Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/18043
標題: 互信網路下安全管理的合作式防禦架構
Cooperative Defensive Architecture for Security Management over Mutually Trusted Networks
作者: 薛來銘
Shiue, Lai-Ming
關鍵字: security management
安全管理
mutually trusted networks
cooperative defense
互信網路
合作式防禦
出版社: 應用數學系所
引用: [1] C. Johnson, L. P. Scanlon, K. Kimberland, and J. Cherry, "2005 eCrime Watch Survey", CSO magazine / CERT Coordination Center 2006. [2] H. S. Venter and J. H. P. Eloff, "A Taxonomy for Information Security Technologies", Computers & Security, vol. 22, pp. 299-307, 2003. [3] R. Zalenski, "Firewall Technologies", IEEE Potentials, vol. 21, pp. 24-29, 2002. [4] S. Axelsson, "Intrusion Detection Systems: A Survey and Taxonomy", Chalmers Univ. Technical Report 99-15, 2000. [5] C. Ying, A. Tsa, and H. Yu, "Vulnerability Assessment System (VAS)", in Proceedings of IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, Taipei, 2003, pp. 414-421. [6] P. Dotti and O. Rees, "Protecting the Hosted Application Server", in Proceedings of IEEE 8th International Workshops on, Stanford, CA, 1999, pp. 164-167. [7] Z. Feng, Z. Shijie, Q. Zhiguang, and L. Jinde, "Honeypot: a Supplemented Active Defense System for Network Security", in Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, Chengdu, China, 2003, pp. 231-235. [8] M. Curtin, "Introduction to Network Security", Kent Information Services, Inc 1997. [9] H. Debar, D. A. Curry, and B. S. Feinstein, "The Intrusion Detection Message Exchange Format (IDMEF)", RFC 4765, Network Working Group 2007. [10] S. Garfinkel and G. Spafford, Practical Unix & Internet Security, Third ed. USA: O''Reilly & Associates, Inc, 2003. [11] W. Cheswick, S. Bellovin, and A. Rubin, Firewalls and Internet Security, second ed. New York: Addison-Wesley, 2003. [12] E. D. Zwicky, S. Cooper, and D. B. Chapman, Building Internet Firewalls, second ed. USA: O''Reilly & Associates, Inc., 2000. [13] Y. Bai and H. Kobayashi, "Intrusion Detection Systems: Technology and Development", in 17th International Conference on Advanced Information Networking and Applications, Xi''an, 2003, pp. 710-715. [14] R. A. Kemmerer and G. Vigna, "Intrusion Detection: A Brief History and Overview", Computer, vol. 35, pp. 27-30, 2002. [15] R. G. Bace, "Intrusion Detection / Rebecca Gurley Bace", Macmillan Technical Publishing 2000. [16] D. E. Denning, "An Intrusion-Detection Model", IEEE Transactions on Software Engineering, vol. SE-13, pp. 222-232, 1987. [17] N. Ierace, C. Urrutia, and R. Bassett, "Intrusion Prevention Systems", ACM, Ubiquity archive, vol. 6, 2005. [18] NSS_Group, "Intrusion Prevention Systems (IPS)", NSS Group, http://www.nss.co.uk, 2004. [19] N. Desai, "Intrusion Prevention Systems: the Next Step in the Evolution of IDS", http://www.securityfocus.com/infocus/1670,, 2003. [20] K. Scarfone and P. Mell, "Guide to Intrusion Detection and Prevention Systems (IDPS)", NIST Report Number: 800-94, 2007. [21] Z. Xinyou, L. Chengzhong, and Z. Wenbin, "Intrusion Prevention System Design", in The Fourth International Conference on Computer and Information Technology, 2004, pp. 386-390. [22] C.-C. Wu, S.-H. Wen, N.-F. Huang, and C.-N. Kao, "A Pattern Matching Coprocessor for Deep and Large Signature Set in Network Security System", in Global Telecommunications Conference, 2005. [23] Y. H. Cho and W. H. Mangione-Smith, "Deep Packet Filter with Dedicated Logic and Read Only Memories", in 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2004, pp. 125-134. [24] McAfee, "Host and Network Intrusion Prevention - Competitors or Partners", McAfee, Inc. 6-NPS-NIP-002-0205, 2005. [25] D. Sequeira, "Intrusion Prevention Systems- Security''s Silver Bullet", Business Communications Review, vol. 33, pp. 36-41, 2003. [26] C. Lanzilotta and A. Shah, "Avoiding Costly Outages with Intrusion Prevention", Ernst & Young, LLP. 2006. [27] K. G. Labbe, N. C. Rowe, and J. D. Fulp, "A Methodology for Evaluation of Host-Based Intrusion Prevention Systems and Its Application", in 2006 IEEE Information Assurance Workshop, 2006, pp. 378-379. [28] Y.