Language:
English
繁體中文
Help
圖資館首頁
Login
Back
Switch To:
Labeled
|
MARC Mode
|
ISBD
以網路流量偵測SSH字典攻擊與追蹤之研究 = A Study of Us...
~
國立高雄大學亞太工商管理學系碩士班
以網路流量偵測SSH字典攻擊與追蹤之研究 = A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack
Record Type:
Language materials, printed : monographic
Paralel Title:
A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack
Author:
薛昱仁,
Secondary Intellectual Responsibility:
國立高雄大學
Place of Publication:
[高雄市]
Published:
撰者;
Year of Publication:
2009[民98]
Description:
[8], 40面圖,表 : 30公分;
Subject:
字典攻擊
Subject:
Dictionary Attack
Online resource:
http://handle.ncl.edu.tw/11296/ndltd/10213328531688922430
Notes:
指導教授:蕭漢威
Notes:
參考書目:面39-40
Summary:
隨著各式網際網路應用程式的快速發展,在網路上進行身份認證是無可避免的流程,密碼認證的方法是目前仍無法取代的認證方式。而字典攻擊手法為利用字典中經常出現的字詞猜測使用者可能的密碼,這類字典攻擊的技術仍被入侵者拿來做為主要的入侵手段之一。近年來觀察位於網際網路上的伺服器日誌檔,經常有許多入侵者以字典攻擊的方法試圖入侵伺服器,這類的攻擊方法因為網路程式的技術日益發達,有許多利用字典攻擊自動入侵的機制被發展出來,所以這類的攻擊事件有越來越嚴重的趨勢,造成了各級網管人員的困擾。本研究利用了網路 NetFlow 的流量資料,蒐集了針對SSH通信協定進行字典攻擊的流量記錄,以資料探勘中分類分析技術的貝式機率演算法、決策樹演算法與支援向量機演算法,建立了一個有效的偵測模組。在本研究中實證了這個偵測模組有很好的效果,在預測準確率上可達 90% 以上的正確率。此外,本研究並且利用SSH字典攻擊偵測模組所偵測到的攻擊IP與NetFlow資料發展SSH字典攻擊追蹤演算法,藉以幫助網路管理者追蹤SSH字典攻擊的主機,並找出其間的攻擊路徑拓樸關係以找出較早發動字典攻擊的主機位址。研究結果將可以有效的提供網路管理人員從網路流量的記錄中自動找出潛在進行的SSH字典攻擊跳板,並協助找出目前網路內的SSH字典攻擊發動路徑的拓樸關係,對於提高網路安全防護具有很大的幫助。 With the rapid growth of technology, there are many applications system needs to authenticate in the Internet environment. User account and password is a simply and general way for authentication in network. The dictionary attack means that attackers attempt to login some user accounts illegally by trying all possible password. There are a lot of login failed SSH service login records in the system authentication logs file, that become a usually situation on the Taiwan Academic Network environment. It implies that dictionary attack is a serious intrusive event.In this paper, we propose a classification-based detection module to detect SSH dictionary attack. We used three data mining classification algorithms, Naïve Bayes, decision tree and SVM to build our SSH dictionary attack detection module. We collected real world NetFlow traffic data in a month as our training samples to build our detection system. Our empirical evaluation results show that the proposed detection module reaches above 90% detection accuracy. Further, we used detection module and NetFlow history data to develop the SSH dictionary attack tracking algorithm. We try to find out the topology of IP address that launched SSH dictionary attack, and try to trace back the origin of SSH dictionary attacker. This research result that could be helps the network managers to detect implicit dictionary attack behaviors to improve the network security.
以網路流量偵測SSH字典攻擊與追蹤之研究 = A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack
薛, 昱仁
以網路流量偵測SSH字典攻擊與追蹤之研究
= A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack / 薛昱仁撰 - [高雄市] : 撰者, 2009[民98]. - [8], 40面 ; 圖,表 ; 30公分.
指導教授:蕭漢威參考書目:面39-40.
