摘要
隨著社會和科技的演變,以及各種應用軟體的開發,帶動網際網路的蓬勃發展。然而隨著網路服務的增加也吸引網路駭客利用各種人為疏失或系統漏洞圖利對網路的安全造成危害,所以網路安全的維護益發重要。目前大部份的入侵偵測系統並不能夠有效的避免駭客的入侵或者預防災害的擴大,為了讓入侵偵測系統更有效的阻擋駭客的入侵,就必須發展一個自動化的機制協助選擇適當的反應措施和對象。 一般而言,入侵偵測系統,在主機遭受入侵時,不管在任何環境狀況所做的反應方式都是一致,而誤判的情況發生在所多有,所以我們在此提出運用攻擊圖形於網路型入侵偵測系統,增強入侵偵測系統所發出警報的可靠性,當警報與攻擊圖形相符合時,能夠自動有效的通知受害主機、會受到影響的主機及管理者,做出相對應的反應方式,以阻擋入侵者對網域的擴散。
並列摘要
As the society gradually evolved to accommodate the advances of technologies, many network applications have been invented, which lead to the flourishing development of the Internet. With more and more services move to the Internet, intruders are attracted by the possible advantages they are able to take by exploiting human mistakes or software vulnerabilities. On seeing a suspicious packet, the response an intrusion detection system makes is usually based on the alert solely; environmental characteristics and the current network states are rarely considered. In order to prevent an intruder from achieving his final goal after initial attacks are detected, an automated mechanism that can help in making appropriate decisions on the response strategies and the response actors is needed. Intrusion detection systems produce certain amount of false alarms; and, usually, they react to intrusion events statically .In this thesis, we proposed a mechanism based on attack graph to strengthen the dependability of alarms. Also, when an alarm matches to the attack graph of the site in concern, the mechanism can help to determine the appropriate response to take.