Please use this identifier to cite or link to this item:
標題: 互信網路下安全管理的合作式防禦架構
Cooperative Defensive Architecture for Security Management over Mutually Trusted Networks
作者: 薛來銘
Shiue, Lai-Ming
關鍵字: security management;安全管理;mutually trusted networks;cooperative defense;互信網路;合作式防禦
出版社: 應用數學系所
引用: [1] C. Johnson, L. P. Scanlon, K. Kimberland, and J. Cherry, "2005 eCrime Watch Survey", CSO magazine / CERT Coordination Center 2006. [2] H. S. Venter and J. H. P. Eloff, "A Taxonomy for Information Security Technologies", Computers & Security, vol. 22, pp. 299-307, 2003. [3] R. Zalenski, "Firewall Technologies", IEEE Potentials, vol. 21, pp. 24-29, 2002. [4] S. Axelsson, "Intrusion Detection Systems: A Survey and Taxonomy", Chalmers Univ. Technical Report 99-15, 2000. [5] C. Ying, A. Tsa, and H. Yu, "Vulnerability Assessment System (VAS)", in Proceedings of IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, Taipei, 2003, pp. 414-421. [6] P. Dotti and O. Rees, "Protecting the Hosted Application Server", in Proceedings of IEEE 8th International Workshops on, Stanford, CA, 1999, pp. 164-167. [7] Z. Feng, Z. Shijie, Q. Zhiguang, and L. Jinde, "Honeypot: a Supplemented Active Defense System for Network Security", in Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, Chengdu, China, 2003, pp. 231-235. [8] M. Curtin, "Introduction to Network Security", Kent Information Services, Inc 1997. [9] H. Debar, D. A. Curry, and B. S. Feinstein, "The Intrusion Detection Message Exchange Format (IDMEF)", RFC 4765, Network Working Group 2007. [10] S. Garfinkel and G. Spafford, Practical Unix & Internet Security, Third ed. USA: O''Reilly & Associates, Inc, 2003. [11] W. Cheswick, S. Bellovin, and A. Rubin, Firewalls and Internet Security, second ed. New York: Addison-Wesley, 2003. [12] E. D. Zwicky, S. Cooper, and D. B. Chapman, Building Internet Firewalls, second ed. USA: O''Reilly & Associates, Inc., 2000. [13] Y. Bai and H. Kobayashi, "Intrusion Detection Systems: Technology and Development", in 17th International Conference on Advanced Information Networking and Applications, Xi''an, 2003, pp. 710-715. [14] R. A. Kemmerer and G. Vigna, "Intrusion Detection: A Brief History and Overview", Computer, vol. 35, pp. 27-30, 2002. [15] R. G. Bace, "Intrusion Detection / Rebecca Gurley Bace", Macmillan Technical Publishing 2000. [16] D. E. Denning, "An Intrusion-Detection Model", IEEE Transactions on Software Engineering, vol. SE-13, pp. 222-232, 1987. [17] N. Ierace, C. Urrutia, and R. Bassett, "Intrusion Prevention Systems", ACM, Ubiquity archive, vol. 6, 2005. [18] NSS_Group, "Intrusion Prevention Systems (IPS)", NSS Group,, 2004. [19] N. Desai, "Intrusion Prevention Systems: the Next Step in the Evolution of IDS",,, 2003. [20] K. Scarfone and P. Mell, "Guide to Intrusion Detection and Prevention Systems (IDPS)", NIST Report Number: 800-94, 2007. [21] Z. Xinyou, L. Chengzhong, and Z. Wenbin, "Intrusion Prevention System Design", in The Fourth International Conference on Computer and Information Technology, 2004, pp. 386-390. [22] C.-C. Wu, S.-H. Wen, N.-F. Huang, and C.-N. Kao, "A Pattern Matching Coprocessor for Deep and Large Signature Set in Network Security System", in Global Telecommunications Conference, 2005. [23] Y. H. Cho and W. H. Mangione-Smith, "Deep Packet Filter with Dedicated Logic and Read Only Memories", in 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, 2004, pp. 125-134. [24] McAfee, "Host and Network Intrusion Prevention - Competitors or Partners", McAfee, Inc. 6-NPS-NIP-002-0205, 2005. [25] D. Sequeira, "Intrusion Prevention Systems- Security''s Silver Bullet", Business Communications Review, vol. 33, pp. 36-41, 2003. [26] C. Lanzilotta and A. Shah, "Avoiding Costly Outages with Intrusion Prevention", Ernst & Young, LLP. 2006. [27] K. G. Labbe, N. C. Rowe, and J. D. Fulp, "A Methodology for Evaluation of Host-Based Intrusion Prevention Systems and Its Application", in 2006 IEEE Information Assurance Workshop, 2006, pp. 378-379. [28] Y.