簡易檢索 / 詳目顯示
| 研究生: |
邱建宏 Jian-Hung Chiou |
|---|---|
| 論文名稱: |
以系統呼叫為基礎改良式迴圈簡化演算法之異常入侵偵測系統理論與實作 |
| 指導教授: |
許富皓
Fu-Hau Hsu 陳彥文 Y. W. Chen |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 通訊工程學系 Department of Communication Engineering |
| 畢業學年度: | 94 |
| 語文別: | 中文 |
| 論文頁數: | 60 |
| 中文關鍵詞: | 異常入侵偵測 、系統呼叫 、迴圈簡化演算法 、Linux核心 |
| 外文關鍵詞: | system call, anomaly intrusion detection, and Linux kernel, loop reduction algorithm |
| 相關次數: | 點閱:7 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
近年來,網路安全事件頻傳,使用誤用入侵偵測技術可以有效偵測出已知攻擊,然而對於新型態的攻擊便無法偵測出。此時,異常入侵偵測正好提供了另外一個思考觀點,亦即對應用程式建立正常行為的資料庫,若有異於正常的行為則視為攻擊。Forrest (1996)發現程式所產生的系統呼叫可用來表示程式的行為,之後,陸陸續續有許多相關研究發表,本論文基於迴圈簡化演算法所造成的缺點來進行改良,且進一步可以判斷是否為攻擊者的偽造系統呼叫。此外,針對系統呼叫截取所造成的效能下降,亦提供了一項核心修改解決方案。透過本論文所提出的方式可以更具體地描述程式的行為,且為作業系統本身提供一個更加安全的防護。
In recent years, network security events have undergone a major renaissance. Using misuse intrusion detection technology can detect attacks effectively, however, it cannot detect new kind of attacks. At this time, anomaly intrusion detection techniques provide another viewpoint that the database of normal behavior can be constructed according to application program, and it will detect deviations from this norm as attacks. Forrest (1996) shows the novel idea that system calls derived from application program can describe the behavior of program. Afterwards, a body of research has been published continually. In this paper, we modify the main drawbacks of loop reduction algorithm and determine whether the faked system calls made by attackers or not. Furthermore, we also put up a modified kernel approach to improve the declined effectiveness caused by system call interception. Therefore, in this paper we provide a method to describe the program behavior concretely, and afford a safer protection to operating systems.
[ASF BULLETIN 20020620] apache 安全漏洞公告http://httpd.apache.org/info/security_bulletin_20020617.txt
[CBS 2006] Abhishek Chaturvedi, Sandeep Bhatkar and R. Sekar, “Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments,” In IEEE Symposium on Security and Privacy, May 2006
[CVE-2004-0488] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0488
[DEKLST 2002] Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep Srivastava, and Pang-Ning Tan, “Data Mining for Network Intrusion Detection,” In Proceedings of NSF Workshop on Next Generation Data Mining, 2002.
[ELS 2001] E. Eskin, W. Lee, and S. J. Stolfo, “Modeling system calls or intrusion detection with dynamic window size,” In Proceedings of DARPA Information Survivability Conference & Exposition II, 2001(DISCEX ''01), Anaheim, CA, June 2001.
[FHSL 1996] S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff , “A sense of self for unix processes,” In Proceedings of the 1996 IEEE Symposium on Security and Privacy, Los Alamitos, CA, 1996.
[FKFLG 2003] Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, and Weibo Gong, “Anomaly Detection Using Call Stack Information,” In Proceedings of the 2003 IEEE Symposium on Security and Privacy.
[GJM 2002] Jonathon T. Giffin Somesh Jha Barton P. Miller, “Detecting Manipulated Remote Call Streams,” In the 11 th USENIX Security Symposium, 2002.
[gobbles-own-linux.c]
http://members.lycos.co.uk/r34ct/main/PRIVATE/spl0it/gobbles-own-linux.c
[HF 2000] S. A. Hofmeyr, S.Forrest, “Intrusion detection using sequences of system calls,” (http://www.cs.virginia.edu/~jones/cs851sig/slides/forrest-signature.ppt)
[HFS 1998] S. A. Hofmeyr, S. Forrest, and A. Somayaji , “Intrusion detection using sequences of system calls,” In Journal of Computer Security, Volume 6, pages 151-180, 1998.
[KMVV 2003] C Kruegel, D Mutz, F Valeur, G Vigna – Springer, “On the detection of anomalous system call arguments,” In the 8th European Symposium on Research in Computer Security, 2003.
[LC 2004] L.C. Lam and T.C. Chiueh, “Automatic Extraction of Accurate Application-Specific Sandboxing Policy,” In RAID 2004 , pages 1-20
[LM 2005] Alexander Liu, Cheryl Martin, “A Comparison of System Call Feature
Representations for Insider Threat Detection,” In Proceedings of the 2005 IEEE
Workshop on Information Assurance and Security.
[LSSP 2005] Jidong Long, Daniel G. Schwartz, Sara Stoecklin, and Mahesh K. Patel
, “Application of Loop Reduction to Learning Program Behaviors for Anomaly Detection,” In the Conference of Information Technology Coding and Computing, 2005.
[LV 2002] Yihua Liao, V. Rao Vemuri, “Using Text Categorization Techniques for Intrusion Detection,” In the 11 th USENIX Security Symposium, 2002.
[openssl-too-open.c] http://bismark.extracon.it/exploits/archivio/files/SSL_ETC/APACHEOPENSSL_2.C
[RHSA-2004:245-14] “Moderate: apache, mod_ssl security update,” In http://rhn.redhat.com/errata/RHSA-2004-245.html
[SBDB 2001] R. Sekar M. Bendre D. Dhurjati P. Bollineni, “A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors,” In Proceedings of the 2001 IEEE Symposium on Security and Privacy.
[SecurityFocus 1] “Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability,” In http://www.securityfocus.com/bid/10355
[SecurityFocus 2] “Apache Chunked-Encoding Memory Corruption Vulnerability,” In http://www.securityfocus.com/bid/5033
[WD 2001] D. Wagner and D. Dean, “Intrusion detection via static analysis,” In Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California, 2001.
[WDD 2000] A. Wespi, M. Dacier, and H. Debar, “Intrusion detection using variable-length audit trail patterns,” In Proceedings of the 3rd symposium on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France, October 2000.
[YA 2004] M.M. Yasin and A.A.Awan, “A Study of Host-Based IDS using System Calls,” In IEEE Networking and Communication, 2004, June 2004.
