有效防範網路蠕蟲攻擊技術之研究

無遠弗屆的網路讓全世界的資源可以串連共享，使得網際網路成為彼此間資訊傳遞最便捷的途徑，但也提供了網路蠕蟲散佈的最佳溫床。網路蠕蟲的產生，主要是利用作業系統與各類應用程式漏洞所設計，而網路蠕蟲便以網際網路作為其活躍的舞台與傳播的媒介，往往能夠引發大規模攻擊活動，除了能直接耗盡網路資源外，更間接地造成社會、經濟鉅額的損失，因此，如何抵禦駭客利用這些漏洞來引發大規模的網路蠕蟲攻擊，進而降低資訊危安風險將是現今重要的課題，本文嘗試針對網路蠕蟲之攻擊特徵、功能架構及感染擴散模式等方面進行探討與分析，並結合現有之網路流量分析工具NetFlow、入侵預防系統（IPS）Snort-inline及誘捕系統Honeypot技術提出一套有效的偵測防禦系統，以確實防制網路蠕蟲的攻擊與擴散。

關鍵字

網路蠕蟲；入侵預防系統；資訊安全

並列摘要

Internet worms work by exploiting vulnerabilities in operating systems and application software that run on end systems. The attacks compromise security and degrade network performance. They cause large economic losses for businesses, in terms of system downtime and lost worker productivity. With the increasing density, inter-connectivity and bandwidth of the Internet combined with security measures that inadequately scale, worms will continue to plague the Internet community. Existing anti-virus and intrusion detection systems are clearly inadequate to defend against many recent fast-spreading worms. This paper investigate the techniques such as network analysis software (NetFlow), intrusion protection system (Snort-inline) and Honeypot system to more efficiently detect and prevent Internet worm attack. The proposed method can use for effectively detection and protection of Internet worms attack for information security applications.