透過您的圖書館登入 IP:3.144.97.189
透過您的圖書館登入
IP:3.144.97.189
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

企業內部網路中對自我繁殖散播的蠕蟲抑制方法

Self-propagating worm containment in the internal enterprise network

劉豐崎(Fong-Chi Liu)
指導教授 : 黃士殷
元智大學/資訊學院/資訊工程學系/碩士(2007年)
https://doi.org/10.6838/YZU.2007.00049
全文下載

摘要

在本篇研究當中,我們提出一個針對企業內部網路環境,抑制自我繁殖蠕蟲散播的控制方法,來用補足目前企業在資訊安全基礎建設上的弱點。之前的研究當中也有針對這個問題去探討解決[1][2],Matthew M. Williamson便是利用限制每秒傳送的TCP-SYN request封包總數,來避免瞬間爆量的攻擊癱瘓網路。David whyte則是利用ARP在區域網路的特性,建立訓練清單,活動清單以及建置黑洞區來捕捉攻擊的行為,但是面對變化多端的蠕蟲型態,上述的解決方法都有無法解決的難題,像是慢速掃瞄(Slow Scan)、連接埠掃描(Port Scan)之類的攻擊。因此,我們提出一個更有效的方法,可以偵測出各式不同攻擊手法、不同攻擊速率的蠕蟲,並且透過不同條件的抑制方法,盡量以不影響正常網路活動為原則,來有效地控制蠕蟲的蔓延,避免企業內部網路因此癱瘓,更加強過濾分析方式,以降低誤判率,為企業資訊安全架構拼上最後一塊拼圖。

關鍵字

企業內部網路 自我繁殖蠕蟲 慢速掃瞄 連接埠掃描 誤判率

並列摘要

In this research we proposed a self-propagating worm containment method in the internal enterprise network to make up deficiency in the weakness of information security infrastructure of an enterprise. Some of early researches also try to solve this problems [1][2]. Matthew M. Williamson’s idea is to put a rate limit on total numbers of TCP-SYN request packets per second to new machines in order to avoid degrading network performance by a large number of outgoing connections within a very short period. David whyte use the characteristic of ARP in the local network to create Peer List(customary ARP request targets), ARP Activity(number of ARP requests) and Internal Network Dark Space to detect worms. However, worms become more and more various kinds , above solutions all had same problems doing with Slow Scan , Port Scan and etc. Therefore we proposed a more effective method that could detect different attack method worms and different scan rate worms and contain worm contagion by various filter rules. Also enhance analysis methods to decrease false positive rate. Our research made the last piece of information security infrastructure of enterprise.

並列關鍵字

Enterprise intranet Self-propagating Worms Slow scan Port scan false positive rate

參考文獻

[1] Jamie Twycross, Matthew M. Williamson ,”Implementing and testing a virus throttle”, Proceeding 12th USENIX Security Symposium, 4-8th August 2003, Washington, DC, USA
[2] David Whyte, Paul C. van Oorschot, Evangelos Kranakis ,”Detecting Intra-enterprise Scanning Worms based on Address Resolution”, Proceedings of the 21st Annual Computer Security Applications Conference(ACSAC 2005)
[5] P. Akritidis, K. Anagnostakis, and EP Markatos ,” Efficient Content-Based Detection of Zero-Day Worms”, Communications, 2005. ICC 2005. 2005 IEEE International Conference
[9] LTC Bruce D. Caulkins, Joohan Lee, Morgan Wang ,”Packet- vs. Session-Based Modeling for Intrusion Detection Systems”, Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05)
[12] David Whyte , Evangelos Kranakis , P.C. can Ooschot,”DNS-based Detection of scanning worms in an enterprise network”, Proceedings of 12th Annual Network and Distributed System Security Symposium, San Diego, USA. February 3-4, 2005.

被引用紀錄

詹國靖(2009)。以大鼠模式探討芝麻 Lignan 化合物的生物可利用性〔博士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2009.10205

延伸閱讀

全文下載