國立高雄大學圖資館 |

Language: English

Back

應用頻繁情節探勘以偵測網際網路多重攻擊行為 = Detection Mu...

劉俊宏

應用頻繁情節探勘以偵測網際網路多重攻擊行為 = Detection Multi-Phase Attacks with Frequent Episode Mining

Record Type:	Language materials, printed : monographic
Paralel Title:	Detection Multi-Phase Attacks with Frequent Episode Mining
Author:	劉俊宏,
Secondary Intellectual Responsibility:	國立高雄大學
Place of Publication:	[高雄市]
Published:	撰者;
Year of Publication:	2013[民102]
Description:	49面部份彩圖，表格 : 30公分;
Subject:	殭屍網路偵測
Subject:	BotNet Detection
Online resource:	http://handle.ncl.edu.tw/11296/ndltd/98178318910000836166
Notes:	參考書目：面46-49
Notes:	102年10月31日公開
Summary:	近年來,網際網路充滿了各式網路惡意攻擊事件,其發生的數量與頻率都呈現急速成長的趨勢。這類的網路上惡意攻擊的威脅已成為我們不得不面對的重要課題,為了解決此網路安全>問題,發展出許多不同的網路防禦技術。這些技術已從針對單一來源、單一目標攻擊的偵測演進到針對多重攻擊來源、多步驟攻擊行為。但面對多重攻擊來源、複雜攻擊步驟之新型>態多重網路攻擊技術, 現有的網路防禦機制卻往往不能發揮功能。在網路自動化惡意攻擊技術被大量應用的現今網路世界,許多近來的攻擊事件都可以看到這類多重攻擊的現象, 所以這類型嚴重的多重攻擊技術是網路安全急需重視的研究議題。有鑑於此,本研究運用多重攻擊步驟之間所存在的關聯特性,並以頻繁情節探勘分析(Frequent Episode Mining)技術為基礎,蒐集網路上實際的網路攻擊流量以進行分析,找出與攻擊>行為相關的可疑活動,建構一個具備偵測多重網路攻擊關聯性的網路安全偵測系統。本研究於實際的網路環境中使用誘捕收集而來的攻擊工具重現多重攻擊,以實證評估本研究所提出的偵測系統,結果驗證系統的確可以偵測出當前防護系統所不能發現的多重攻擊行為。希望能透過本研究的發現,使得在日後此類型攻擊事件發生時能更有效的偵測出多個潛在網路>攻擊來源與多重攻擊的進行方式,藉以提昇防禦此一類型的網際網路惡意攻擊。 In recent years, there were plenty of network attacks on the Internet. The count and frequency of network attacks growthed rapidily. For resolving this problem, researhers developed many diffirent kind of defense technologies. These technologies originally aimed single source, single target attacks, and some improments targeted multi-steps attacks. But for those multi-phase attacks with multi-target and complex steps, existing methods didn’t maximize their effectiveness. We found there are more and more automatic attacks being multi-phase attacks. So, the multi-phase attacks become a critical issue we must deal with in network security research.Therefore, this study proposes a new system with capability of detecting multi- phase attacks. The probosed system uses the relation betweeen the steps in a multi- phase attack and searchs suspicious network activies with Frequent Episode Mining from real network flow data and alerts of existed IDS. This study uses a real attack tool to evaluate the proposed system. The result shows the proposed system found behaviors in a multi-phase attack and Snort IDS didn’t treat those behaviors as attacks. We hope someday administrators can found how the attack exactly works when such multi-phase attacks arising and improve the defense against such attacks.

應用頻繁情節探勘以偵測網際網路多重攻擊行為 = Detection Multi-Phase Attacks with Frequent Episode Mining
劉, 俊宏

應用頻繁情節探勘以偵測網際網路多重攻擊行為 = Detection Multi-Phase Attacks with Frequent Episode Mining / 劉俊宏撰 - [高雄市] : 撰者, 2013[民102]. - 49面 ; 部份彩圖，表格 ; 30公分.
參考書目：面46-49102年10月31日公開.
殭屍網路偵測BotNet Detection

