Please use this identifier to cite or link to this item:
DC FieldValueLanguage
dc.contributor.authorFeng, Chung-Hsinen_US
dc.identifier.citation[1] Sean Walton, “Linux Socket Programming”, SAMS, January 26, 2001. [2] W. Richard Stevens, “Unix Network Programming”, Prentice Hall, January 15, 1998. [3] Larry L. Peterson, Bruce S. Davie, “Computer Network: a Systems Approach”, 3th, Morgan Kaufmann, 2000. [4] S. McClure, J. Scambray, and G. Kurtz, “Hacking exposed: Network security secrets and solutions”, McGraw-Hill, 1999. [5] T. Garfinkel, “Traps and pitfalls: Practical problems in system call interposition based security tools,” Proc. Network and Distributed Systems Security Symposium, Feb. 2003. [6] N. Provos, “Improving host security with system call policies,” Proc. 12th USENIX security Symposium, pp. 257-272, Aug. 2003. [7] M. Rajagopalan, M. Hiltunen, and T. Jim, “Authenticated system calls,” Proc. IEEE International Conference on Dependable Systems and Network, June 2005. [8] N. Nguyen, P. Reiher and G. H. Kuenning, “Detecting insider threats by monitoring system call activity,” IEEE Workshop on Information Assurance, June 2003. [9] C. Wright, C. Cowan, J. Morris, S. Smalley, and G. Kroah-Hartman, “Linux security modules: General security support for the Linux kernel,” Proc. 11th USENIX security Symposium, 2002. [10] Onur Demir, Kanad Ghose, “Real-Time Protection against DDoS Attacks Using Active Gateways”, Proc. 25th ICDCSW, 2005. [11] J. Chirillo, “Hack attacks revealed: A complete reference for UNIX, Windows and Linux with custom security toolkit”, Wiley, Second edition, 2002. [12] S. Panjwani, S. Tan, K. M. Jarrin and M. Cukier, “An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack”, Proc. of Dependable System and Networks(DSN), 2005 [13] L. Garber, “Denial-of-service attack rip the Internet,” IEEE Computer, pp. 12-17, Apr. 2000. [14] D. Moore, G. Voelker and S. Savage, “Inferring internet denial of service activity,” Proc. of USENIX Security Symposium, Aug. 2001. [15] H. Wang, D. Zhang and K. G. Shin, “Detecting SYN flooding attacks,” IEEE INFOCOM 2002, pp. 1530-1539, 2002. [16] V. Fuller, T. Li and J. Yu, “Classless Inter-Domain Routing(CIDR) an Address Assignment and Aggregation Strategy”, RFC1519, Sep. 1993. [17] K. Egevang, P. Francis “The IP Network Address Translator”, RFC1631, May 1994. [18] B. Cosell, “IMP System change notification”, RFC213, Aug. 1971. [19] J. Postel, ” Transmission Control Protocol”, RFC793, Sep. 1981. [20] John D. Howard, “An analysis of security incidents on the Internet,”, Apr. 1997. [21] F-Secure, [22] NIDS, [23] Intel IXDPG425, [24] Using the Security Module Interface, [25] Netlink Socket, [26] Board Porting, [27] SnapGear, [28] IXP425 Porting guide, [29] ARM Linux Project, [30] CLinux,
dc.description.abstract在網路的蓬勃發展之下,有越來越多的應用都架構於網路上。但是隨著網路使用的範圍越來越廣泛,網路攻擊的問題也層出不窮。於是,系統的安全性便需要加以提升來避免被入侵或是攻擊。尤其,當有更多的裝置皆具有連接網際網路的功能時,勢必會使用閘道器來互相連接,分享網際網路的資源,因此,閘道器的安全性也必須更注意。Linux Security Module(LSM)是一個介於Kernel API和User Application之間的介面,它利用掛載模組的方式,讓我們可以將自己所設計的安全機制整合於Kernel中。本系統利用LSM提供多個稱作Security Hook的函數指標,發展防禦機制來防止後門程式、蠕蟲攻擊、PortScan與SYN Flooding攻擊等,並且實現於IXDPG425的平台上,也具有NAT和DHCP的功能。另外也將運行中的資訊與防禦的結果作記錄,提供給管理者參考與查詢。zh_TW
dc.description.abstractSince the growing development of Internet technology, there is more and more application on Internet. But when network used more and more extensive, the network attack occurs more often. Consequently the system needs to improve security, and to avoid being attacked or invaded. In addition when more devices have capability to connect Internet, must use Gateway to connect each other and share Internet. So the Gateway must to improve security too. The Linux Security Module (LSM) is interface with Kernel API and User Application. It use the way of “Load Module”, enable our security rules combine in Kernel. This paper implement Gateway includes both NAT and DHCP on platform of IXDPG425. Besides we implement security rules with LSM to against backdoor, worms, port scans, SYN flooding attack. We also offer system's logs and protection of results for administers to look up and research.en_US
dc.description.tableofcontents摘要 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧i Abstract‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧ii 目次‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧iii 表目次‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧vi 圖目次‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧vii 第一章 序論‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧01 1-1 研究動機與背景 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧01 1-2 論文架構 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧02 第二章 NAT&DHCP ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧03 2-1 NAT的介紹 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧03 2-2 NAT的工作原理 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧03 2-3 NAT的優缺點 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧05 2-4 DHCP的介紹‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧05 2-5 DHCP的運作方式‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧06 第三章 木馬與蠕蟲攻擊的防範‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧08 3-1 Linux環境下的網路運作‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧08 3-1-1 Socket()‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧09 3-1-2 Bind()‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧10 3-1-3 Listen() ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧10 3-1-4 Accept()‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧10 3-1-5 Connect() ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧11 3-2 木馬的特性‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧12 3-3 蠕蟲攻擊的特性‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧12 3-4 木馬與蠕蟲攻擊的防範‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧13 3-4-1 Linux Security Module(LSM) ‧‧‧‧‧‧‧‧‧‧‧‧13 3-4-2 Socket Policy ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧16 第四章 PortScan的偵測與防禦‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧19 4-1 TCP三向交握 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧19 4-2 Port Scan的過程 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧22 4-3 如何防禦Port Scan ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧23 第五章 SYN Flooding的偵測與防禦‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧25 5-1 DDoS攻擊的介紹‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧25 5-2 如何偵測SYN Flooding Attack‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧28 5-3 防禦SYN flooding攻擊 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧29 第六章 系統實作‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧30 6-1 硬體平台介紹‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧30 6-2 軟體系統說明‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧34 6-2-1 Netlink Socket‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧35 6-2-2 訊息結構與定義‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧36 6-3 實作流程說明‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧38 6-3-1 Host端環境建立‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧38 6-3-2 系統核心與rootfile system的建立 ‧‧‧‧‧‧‧‧‧‧41 6-3-3 module的編譯‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧45 6-3-4 撰寫Target端的script檔 ‧‧‧‧‧‧‧‧‧‧‧‧‧‧49 第七章 實作結果與結論‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧51 7-1 測試結果‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧51 7-2 WEB Interface‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧53 7-3 結論‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧54 參考文獻‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧‧55zh_TW
dc.subjectNetwork Securityen_US
dc.subjectLinux Security Module(LSM)en_US
dc.titleA Gateway Incorporated with a Defense System for Network Securityen_US
dc.typeThesis and Dissertationzh_TW
item.openairetypeThesis and Dissertation-
item.fulltextno fulltext-
Appears in Collections:電機工程學系所
Show simple item record
TAIR Related Article

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.