-M. Chen and Y. Yang, "Policy Management for Network-Based Intrusion Detection and Prevention", in Network Operations and Management Symposium. vol. 2, 2004, pp. 219-232. [29] S. Chen, J. Xu, Z. Kalbarczyk, and R. K. Iyer, "Security Vulnerabilities: From Analysis to Detection and Masking Techniques", in Proceedings of the IEEE, 2006, pp. 407-418. [30] G. A. Mallah and Z. A. Shaikh, "Vulnerability Assessment Through Mobile agents", in E-Tech 2004, 2004, pp. 92-96. [31] M. Kwon, J. Hong, and Y. Cho, "Ethernet Wrapper: Extension of the TCP Wrapper", in Proceedings of Eighth International Conference on Parallel and Distributed System, Kyongju City, 2001, pp. 573 - 580. [32] R. Tber, "A Practical Comparison of Low and High Interactivity Honeypots", in Information Security Institute. vol. Master Australia Queensland University of Technology, 2005, p. 51. [33] H. Artaila, H. Safab, M. Sraja, I. Kuwatlya, and Z. Al-Masria, "A Hybrid Honeypot Framework for Improving Intrusion Detection Systems in Protecting Organizational Networks", Comuters & Security, vol. 25, pp. 274-288, 2006. [34] R. McGrew, "Experiences with Honeypot Systems: Development, Deployment, and Analysis", in HICSS ''06. Proceedings of the 39th Annual Hawaii International Conference on 2006, pp. 220a-220a. [35] F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, "Honeypot Forensics, Part I: Analyzing the Network", IEEE Security & Privacy, vol. 2, pp. 72-78, Jul-Aug 2004. [36] F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, "Honeypot Forensics, Part II: Analyzing the Compromised Host", IEEE Security & Privacy, vol. 2, pp. 77-80, Sep-Oct 2004. [37] A. Chuvakin, "Honeynets: High Value Security Data", in Network Security. vol. 2003, 2003, pp. 11-15. [38] KasperskyLab, "Kaspersky Corporate Suite", 2006. [39] R. Ptak, "Symantec: Information Integrity and the Enterprise Executive Suite", 2004. [40] CiscoSystems, "Cisco Security Management Suite", 2006. [41] T. Buchheim and M. Erlinger, "Implementing the Intrusion Detection Exchange Protocol", in Proceedings 17th Annual of Computer Security Applications Conference, New Orleans, 2001, pp. 32-41. [42] B. S. Feinstein, G. A. Matthews, and J. C. C. White, "The Intrusion Detection Exchange Protocol", RFC 4767, Network Working Group 2007. [43] FIRST, "Forum of Incident Response and Security Teams", [44] DShield, "", [45] SANS, "Computer Security Education and Information Security Training", [46] CSIRT, "Computer Security Incident Response Teams", [47] W.-Y. Hsin, S.-S. Tseng, and S.-C. Lin, "A Study of Alert-Based Collaborative Defense", in Proceedings of the 8th International Symposium on ISPAN 2005, 2005, p. 6 pp. [48] T. Bray, J. Paoli, and F. Yergeau, "Extensible Markup Language 1.0", Third ed, 2004. [49] M. T. Rose, "The Blocks Extensible Exchange Protocol Core (RFC 3080)", IETF Network Working Group 2001. [50] J. G. Myers, "Simple Authentication and Security Layer (RFC 2222)", IETF Network Working Group 1997. [51] T. Dierks and C. Allen, "The TLS Protocol Version 1.0 (RFC 2246)", IETF Network Working Group 1999. [52] M. Roesch, "Snort Sourcefire", 1998. [53] P. Mell, V. Hu, R. Lippmann, J. Haines, and M. Zissman, "An Overview of Issues in Testing Intrusion Detection Systems", National Institute of Standard and Technology Technical Report NIST IR 7007, 2005. [54] G. Young and J. Pescatore, "Magic Quadrant for Network Intrusion Prevention System Appliances, 2H06", Gartner, Inc Report Number: G00144735, 2006. [55] K. Xinidis, I. Charitakis, S. Antonatos, K. G. Anagnostakis, and E. P. Markatos, "An Active Splitter Architecture for Intrusion Detection and Prevention", IEEE Transactions on Dependable and Secure Computing, vol. 3, pp. 31-44, 2006. [56] J. Huang, "Network Processor Design", in Proceedings of 5th International Conference on ASIC, 2003, pp. 26-33. [57] W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok, "Toward Cost-Sensitive Modeling for Intrusion Detection and Response", Computer Science, Columbia University Technical Report CUCS-002-00, 2000. [58] M. E. Locasto, K. Wang, A. D. Keromytis, and