- 學位論文
改善Snort分散式入侵偵測系統於內部網路之防禦策略
Improve the Defense Strategy of Snort Distributed Intrusion Detection System in the Intranet
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
目前企業都是靠防火牆防範外來的入侵攻擊,但如果入侵攻擊的來源是來自企業內部的話,防火牆就無法保護企業內部的電腦。這時就需要用入侵偵測系統來偵測企業內部電腦的網路封包,以防範入侵攻擊的發生。但一個企業擁有數百部的電腦,卻只靠單一部入侵偵測系統去偵測入侵攻擊,就會增加入侵偵測系統的負擔,且有可能會沒有偵測到入侵攻擊的封包。因此,本研究使用分散式入侵偵測系統的概念來解決這個情形,讓整個企業的電腦都安裝入侵偵測系統成為Sensor端,把偵測到的入侵攻擊資訊都傳給Server端的IDS控管中心,網管人員再由IDS控管中心去監控並防禦整個企業的網路安全。另外本研究再用網路群播的功能,讓IDS控管中心可以將更新的防禦資訊傳給底下Sensor端,Sensor端收到更新資訊就會去規則伺服器下載防禦規則。經實驗証明,本研究所提的策略是可行的,可以有效的防禦入侵攻擊,並且提供一個更新規則的方法,方便網管人員更新底下Sensor端的防禦規則,使Sensor端的入侵偵測系統,能及時使用最新的防禦規則來偵測入侵攻擊。
並列摘要
Enterprises use firewall to prevent external intrusion attack at present. If the source of the intrusion attack comes from internal computers, the firewall can’t protect the internal computers. Hence, they need intrusion detection systems to detect and prevent the intrusion attack. The enterprise has hundreds of computers, actually uses one computer as the intrusion detection system to detect all kinds of intrusion attack. That will increase burden in the intrusion detection system and lose intrusion packets probably. Therefore, this paper uses the concept of distributed intrusion detection systems to solve this problem. The enterprise’s computers are installed intrusion detection systems. The sensors will transmit information of intrusion attack to the IDS control center. The network administrator monitors and defenses the network security. IDS control center transmits the update information to the sensors by network multicast function. Then the sensor will download defense rules from the rule server. The experiment shows that the proposed strategy is feasible and effective to defense the intrusion attack. In addition, the paper provides a method for network administrators to update the defense rules of sensors.
參考文獻
[8] 徐英哲(2005),高效率分散式入侵偵測系統之適應性法則分配演算法,碩士論文,中原大學資訊工程學系研究所,桃園。
[1] 王建智(2008),以開放式軟體Brctl、Tcpdump 及IPTables 進行網路封包記錄或阻斷的方法,碩士論文,大同大學資訊工程研究所,台北市。
[3] 李亮寬(2009),結合防毒與入侵偵測之網路阻斷系統研究,碩士論文,大同大學資訊工程研究所,台北市。
[24] Jianxiao Liu, Lijuan Li(2008), “A Distributed Intrusion Detection System Based on Agents,” Pacific-Asia Workshop on Computational Intelligence and Industrial Application, pp. 553-557.
[30] S. Axelsson(2000), “The Base-Rate Fallacy and the Difficulty of Intrusion Detection,” ACM Transactions on Information and System Security (TISSEC), Vol. 3, pp. 186-205.
延伸閱讀
- 伊遠正(2020)。模組化核心層級入侵偵測與防禦系統以及使用RPS/RFS機制提升效能的研究〔碩士論文,國立暨南國際大學〕。華藝線上圖書館。https://doi.org/10.6837/ncnu202000019
- 劉政秀(2005)。以環境相依之防禦網為基礎提升網路入侵偵測系統之效能〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200500706
- Wang, H. J. W. (2011). 無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統存活度之高效網路規劃與防禦策略 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2011.01500
- Chen, B. T., & Huang, Y. L. (2010). The Design and Implementation of a Multi-core Supported Network Intrusion Detection System. In 中華民國資訊安全學會 (Ed.), 全國資訊安全會議 (pp. 175-180). 中華民國資訊安全學會. https://doi.org/10.29615/CISC.201005.0175
- 吳政倫(2005)。Design and Implementation of Intrusion Detection System Based on IP/VPN for Enterprise〔碩士論文,亞洲大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0118-0807200916282988