-M. Chen and Y. Yang, "Policy Management for Network-Based Intrusion Detection and Prevention", in Network Operations and Management Symposium. vol. 2, 2004, pp. 219-232. [29] S. Chen, J. Xu, Z. Kalbarczyk, and R. K. Iyer, "Security Vulnerabilities: From Analysis to Detection and Masking Techniques", in Proceedings of the IEEE, 2006, pp. 407-418. [30] G. A. Mallah and Z. A. Shaikh, "Vulnerability Assessment Through Mobile agents", in E-Tech 2004, 2004, pp. 92-96. [31] M. Kwon, J. Hong, and Y. Cho, "Ethernet Wrapper: Extension of the TCP Wrapper", in Proceedings of Eighth International Conference on Parallel and Distributed System, Kyongju City, 2001, pp. 573 - 580. [32] R. Tber, "A Practical Comparison of Low and High Interactivity Honeypots", in Information Security Institute. vol. Master Australia Queensland University of Technology, 2005, p. 51. [33] H. Artaila, H. Safab, M. Sraja, I. Kuwatlya, and Z. Al-Masria, "A Hybrid Honeypot Framework for Improving Intrusion Detection Systems in Protecting Organizational Networks", Comuters & Security, vol. 25, pp. 274-288, 2006. [34] R. McGrew, "Experiences with Honeypot Systems: Development, Deployment, and Analysis", in HICSS ''06. Proceedings of the 39th Annual Hawaii International Conference on 2006, pp. 220a-220a. [35] F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, "Honeypot Forensics, Part I: Analyzing the Network", IEEE Security & Privacy, vol. 2, pp. 72-78, Jul-Aug 2004. [36] F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, "Honeypot Forensics, Part II: Analyzing the Compromised Host", IEEE Security & Privacy, vol. 2, pp. 77-80, Sep-Oct 2004. [37] A. Chuvakin, "Honeynets: High Value Security Data", in Network Security. vol. 2003, 2003, pp. 11-15. [38] KasperskyLab, "Kaspersky Corporate Suite", 2006. [39] R. Ptak, "Symantec: Information Integrity and the Enterprise Executive Suite", 2004. [40] CiscoSystems, "Cisco Security Management Suite", 2006. [41] T. Buchheim and M. Erlinger, "Implementing the Intrusion Detection Exchange Protocol", in Proceedings 17th Annual of Computer Security Applications Conference, New Orleans, 2001, pp. 32-41. [42] B. S. Feinstein, G. A. Matthews, and J. C. C. White, "The Intrusion Detection Exchange Protocol", RFC 4767, Network Working Group 2007. [43] FIRST, "Forum of Incident Response and Security Teams", http://www.first.org/. [44] DShield, "Dshield.org", http://www.dshield.org. [45] SANS, "Computer Security Education and Information Security Training", http://www.sans.org/. [46] CSIRT, "Computer Security Incident Response Teams", http://www.csirt.org/. [47] W.-Y. Hsin, S.-S. Tseng, and S.-C. Lin, "A Study of Alert-Based Collaborative Defense", in Proceedings of the 8th International Symposium on ISPAN 2005, 2005, p. 6 pp. [48] T. Bray, J. Paoli, and F. Yergeau, "Extensible Markup Language 1.0", Third ed http://www.w3.org/TR/2004/REC-xml-20040204/, 2004. [49] M. T. Rose, "The Blocks Extensible Exchange Protocol Core (RFC 3080)", IETF Network Working Group 2001. [50] J. G. Myers, "Simple Authentication and Security Layer (RFC 2222)", IETF Network Working Group 1997. [51] T. Dierks and C. Allen, "The TLS Protocol Version 1.0 (RFC 2246)", IETF Network Working Group 1999. [52] M. Roesch, "Snort Sourcefire", 1998. [53] P. Mell, V. Hu, R. Lippmann, J. Haines, and M. Zissman, "An Overview of Issues in Testing Intrusion Detection Systems", National Institute of Standard and Technology Technical Report NIST IR 7007, 2005. [54] G. Young and J. Pescatore, "Magic Quadrant for Network Intrusion Prevention System Appliances, 2H06", Gartner, Inc Report Number: G00144735, 2006. [55] K. Xinidis, I. Charitakis, S. Antonatos, K. G. Anagnostakis, and E. P. Markatos, "An Active Splitter Architecture for Intrusion Detection and Prevention", IEEE Transactions on Dependable and Secure Computing, vol. 3, pp. 31-44, 2006. [56] J. Huang, "Network Processor Design", in Proceedings of 5th International Conference on ASIC, 2003, pp. 26-33. [57] W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok, "Toward Cost-Sensitive Modeling for Intrusion Detection and Response", Computer Science, Columbia University Technical Report CUCS-002-00, 2000. [58] M. E. Locasto, K. Wang, A. D. Keromytis, and S. J. Stolfo, "FLIPS: Hybrid Adaptive Intrusion Prevention", in Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection, 2005. [59] DFN-CERT, "European Network of Affined Honeypots - Survey on the State-of-the-Art", Report Number: D0.1, 2005. [60] N. Krawetz, "Anti-Honeypot Technology", in IEEE Security & Privacy. vol. 2, 2004, pp. 76-79. [61] S. Mukkamala, K. Yendrapalli, R. Basnet, M. K. Shankarapani, and