應用頻繁情節探勘以偵測網際網路多重攻擊行為 = Detection Multi-Phase Attacks with Frequent Episode Mining
LDR:04109nam0a2200289 450 001 389694
005 20170214101007.0
009 389694
010 0 $b 精裝
010 0 $b 平裝
100 $a 20170214d2013 k y0chiy05 e
101 1 $a chi $d chi $d eng
102 $a tw
105 $a ak am 000yy
200 1 $a 應用頻繁情節探勘以偵測網際網路多重攻擊行為 $d Detection Multi-Phase Attacks with Frequent Episode Mining $z eng $f 劉俊宏撰
210 $a [高雄市] $c 撰者 $d 2013[民102]
215 0 $a 49面 $c 部份彩圖，表格 $d 30公分
300 $a 參考書目：面46-49
300 $a 102年10月31日公開
314 $a 指導教授：陳建源博士，蕭漢威博士
328 $a 碩士論文--國立高雄大學資訊工程學系碩士班
330 $a 近年來,網際網路充滿了各式網路惡意攻擊事件,其發生的數量與頻率都呈現急速成長的趨勢。這類的網路上惡意攻擊的威脅已成為我們不得不面對的重要課題,為了解決此網路安全>問題,發展出許多不同的網路防禦技術。這些技術已從針對單一來源、單一目標攻擊的偵測演進到針對多重攻擊來源、多步驟攻擊行為。但面對多重攻擊來源、複雜攻擊步驟之新型>態多重網路攻擊技術, 現有的網路防禦機制卻往往不能發揮功能。在網路自動化惡意攻擊技術被大量應用的現今網路世界,許多近來的攻擊事件都可以看到這類多重攻擊的現象, 所以這類型嚴重的多重攻擊技術是網路安全急需重視的研究議題。有鑑於此,本研究運用多重攻擊步驟之間所存在的關聯特性,並以頻繁情節探勘分析(Frequent Episode Mining)技術為基礎,蒐集網路上實際的網路攻擊流量以進行分析,找出與攻擊>行為相關的可疑活動,建構一個具備偵測多重網路攻擊關聯性的網路安全偵測系統。本研究於實際的網路環境中使用誘捕收集而來的攻擊工具重現多重攻擊,以實證評估本研究所提出的偵測系統,結果驗證系統的確可以偵測出當前防護系統所不能發現的多重攻擊行為。希望能透過本研究的發現,使得在日後此類型攻擊事件發生時能更有效的偵測出多個潛在網路>攻擊來源與多重攻擊的進行方式,藉以提昇防禦此一類型的網際網路惡意攻擊。 In recent years, there were plenty of network attacks on the Internet. The count and frequency of network attacks growthed rapidily. For resolving this problem, researhers developed many diffirent kind of defense technologies. These technologies originally aimed single source, single target attacks, and some improments targeted multi-steps attacks. But for those multi-phase attacks with multi-target and complex steps, existing methods didn’t maximize their effectiveness. We found there are more and more automatic attacks being multi-phase attacks. So, the multi-phase attacks become a critical issue we must deal with in network security research.Therefore, this study proposes a new system with capability of detecting multi- phase attacks. The probosed system uses the relation betweeen the steps in a multi- phase attack and searchs suspicious network activies with Frequent Episode Mining from real network flow data and alerts of existed IDS. This study uses a real attack tool to evaluate the proposed system. The result shows the proposed system found behaviors in a multi-phase attack and Snort IDS didn’t treat those behaviors as attacks. We hope someday administrators can found how the attack exactly works when such multi-phase attacks arising and improve the defense against such attacks.
510 1 $a Detection Multi-Phase Attacks with Frequent Episode Mining $z eng
610 0 $a 殭屍網路偵測 $a 網路多重攻擊 $a 頻繁情節探勘 $a 網路安全
610 1 $a BotNet Detection $a Network Multi-Phase Attack $a Frequent Episode Mining $a Network Security
681 $a 008M/0019 $b 464103 7223 $v 2007年版
700 1 $a 劉 $b 俊宏 $4 撰 $3 614554
712 0 2 $a 國立高雄大學 $b 資訊工程學系碩士班 $3 353878
801 0 $a tw $b NUK $c 20131011 $g CCR
856 7 $z 電子資源 $2 http $u http://handle.ncl.edu.tw/11296/ndltd/98178318910000836166