跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 石明裕
Ming-Yu Shih
論文名稱: TPSH: A Mechanism to Transform a Productive System to a Honeypot
指導教授: 許富皓
Fu-Hau Hsu
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
論文出版年: 2020
畢業學年度: 108
語文別: 中文
論文頁數: 37
中文關鍵詞: Snort蜜罐虛擬機遷移
外文關鍵詞: Snort, Honeypot, VM Migration
相關次數: 點閱:9下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    •   傳統上,企業大多採取防火牆、入侵偵測系統和防毒軟體這一類的被動式防禦,這些防禦措施通常是仰賴既有的規則,針對已知的攻擊型態進行防禦,如果遇到從未出現過的新型態攻擊,這些防禦就會形同虛設一般。

      蜜罐(Honeypot)是近年來興起的一種主動式防禦,透過模擬一個網路服務或有漏洞的環境,吸引攻擊者來入侵,藉此收集攻擊者入侵機器的資訊。透過這些資訊,可以了解攻擊者所使用的攻擊手法,並針對現有防護中較為脆弱的部分進行補強。

      然而,現有的蜜罐卻有一些限制,例如,攻擊者可能會察覺蜜罐的存在、蜜罐收集的資訊不夠貼近真實情況、佈建無生產力的蜜罐需要消耗額外的資源等等。

      本篇論文整合了入侵偵測系統、蜜罐以及虛擬機遷移機制,將一個生產系統轉換成一個蜜罐,能夠克服上述蜜罐現有的限制。

      Traditionally, enterprises have adopted passive defenses such as firewalls, intrusion detection systems and anti-virus software. These defenses usually rely on established rules to defend against known attack patterns. Faced with a new type of attack that has never appeared, these defenses will be completely useless.

      Honeypot is an active defense that has emerged in recent years. By emulating a network service or a vulnerable environment, it attracts attackers to invade, thereby collecting information about attackers invading machines. Through this information, enterprise can understand the attack methods used by attackers and strengthen the weaker parts of the existing protection.

      However, the existing honeypots have some limitations. For example, an attacker may detect the existence of honeypots, the information collected by honeypots is not close enough to the real situation, and the deployment of an unproductive honeypot requires additional resources.

      This paper integrates intrusion detection system, honeypot and virtual machine migration mechanism to transform a productive system into a honeypot, which can overcome the existing limitations of honeypots.

    摘要 i Abstract ii 誌謝 iii 目錄 iv 圖目錄 vi 表目錄 vii 第 1 章 緒論 1 第 2 章 背景介紹 3   2.1 Snort 3   2.2 VM Migration 4 第 3 章 相關研究 6   3.1 低互動式蜜罐 8   3.2 高互動式蜜罐 10 第 4 章 TPSH 10  4.1 設計原則 10  4.2 系統架構 11  4.3 系統元件 12  4.3.1 Snort 架構 12  4.3.2 Migration Controller 14  4.3.3 Activity Monitor 15 第 5 章 實驗結果及分析 17   5.1 實驗環境 17   5.2 功能測試 17   5.3 效能測試 18   5.4 比較 19 第 6 章 討論 22 第 7 章 總結 23 參考文獻 24

    [1] C. S. Martin Roesch. (2019). Snort, [Online]. Available: https://www.snort.org (visited on 07/22/2020).

    [2] E. Alata, V. Nicomette, M. Kaâniche, M. Dacier, and M. Herrb, “Lessons learned from the deployment of a high-interaction honeypot,” in 2006 Sixth European Dependable Computing Conference, IEEE, 2006, pp. 39–46. (visited on 07/22/2020).

    [3] A. Almutairi, D. Parish, and R. Phan, “Survey of high interaction honeypot tools: Merits and shortcomings,” in Proceedings of the 13th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting, PGNet2012. PGNet, 2012. (visited on 07/22/2020).

    [4] J. D. Guarnizo, A. Tambe, S. S. Bhunia, M. Ochoa, N. O. Tippenhauer, A. Shabtai, and Y. Elovici, “Siphon: Towards scalable high-interaction physical honeypots,” in Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, 2017, pp. 57–68. (visited on 07/22/2020).

    [5] A. Mairh, D. Barik, K. Verma, and D. Jena, “Honeypot in network security: A survey,” in Proceedings of the 2011 international conference on communication, computing & security, 2011, pp. 600–605. (visited on 07/22/2020).

    [6] I. Mokube and M. Adams, “Honeypots: Concepts, approaches, and challenges,” in Proceedings of the 45th annual southeast regional conference, 2007, pp. 321–326. (visited on 07/22/2020).

    [7] V. Nicomette, M. Kaâniche, E. Alata, and M. Herrb, “Set-up and deployment of a high-interaction honeypot: Experiment and lessons learned,” Journal in computer virology, vol. 7, no. 2, pp. 143–157, 2011. (visited on 07/22/2020).

    [8] S. Nithin Chandra and T. Madhuri, “Cloud security using honeypot systems,” International Journal of Scientific & Engineering Research, vol. 3, no. 3, p. 1, 2012. (visited on 07/22/2020).

    [9] thinkst. (2019). Opencanary, [Online]. Available: https://github.com/thinkst/opencanary (visited on 07/22/2020).

    [10] firnsy. (2020). Barnyard 2, [Online]. Available: https://github.com/firnsy/barnyard2 (visited on 07/22/2020).

    [11] Microsoft. (2019). Process monitor, [Online]. Available: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon (visited on 07/22/2020).

    [12] T. W. team. (2020). Wireshark, [Online]. Available: https://www.wireshark.org (visited on 07/22/2020).

    [13] P. H. Tom Preston-Werner Chris Wanstrath. (2008). Github, [Online]. Available: https://github.com/ (visited on 07/22/2020).

    [14] ytisf. (2014). Thezoo, [Online]. Available: https://github.com/ytisf/theZoo (visited on 07/22/2020).

    [15] (2020). Any.run, [Online]. Available: https://any.run/ (visited on 07/22/2020).

    [16] (2016). Cyberswachhtakendra, [Online]. Available: https://www.cyberswachhtakendra.gov.in/index.html (visited on 07/22/2020).

    QR CODE
    :::