資訊管理學報
蕭漢威;楊錦生;魏志平;馬淑貞;
頁: 1-25
日期: 2007/04
摘要: 隨著網際網路與電子商務的蓬勃發展,網路安全的議題日趨重要,在眾多網路安全事件中,阻斷服務攻擊(Denial of Service)為近年來造成網路傷害的主要原因之一。阻斷服務攻擊主要是由攻擊者對特定目標傳送大量封包來進行攻擊,使得被攻擊者無法提供服務給正常的使用者,其影響範圍除造成正常使用者無法使用網路服務外,更可能造成進一步的商業損失。在這樣的環境下,如何有效的偵測出阻斷服務攻擊事件,並進行適當的防禦,對於網路管理人員而言是一項迫切且必須的工作。阻斷服務攻擊經常會使用IP Spoof的技術,以偽造的來源IP來進行攻擊,使得網路管理者無法輕易的找出攻擊來源,並使以網路第三層資訊為塞礎的入侵偵測系統無法有效進行防禦。為能有效地偵測網路中的阻斷服務攻擊事件,並克服IP Spoof可能造成的偵測困難,本研究以網路設備的SNMP流量為塞礎,運用資料探勘中的分類分析技術,提出了一個阻斷服務攻擊偵測及防禦系統,並以實際企業網路和學校宿舍網路來評估系統的偵測效能。評估結果顯示,本研究所提偵測系統可以達到相當好的預測準確率,在企業和學校宿舍網路環境下,其準確率分別可達到99.78%與98.59%以上,且遺漏率與誤報率也控制在相當低的程度。
關鍵字: 網路安全;阻斷服務攻擊;攻擊偵測;資料探勘;
Abstract: With the advances in networking technologies, organizations have increasingly participated in or shifted to the Internet environment to conduct business transactions. According to prior research on E-business, network security is one of the key factors for E-business success. Denial of service (DoS) attack, which aims at rendering a computer or network incapable of providing normal services, is a major cause of current network insecurity. Existing DoS attack defense mechanisms (e.g., firewalls and intrusion detection systems) typically rely on packet information gathered from gateways of network systems. Because such packet information is on the IP-layer or above, existing defense mechanisms are incapable of detecting internal attacks or attackers who disguise themselves by spoofing source IP addresses. To address the aforementioned limitations of existing DoS attack defense mechanisms, we propose a classification-based DoS attack detection technique to induce a DoS detection model on the basis of the SNMP data. The constructed DoS detection model is then used for predicting whether a network traffic flowing through a network interface is a DoS attack. To empirically evaluate our proposed classification-based DoS attack detection technique, we collect network traffic data from two different environments, including an enterprise network and a university campus network. Our empirical evaluation results show that the detection accuracy of the proposed technique reaches 99.78% and 98.59% or above in both network environments respectively.
Keywords: Network Security;Denial of Service DoS;Attack Detection;Data Mining;
瀏覽次數: 14725 下載次數: 1374
引用 導入Endnote
頁: 1-25
日期: 2007/04
摘要: 隨著網際網路與電子商務的蓬勃發展,網路安全的議題日趨重要,在眾多網路安全事件中,阻斷服務攻擊(Denial of Service)為近年來造成網路傷害的主要原因之一。阻斷服務攻擊主要是由攻擊者對特定目標傳送大量封包來進行攻擊,使得被攻擊者無法提供服務給正常的使用者,其影響範圍除造成正常使用者無法使用網路服務外,更可能造成進一步的商業損失。在這樣的環境下,如何有效的偵測出阻斷服務攻擊事件,並進行適當的防禦,對於網路管理人員而言是一項迫切且必須的工作。阻斷服務攻擊經常會使用IP Spoof的技術,以偽造的來源IP來進行攻擊,使得網路管理者無法輕易的找出攻擊來源,並使以網路第三層資訊為塞礎的入侵偵測系統無法有效進行防禦。為能有效地偵測網路中的阻斷服務攻擊事件,並克服IP Spoof可能造成的偵測困難,本研究以網路設備的SNMP流量為塞礎,運用資料探勘中的分類分析技術,提出了一個阻斷服務攻擊偵測及防禦系統,並以實際企業網路和學校宿舍網路來評估系統的偵測效能。評估結果顯示,本研究所提偵測系統可以達到相當好的預測準確率,在企業和學校宿舍網路環境下,其準確率分別可達到99.78%與98.59%以上,且遺漏率與誤報率也控制在相當低的程度。
關鍵字: 網路安全;阻斷服務攻擊;攻擊偵測;資料探勘;
Mining Network Traffic Data for Supporting Denial of Service Attack Detection
Abstract: With the advances in networking technologies, organizations have increasingly participated in or shifted to the Internet environment to conduct business transactions. According to prior research on E-business, network security is one of the key factors for E-business success. Denial of service (DoS) attack, which aims at rendering a computer or network incapable of providing normal services, is a major cause of current network insecurity. Existing DoS attack defense mechanisms (e.g., firewalls and intrusion detection systems) typically rely on packet information gathered from gateways of network systems. Because such packet information is on the IP-layer or above, existing defense mechanisms are incapable of detecting internal attacks or attackers who disguise themselves by spoofing source IP addresses. To address the aforementioned limitations of existing DoS attack defense mechanisms, we propose a classification-based DoS attack detection technique to induce a DoS detection model on the basis of the SNMP data. The constructed DoS detection model is then used for predicting whether a network traffic flowing through a network interface is a DoS attack. To empirically evaluate our proposed classification-based DoS attack detection technique, we collect network traffic data from two different environments, including an enterprise network and a university campus network. Our empirical evaluation results show that the detection accuracy of the proposed technique reaches 99.78% and 98.59% or above in both network environments respectively.
Keywords: Network Security;Denial of Service DoS;Attack Detection;Data Mining;
瀏覽次數: 14725 下載次數: 1374
引用 導入Endnote