A. H. Sung, "Detection of Virtual Environments and Low Interaction Honeypots", 2007, pp. 92-98. [62] P. Defibaugh-Chavez, R. Veeraghattam, M. Kannappa, S. Mukkamala, and A. H. Sung, "Network Based Detection of Virtual Environments and Low Interaction Honeypots", in Proceedings of the 2006 IEEE SMC, Workshop on Information Assurance, 2006, pp. 283-289. [63] X. Fu, W. Yu, D. Cheng, X. Tan, K. Streff, and S. Graham, "On Recognizing Virtual Honeypots and Countermeasures", 2006, pp. 211-218. [64] N. C. Rowe, "Measuring the Effectiveness of Honeypot Counter Counterdeception", in HICSS ''06. Proceedings of the 39th Annual Hawaii International Conference on 2006. [65] T. Holz and F. Raynal, "Detecting Honeypots and Other Suspicious Environments", 2005, pp. 29-36. [66] M. A. Davis, "Sebek", 3.0.4 ed New York, USA The Honeynet project, 2003. [67] M. Dornseif, T. Holz, and C. N. Klein, "NoSEBrEaK - Attacking Honeynets", 2004, pp. 123-129. [68] L. Carter, "Setting Up a Honeypot Using a Bait and Switch Router", SANS'' Information Security Reading Room, 2004. [69] G. Yang, C.-M. Rong, and L. Peng, "A Novel Approach for Redirecting Module in Honeypot Systems", The Journal of China Universities of Posts and Telecommunications, vol. 12, 2005. [70] P. Russell, "iptables", netfilter, http://www.netfilter.org/, 2007. [71] M. Roesch, "Snort", Snort Sourcefire, 2007. [72] R. Chandran and S. Pakala, "Simulating Networks with Honeyd", 2003. [73] Honeytrap, "The Honeytrap Project", http://honeytrap.mwcollect.org/, 2007.
摘要: 隨著網際網路的急速發展,未被授權的網路存取行為威脅著網路安全,因此擁有一個有效率的防禦技術是迫切需要。常見的防禦技術包含防火牆、入侵偵測、弱點評估、服務保護及網路陷阱等,但這些防禦技術通常被獨立運用於單一網域且缺乏跨網域間的合作。對於網管人員而言,如何整合可利用的防禦技術至網管系統變成一項重要的工作,尤其是管理功能中的安全管理。 在本篇論文中,我們提出一個在聯合式網路環境下合作式防禦架構。這個架構包含三個層級:代理者層級、伺服器層級及管理者層級,其網路環境由數個獨立且相互信任的管理網域所組成。在本篇論文中亦提出兩種防禦機制的整合:網域內的整合建立了區域的安全性;同時透過互信網路間的資訊交換,網域間的整合建立了全域的安全性。其中,資訊傳輸中的資料格式亦被明確地定義。此外,我們利用三個應用實例來闡述本系統的可行性,同時也建立一個模擬環境來評估本系合作式防禦架構的系統效能。 最後,在合作式防禦架構下,我們實作兩個擴充安全功能的應用實例。在第一個實例中,一個合作式的入侵預防系統有效地改善傳統入侵預防系統的系統效能及正確性;在第二個實例中,我們提出一個名為honeyanole的網路陷阱系統,用來預防陷阱佈置被查覺同時亦強化了系統防禦。在整合這些技術後,可建立預警系統,同時強化系統防禦力。
As threats to network security from unauthorized access increases with the exponential growth of the Internet, an effective defensive technology is urgently demanded. Common defensive technologies which include firewalls, intrusion detections, vulnerability assessments, service guards, and honeypots are implemented independently without cooperation among various network environments. For a network administrator, how to integrate available defensive technologies into the network management system has become an emergent task, especially for security management. In this dissertation, a cooperative defensive architecture of the federative network environment is proposed. The architecture takes a three-layered approach, including an agent layer, a server layer, and a manager layer. The network environment consists of several administrative domains, in which each domain is operationally independent and mutually trusted. Integration of both intra-domain and inter-domain defensive mechanisms is presented. While local security is accomplished by intra-domain integration, the global security of the federative network is provided by exchanging the shared information among mutually trusted domains. Data format, along with the transmission mechanism, is also explicitly specified for the communication of shared information. Moreover, three application scenarios are given to demonstrate the feasibility of system functionality, and a simulation experiment is established to evaluate the system performance. Finally, two application cases are implemented by extending the security function in the cooperative defensive architecture. The first case demonstrates that cooperative intrusion prevention system can improve the performance and accuracy of traditional approach. In the second case, a honeypot system, called Honeyanole, is proposed to prevent deception deployment from hunting and to enhance the system defense. All together, an early warning system can be made and the system defense can be enhanced consequently.
URI: http://hdl.handle.net/11455/18043
其他識別: U0005-3006200816142400
文章連結: http://www.airitilibrary.com/Publication/alDetailedMesh1?DocID=U0005-3006200816142400
Appears in Collections:應用數學系所

文件中的檔案:

取得全文請前往華藝線上圖書館



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.