C. González, A. Hachani, F. Nolot, “SDN based architecture for IoT and improvement of the security,” 29th IEEE WAINA Conference, March 2015, pp. 688-693.
[29] “Ryu.” [Online]. Available: http://osrg.github.io/ryu/.
[30] “Argus”[Online], Available:https://qosient.com/argus/
[31] Nour Moustafa, Jill Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” Military Communications and Information Systems Conference (MilCIS), Nov. 2015, pp. 1 – 6
[32] “Honeyd” [Online]. Available: http://www.honeyd.org/
[33] Wei Chen, Jun Yao, Jingjing Tan, “The Design and Implementation of the Honeypot System Based on Spark,” International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS), Jan. 2018, pp.545-548
[34] W. Zhang, B. Qu, “Security architecture of the Internet of Things oriented to perceptual layer,” Int. J. Comput. Consum. Control, vol. 2, no. 2, pp. 37-45, Jun. 2013.
[35] Albert Sagala, “Automatic SNORT IDS rule generation based on honeypot log,” International Conference on Information Technology and Electrical Engineering (ICITEE), Oct. 2015, pp. 576 - 580
[36] Daniel Silalahi, Yudistira Asnar, Riza Satria Perdana, “Rule generator for IPS by using honeypot to fight polymorphic worm,” International Conference on Data and Software Engineering (ICoDSE) , Nov. 2017
[37] “WEKA” [Online]. Available: https://www.cs.waikato.ac.nz/ml/index.html
[38] Gaurav Meena, Ravi Raj Choudhary, “A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA” International Conference on Computer, Communications and Electronics (Comptelix), July 2017, pp.553- 558
[39] Vrushali Mhetre, Mayura Nagar, “Classification based data mining algorithms to predict slow, average and fast learners in educational system using WEKA” International Conference on Computing Methodologies and Communication (ICCMC), July 2017, pp.475-479
[40] NS Chandolikar, VD Nandavadekar, “Efficient algorithm for intrusion attack classification by analyzing KDD Cup 99” Wireless and Optical Communications Networks (WOCN), Sept. 2012, pp. 1 - 5
[41] Preeti Aggarwal, Sudhir Kumar Sharma, “An Empirical Comparison of Classifiers to Analyze Intrusion Detection,” Advanced Computing & Communication Technologies, Feb. 2015, pp. 446 - 450
[42] Safwan Mawlood Hussein, “Performance Evaluation of Intrusion Detection System Using Anomaly and Signature Based Algorithms to Reduction False Alarm Rate and Detect Unknown Attacks” Computational Science and Computational Intelligence (CSCI), Dec. 2016, pp.1064-1069
[43] “Mininet”[Online], Available: http://mininet.org/walkthrough/
[44] B. Claise, “Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information,” RFC 5101 (Proposed Standard), June. 2015,
[45] Atiku Abubakar, Bernardi Pranggono, “Machine learning based intrusion detection system for software defined networks,” Emerging Security Technologies (EST) , Sept. 2017, pp.138-143
[46] Luca Boero, Mario Marchese, Sandro Zappatore, “Support Vector Machine Meets Software Defined Networking in IDS Domain,” 29th International Teletraffic Congress (ITC 29), Sept. 2017, pp.25-30
[47] N. N. Dao, J. Park, M. Park, S. Cho, “A feasible method to combat against DDoS attack in SDN network,” International Conference on Information Networking (lCOIN), pp. 309-311, Jan. 2015
[48] S. M. Mousavi, M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers,” International Conference in Computing Networking and Communications (ICNC), pp. 77-81, Feb. 2015
[49] C. Buragohain, N. Medhi, “FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers,” 3rd International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519-524, Feb. 2016
[50] Christos Gkountis, Miran Taha, Jaime Lloret, Georgios Kambourakis “Lightweight algorithm for protecting SDN controller against DDoS attacks,” Wireless and Mobile Networking Conference (WMNC), Sept. 2017
[51] Y. Xu, Y. Liu, “DDoS attack detection under SDN context,” The 35th Annual IEEE International Conference on Computer Communications (INFOCOM), pp. 1-9, Apr. 2016
[52] S. A. Mehdi, J. Khalid, S. A. Khayam, “Revisiting Traffic Anomaly Detection Using Software Defined Networking,” Recent Advances in Intrusion Detection (RAID), vol. 6961, pp. 161-180, 2011.
[53] J. H. Jafarian, E. Al-Shaer, Q. Duan, “Openflow Random Host Mutation: Transparent Moving Target Defense using Software Defined Networking,” Proceedings of the First Workshop on Hot Topics in Software Defined Networks (HotSDN'12), pp. 127-132, Aug. 2012.
[54] S. Shin, V. Yegneswaran, P. Porras, G. Gu, “AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks,” Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS'13), pp. 413-424, Nov. 2013.
