Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/19488
標題: 在真實校園環境下以封包分析為基礎之非法無線存取點偵測系統
A Rogue Access Point Detection System Based on Packet Analysis for Campus Network
作者: 吳欣蒨
Wu, Hsin-Chien
關鍵字: Rogue AP
非法無線網路存取點
campus network
package analysis
network security
bottleneck bandwidth
校園網路
封包分析
網路安全
瓶頸頻寬
出版社: 資訊科學與工程學系所
引用: [1]夏雲浩,沈秀霞,“無線網路安全技術”, 台北: 培生教育出版集團,2003 [2]林志杰,“植基於封包分析之非法無線基地台偵測方法”,中興大學資訊科學系所碩士論文,2004 [3]李岳家,“植基於SVM分類方法之非法無線網路存取點偵測”,中興大學資訊科學系所碩士論文,2006 [4]Basagni,S.,Conti,M.,Giordano,S.,& Stojmenovic,I. , “Mobile ad hoc networking,”In Wiley-IEEE Press,2004. [5]Bellovin,S. M., “A technique for counting NATted hosts”, In Proceedings of the 2nd Internet Measurement Workshop, 2002. [6]Beyah,R.,Kangude,S.,Yu,G.,Strickland,B.,& Copeland,J. ,“Rogue access point detection using temporal traffic characteristics,”In Global Telecommunications Conference,2004. [7]Carter,R. L.,& Crovella,M. E., “Measuring bottleneck link speed in packet-switched networks. ” In Performance Evaluation,1996. [8]Chen,L.J.,Sun,T.,Yang,G.,Sanadidi,& M. Gerla,M. ,“AdHoc probe: Path capacity probing in ad hoc networks,” In UCLA Computer Science Technical Report TR,2005. [9]Kapoor,R.,Chen,L.,Lao,L.,Gerla,M.,& Sanadidi,M. Y., “CapProbe: A simple and accurate capacity estimation technique,” In ACM SIGCOMM ,2004. [10]Lai,K.,& Baker,M., “Nettimer: A tool for measuring bottleneck link bandwidth,” In USENIX Sysmposium on Internet Technologies and Systems, 2001. [11]Lai,K.,& Baker,M., “Measuring bandwidth, ”In IEEE INFOCOM,1999. [12]Lin,Z.,& Zhao.J., “ A new method for measuring the bottleneck bandwidth, ” 2004 IEEE International Conference,2004 [13]Sun,T.,Yang, G.,Chen,L.J.,Sanadidi,M.Y.,& Gerla, M., “A measurement study of path capacity in 802.11b based wireless networks”,2005. [14]http://en.wikipedia.org/wiki/Ad_hoc [15]http://mrtg.nchu.edu.tw [16]http://ntu.csie.org/~piaip/docs/svm/# [17]http://wlanrc.nchc.org.tw/news/new-01.htm [18]http://wlanrc.nchc.org.tw/news/new-03.htm [19]http://www.aditus.nu/jpgraph/ [20]http://www.arubanetworks.com/pdf/technology/tolly-november2004.pdf [21]http://www.nchu.edu.tw/~chris/nchu/wrielessmap.htm [22]http://www.twnic.net.tw/download/200307/816a.pdf
摘要: 隨著無線網路設備價格的快速下滑,校園內無線網路使用日漸普及;許多網路安全管理上的議題也應運而生。其中,使用者未經網管授權擅自設置的無線網路存取點(Rogue AP),便是一個容易被輕忽,卻可能造成重大網路安全管控的問題。 單位內部的網管,通常只能道德勸說使用者不可擅自設置無線網路存取點; 若使用者有設置的需求,也必須跟網管報備,由管理者協助建立認證機制。但在實務上,使用者通常不會向網管報備,這樣的管理方式常常只是聊備一格。針對這個問題,為建立一個具體且有效的管理機制,本論文於真實環境的校園網路下,建立一套非法AP偵測系統,系統以連線為判斷基礎進行特徵分析,以辨識出連線IP是屬於有線網路設備或無線網路設備。若被偵測到的資料源屬於無線網路連線,且不在註冊之合法無線網路存取點清單(White List)之列,管理者便可在核心交換機(Core Switch)上立刻封鎖該網址的所有連線。 在真實的網路環境當中,封包行為的特徵的分析很容易受大流量及其它連線封包或背景流量(Cross traffic)所影響。因此,我們利用特徵異常值過濾方法來取得較穩定的封包行為特徵。系統並真實的應用在中興大學校園網路進行實測,在一個月的運作期間系統可以達到90.90%的準確度。根據實驗與實作量測數據顯示,本論文所提出之方法與實作之系統,確實可以應用到大型的校園網路。並可以有效偵測到無線網路存取點,為校園的網路安全提供更有力的保障。
With the rapid decline of the cost, wireless network has become more and more popular in the campus; however, this also creates new issues in the network security management, the Rogue AP(Access Point) is the most common among them. A Rogue AP is a wireless access point setup by a network user without authorization, and is usually neglected by most network administrators. It may become a major security leak if not carefully treated. Network administrators can only advise their users, without the capability of enforcement, to have their APs participated in the authentication scheme. As the result, for their conveniences, most users will not register them, and those Rogue APs turn out to be a big problem in the network management. To establish an efficient management system for the Rogue APs, this thesis elaborates a Rogue AP detection system based on the behaviors of sessions. We installed a packet collector in the core switch in the campus network, and analyzed the behavior of each session to identify if it was issued by an AP. This system creates a suspect APs list in real time. By comparing this list with the registered one, an administrator can then take actions. In order to decrease the complexity of analysis and increase the accuracy of the detection to the experimentation of this thesis, the noise information is filtered out by dropping characteristic that has a large variance against the average value, and the effectiveness of the system is verified by implementing it into the campus network in National Chung Hsing University. The experiment results showed that the system could achieve accuracy up to 90.90% in the report of Rogue APs, and also demonstrated that the system could be effectively applied to a large scale campus network in detecting Rogue APs.
URI: http://hdl.handle.net/11455/19488
其他識別: U0005-3001200812520300
文章連結: http://www.airitilibrary.com/Publication/alDetailedMesh1?DocID=U0005-3001200812520300
Appears in Collections:資訊科學與工程學系所

文件中的檔案:

取得全文請前往華藝線上圖書館



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.