字典攻擊Dictionary Attack
以網路流量偵測SSH字典攻擊與追蹤之研究 = A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack
LDR
:04209nam0a2200277 450
001
137156
005
20170214091012.0
009
137156
010
0
$b
精裝
010
0
$b
平裝
100
$a
20170214y2009 k y0chiy09 e
101
1
$a
chi
$d
chi
$d
eng
102
$a
tw
105
$a
ak am 000yy
200
1
$a
以網路流量偵測SSH字典攻擊與追蹤之研究
$d
A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack
$z
eng
$f
薛昱仁撰
210
$a
[高雄市]
$c
撰者
$d
2009[民98]
215
0
$a
[8], 40面
$c
圖,表
$d
30公分
300
$a
指導教授:蕭漢威
300
$a
參考書目:面39-40
328
$a
碩士論文--國立高雄大學亞太工商管理學系研究所
330
$a
隨著各式網際網路應用程式的快速發展,在網路上進行身份認證是無可避免的流程,密碼認證的方法是目前仍無法取代的認證方式。而字典攻擊手法為利用字典中經常出現的字詞猜測使用者可能的密碼,這類字典攻擊的技術仍被入侵者拿來做為主要的入侵手段之一。近年來觀察位於網際網路上的伺服器日誌檔,經常有許多入侵者以字典攻擊的方法試圖入侵伺服器,這類的攻擊方法因為網路程式的技術日益發達,有許多利用字典攻擊自動入侵的機制被發展出來,所以這類的攻擊事件有越來越嚴重的趨勢,造成了各級網管人員的困擾。本研究利用了網路 NetFlow 的流量資料,蒐集了針對SSH通信協定進行字典攻擊的流量記錄,以資料探勘中分類分析技術的貝式機率演算法、決策樹演算法與支援向量機演算法,建立了一個有效的偵測模組。在本研究中實證了這個偵測模組有很好的效果,在預測準確率上可達 90% 以上的正確率。此外,本研究並且利用SSH字典攻擊偵測模組所偵測到的攻擊IP與NetFlow資料發展SSH字典攻擊追蹤演算法,藉以幫助網路管理者追蹤SSH字典攻擊的主機,並找出其間的攻擊路徑拓樸關係以找出較早發動字典攻擊的主機位址。研究結果將可以有效的提供網路管理人員從網路流量的記錄中自動找出潛在進行的SSH字典攻擊跳板,並協助找出目前網路內的SSH字典攻擊發動路徑的拓樸關係,對於提高網路安全防護具有很大的幫助。 With the rapid growth of technology, there are many applications system needs to authenticate in the Internet environment. User account and password is a simply and general way for authentication in network. The dictionary attack means that attackers attempt to login some user accounts illegally by trying all possible password. There are a lot of login failed SSH service login records in the system authentication logs file, that become a usually situation on the Taiwan Academic Network environment. It implies that dictionary attack is a serious intrusive event.In this paper, we propose a classification-based detection module to detect SSH dictionary attack. We used three data mining classification algorithms, Naïve Bayes, decision tree and SVM to build our SSH dictionary attack detection module. We collected real world NetFlow traffic data in a month as our training samples to build our detection system. Our empirical evaluation results show that the proposed detection module reaches above 90% detection accuracy. Further, we used detection module and NetFlow history data to develop the SSH dictionary attack tracking algorithm. We try to find out the topology of IP address that launched SSH dictionary attack, and try to trace back the origin of SSH dictionary attacker. This research result that could be helps the network managers to detect implicit dictionary attack behaviors to improve the network security.
510
1
$a
A Study of Using NetFlow Traffic Data to Detect and Track SSH Dictionary Attack
$z
eng
610
0
$a
字典攻擊
$a
網路流量
$a
資料探勘
$a
追蹤網路攻擊
610
1
$a
Dictionary Attack
$a
NetFlow
$a
Data Mining
$a
Network Attack Tracking
681
$a
008M/0019
$b
343425 4462
$v
2007年版
700
1
$a
薛
$b
昱仁
$4
撰
$3
170822
712
0 2
$a
國立高雄大學
$b
亞太工商管理學系碩士班
$3
166023
801
0
$a
tw
$b
NUK
$c
20090409
$g
CCR
856
7
$z
電子資源
$2
http
$u
http://handle.ncl.edu.tw/11296/ndltd/10213328531688922430
based on 0 review(s)
ALL
博碩士論文區(二樓)
Items
2 records • Pages 1 •
1
Inventory Number
Location Name
Item Class
Material type
Call number
Usage Class
Loan Status
No. of reservations
Opac note
Attachments
310001797623
博碩士論文區(二樓)
不外借資料
學位論文
008M/0019 343425 4462 2009
一般使用(Normal)
On shelf
0
310001797631
博碩士論文區(二樓)
不外借資料
學位論文
008M/0019 343425 4462 2009 c.2
一般使用(Normal)
On shelf
0
2 records • Pages 1 •
1
Multimedia
Multimedia file
http://handle.ncl.edu.tw/11296/ndltd/10213328531688922430
Reviews
Add a review
and share your thoughts with other readers
Export
pickup library
Processing
...
Change password
Login