[55] Huiqiang Yuwen, Liancheng Zhang, Zhenxing Wang, Yazhou Kong, “Probability-based delay scheme for resisting SDN scanning” International Conference on Computer and Communications (ICCC), Oct. 2016, pp.1096-1101
[56] Linda Markowsky, George Markowsky, “Scanning for vulnerable devices in the Internet of Things” Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Sept. 2015, pp. 463 - 467
[57] Te-Jen Su, Shih-Ming Wang, Yi-Feng Chen, Chao-Liang Liu, “Attack detection of distributed denial of service based on Splunk” International Conference on Advanced Materials for Science and Engineering (ICAMSE), Nov. 2016, pp.397-400
[58] Ashaq Hussain Dar, Beenish Habib, Farida Khurshid, M. Tariq Banday, “Experimental analysis of DDoS attack and it's detection in Eucalyptus private cloud platform” International Conference on Advances in Computing, Communications and Informatics (ICACCI), Sept. 2016, pp.1718-1724
[59] Hudan Studiawan, Baskoro Adi Pratomo, Radityo Anggoro, ”Clustering of SSH brute-force attack logs using k-clique percolation,” Information & Communication Technology and Systems (ICTS), Oct. 2016, pp.39-42
[60] Alessandro Sforzin, Félix Gómez Mármol, Mauro Conti, Jens-Matthias Bohli, “RPiDS: Raspberry Pi IDS — A Fruitful Intrusion Detection System for IoT” Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), July 2016, pp.440-448
[61] Naser Fallahi, Ashkan Sami, Morteza Tajbakhsh, “Automated flow-based rule generation for network intrusion detection systems” Iranian Conference on Electrical Engineering (ICEE), May 2016, pp.1948-1953
[62] Dhanashri Ashok Bhosale, Vanita Manikrao Mane, “Comparative study and analysis of network intrusion detection tools” International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), Oct. 2015, pp. 312 - 315
[63] Hashem Alaidaros, M. Mahmuddin, “Flow-Based Approach on Bro Intrusion Detection,” Journal of Telecommunication, Electronic and Computer Engineering, vol. 9, 2017, pp.139-145
[64] Muhammad Shafiq, Xiangzhan Yu, Asif Ali Laghari, “WeChat Text Messages Service Flow Traffic Classification Using Machine Learning Technique,” International Conference on IT Convergence and Security (ICITCS), Sept. 2016, pp.1-5
[65] Markus Miettinen, Samuel Marchal, Ibbad Hafeez, N. Asokan, Ahmad-Reza Sadeghi, Sasu Tarkoma, “IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT,” in Proc. 37th IEEE International Conference on Distributed Computing Systems (ICDCS 2017), Jun. 2017.
[66] Tharmini Janarthanan, Shahrzad Zargari, “Feature selection in UNSW-NB15 and KDDCUP'99 datasets,” International Symposium on Industrial Electronics (ISIE), June 2017, pp.1881-1886
[67] D. Stiawan, M. Y. Idris, A. H. Abdullah, F. Aljaber, R. Budiarto, “Cyber-attack penetration test and vulnerability analysis,” International Journal of Online Engineering, vol. 13, pp. 125-132, 2017.
[68] A. Joshi, M. wazid, R. H. Goudar, “An Efficient Cryptographic Scheme for Text Message Protection Against Brute Force and Cryptanalytic Attacks,” Procedia Computer Science, vol. 48, pp. 360-366, 2015.
[69] K. Kaynar, “A taxonomy for attack graph generation and usage in network security,” Journal of Information Security and Applications, vol. 29, pp. 27-56, 2016.
[70] S. Anandita, Y. Rosmansyah, B. Dabarsyah, J. U. Choi, “Implementation of dendritic cell algorithm as an anomaly detection method for port scanning attack,” 2015 International Conference on Information Technology Systems and Innovation (ICITSI), pp. 1-6, 2015.
[71] J. Vykopal, A. Abraham, J. Lloret, J. F. Buford, J. Suzuki, S. M. Thampi, “A Flow-Level Taxonomy and Prevalence of Brute Force Attacks,” in Advances in Computing and Communications, Springer Berlin Heidelberg, vol. 191, pp. 666-675, 2011.
[72] M. Jonker, R. Hofstede, A. Sperotto, A. Pras, “Unveiling flat traffic on the internet: an SSH attack case study,” Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management, pp. 270-278, 2015.
[73] Prachi Deshpande, Aditi Aggarwal, S.C. Sharma, P.Sateesh Kumar, Ajith Abraham, “Distributed port-scan attack in cloud environment,” Computational Aspects of Social Networks, Aug. 2013, pp. 27 - 31
[74] Elias Bou-Harb, Mourad Debbabi, Chadi Assi, “Cyber Scanning: A Comprehensive Survey,” IEEE Comm. Surveys & Tutorials, vol. 16, no. 3, 2014, pp.1496-1519
[75] Masoud Hasanifard, Behrouz Tork Ladani, “DoS and port scan attack detection in high speed networks” Information Security and Cryptology, Sept. 2014, pp.61-66
[76] M. Bhuyan, D. Bhattacharyya, and J. Kalita, “Surveying port-scans and their detection methodologies” The Computer Journal, vol. 54, no. 10, pp. 1565-1581, Oct., 2011
[77] Seungwoon Lee, Sun-young Im, Seung-Hun Shin, Byeong-hee Roh, Cheolho Lee, “Implementation and vulnerability test of stealth port scanning attacks using ZMap of censys engine” Information and Communication Technology Convergence (ICTC), Oct. 2016, pp.681-683
論文使用權限
  • 同意紙本無償授權給館內讀者為學術之目的重製使用,於2019-08-29公開。
  • 同意授權瀏覽/列印電子全文服務,於2019-08-29起公開。


  • 若您有任何疑問,請與我們聯絡!
    圖書館: 請來電 (02)2621-5656 轉 2486 或 來信