本篇論文主要是在探討入侵偵測系統(Intrusion detection system)的系統效能分析。由於網路入侵事件的層出不窮,不管是惡意入侵或非破壞性的入侵都應該被禁止進入受保護的系統之內,然而對於受保護的系統而言,是否有能力識別出各種的入侵行為,並拒絕其進入系統,則是網路管理人員所必須考量面對的,因此選擇合適於運作環境的入侵偵測系統會是一項重要的決策。 考量不同的應用環境特性,應該搭配不同的入侵偵測系統,因此我們提出一個建立測試入侵偵測系統效能評估標準的方法,來協助入侵偵測系統的效能評比。首先採用Survivable Network Analysis對目標網路環境作存活能力分析,找出可能被攻擊的標的及可資運用的攻擊方法,由弱點資料庫提供必要的攻擊,產生攻擊行為。在背景流量方面,我們使用record and replay的方法來製造正常的網路流量當作網路的背景流量。 在本篇論文中我們以電子商務網路和校園網路為目標環境。以阻斷攻擊產生對應的效能評估基準,以了解網路流量的特性對DoS攻擊方法,入侵偵測系統偵測能力的影嚮,作為設置入侵偵測系統的選擇依據。
To evaluate the performance of Intrusion Detection System is the main goal of this thesis. Because network intrusion have been increasing in frequently, not only intensional intrusions but also non-destructive intrusions should not be allowed to enter the protected systems. However, for protected systems, system administrators must consider whether they can identify every intrusions and deny them to enter that systems. Thus, how to select a proper intrusion detection system for a specified network environment becomes an important decision. Depending on different properties of application environment, we should employ different intrusion detection system. Thus, we present a new approach for testing intrusion detection systems in order to analyze performance of intrusion detection systems. First, we use Survivable Network Analysis to analyze network environment’s survivability, finding all targets can be attacked and all attacking approaches can be used on them. Then, we use these approaches which are supported by vulnerability database to make attacks, and we use record-and-replay approach to make normal background traffic. In this thesis, we take electronic commerce networks and campus information systems as tested targets. Programs utilize DoS are our main attack tools and we use them to evaluate whether performance of intrusion detection system are influenced , which can help us to select proper intrusion detection systems.