S. J. Stolfo, "FLIPS: Hybrid Adaptive Intrusion Prevention", in Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection, 2005. [59] DFN-CERT, "European Network of Affined Honeypots - Survey on the State-of-the-Art", Report Number: D0.1, 2005. [60] N. Krawetz, "Anti-Honeypot Technology", in IEEE Security & Privacy. vol. 2, 2004, pp. 76-79. [61] S. Mukkamala, K. Yendrapalli, R. Basnet, M. K. Shankarapani, and A. H. Sung, "Detection of Virtual Environments and Low Interaction Honeypots", 2007, pp. 92-98. [62] P. Defibaugh-Chavez, R. Veeraghattam, M. Kannappa, S. Mukkamala, and A. H. Sung, "Network Based Detection of Virtual Environments and Low Interaction Honeypots", in Proceedings of the 2006 IEEE SMC, Workshop on Information Assurance, 2006, pp. 283-289. [63] X. Fu, W. Yu, D. Cheng, X. Tan, K. Streff, and S. Graham, "On Recognizing Virtual Honeypots and Countermeasures", 2006, pp. 211-218. [64] N. C. Rowe, "Measuring the Effectiveness of Honeypot Counter Counterdeception", in HICSS ''06. Proceedings of the 39th Annual Hawaii International Conference on 2006. [65] T. Holz and F. Raynal, "Detecting Honeypots and Other Suspicious Environments", 2005, pp. 29-36. [66] M. A. Davis, "Sebek", 3.0.4 ed New York, USA The Honeynet project, 2003. [67] M. Dornseif, T. Holz, and C. N. Klein, "NoSEBrEaK - Attacking Honeynets", 2004, pp. 123-129. [68] L. Carter, "Setting Up a Honeypot Using a Bait and Switch Router", SANS'' Information Security Reading Room, 2004. [69] G. Yang, C.-M. Rong, and L. Peng, "A Novel Approach for Redirecting Module in Honeypot Systems", The Journal of China Universities of Posts and Telecommunications, vol. 12, 2005. [70] P. Russell, "iptables", netfilter,, 2007. [71] M. Roesch, "Snort", Snort Sourcefire, 2007. [72] R. Chandran and S. Pakala, "Simulating Networks with Honeyd", 2003. [73] Honeytrap, "The Honeytrap Project",, 2007.

As threats to network security from unauthorized access increases with the exponential growth of the Internet, an effective defensive technology is urgently demanded. Common defensive technologies which include firewalls, intrusion detections, vulnerability assessments, service guards, and honeypots are implemented independently without cooperation among various network environments. For a network administrator, how to integrate available defensive technologies into the network management system has become an emergent task, especially for security management.
In this dissertation, a cooperative defensive architecture of the federative network environment is proposed. The architecture takes a three-layered approach, including an agent layer, a server layer, and a manager layer. The network environment consists of several administrative domains, in which each domain is operationally independent and mutually trusted. Integration of both intra-domain and inter-domain defensive mechanisms is presented. While local security is accomplished by intra-domain integration, the global security of the federative network is provided by exchanging the shared information among mutually trusted domains. Data format, along with the transmission mechanism, is also explicitly specified for the communication of shared information. Moreover, three application scenarios are given to demonstrate the feasibility of system functionality, and a simulation experiment is established to evaluate the system performance.
Finally, two application cases are implemented by extending the security function in the cooperative defensive architecture. The first case demonstrates that cooperative intrusion prevention system can improve the performance and accuracy of traditional approach. In the second case, a honeypot system, called Honeyanole, is proposed to prevent deception deployment from hunting and to enhance the system defense. All together, an early warning system can be made and the system defense can be enhanced consequently.
其他識別: U0005-3006200816142400
Appears in Collections:應用數學系所

Show full item record

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.