Responsive image
博碩士論文 etd-0729105-105839 詳細資訊
Title page for etd-0729105-105839
論文名稱
Title
以支援向量機為基礎之後門程式偵測
Backdoor Detection based on SVM
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
59
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2005-07-25
繳交日期
Date of Submission
2005-07-29
關鍵字
Keywords
支援向量機、資料探勘與分類分析、入侵偵測、後門程式
Intrusion Detection, Backdoor, Data Mining and Classification, SVM
統計
Statistics
本論文已被瀏覽 5862 次,被下載 0
The thesis/dissertation has been browsed 5862 times, has been downloaded 0 times.
中文摘要
隨著電腦科技的進步,網路的使用率迅速成長,網路安全也日益被重視。根據相關資料顯示,網路惡意程式的氾濫與猖獗日益嚴重,如病毒、網蟲、後門和木馬程式…等等。而後門程式更是有明顯成長的趨勢,它可以穿越企業的安全架構,如防火牆、防毒軟體,更會竊取機密資訊、佔用網路資源、當作跳板主機、甚至進行大規模的攻擊(如分散式阻斷服務攻擊)。
在文獻中我們分析後門程式的特性與種類,探討資料挖礦和支援向量機(Support Vector Machine)於入侵偵測的應用,本研究主要會專注於後門程式連線之偵測,且提出一個偵測後門程式連線行為的架構。此架構是以支援向量機分類演算法為基礎,它是Vapnik為了解決在類神經網路上不可避免的問題所提出的方法,主要是建立在統計學習理論基礎之上的機器學習方法。
在系統模組與驗證方面,本研究選擇適合在小型區域網路的IPAudit流量監控軟體以及支援向量機的分類軟體libsvm。利用libsvm將IPAudit所擷取的封包進行交互式流量進行分類,進一步與我們所建立的合法服務列表比對,判斷後門程式連線的行為。本研究比對SVM、C4.5、Na
Abstract
With the improvement of computer technologies and the wide use of the Internet, network security becomes more and more significant. According to the relevant statistics, malicious codes such as virus, worms, backdoors, and Trojans launch a lot of attacks. Backdoors are especially critical. Not only can it cross firewalls and antivirus software but also will steal confidential information and misuse network resources and launch attacks such as DDoS(Distributed Denial of Service).
In this research, we analyze the properties and categories of backdoors and the application of data mining and support vector machines in intrusion detection. This research will focus on detecting the behavior of backdoor connection, and we propose a detecting architecture. The architecture is based on SVM, which is a machine learning method based on statistic theory and proposed by Vapnik to solve the problems in Neural Network techniques.
In system modules, this research chooses IPAudit as our network monitor and libsvm as a SVM classifier. The packets captured by IPAudit will be classified into interactive or non-interactive flow by libsvm, and the result will be compared with legal service lists to determine whether a connection is a backdoor connection. We compare the accuracy of SVM, C4.5, and Na
目次 Table of Contents
第一章、緒論 7
第一節、研究背景 7
第二節、研究動機 9
第二章、文獻探討 13
第一節、後門程式之分類 13
第二節、駭客入侵程序 15
第三節、入侵偵測 16
第四節、交互式後門程式之偵測 21
第五節、分類分析技術 22
第六節、後門實例 29
第七節、網路流量收集 31
第三章、偵測方法 36
第一節、問題定義與描述 36
第二節、LIBSVM分類分析工具 37
第三節、系統架構 40
第四節、系統設計 44
第四章、系統評估 49
第一節、SVM分類評估 49
第二節、後門程式偵測評估 52
第五章、結論與未來研究 54
參考文獻 55
英文參考文獻 55
中文參考文獻 57
參考文獻 References
英文參考文獻
[APWG] Anti-Phishing Work Group,http://www.antiphishing.org/
[BBE 04] Benamor N.,BENFERHAT S.,Elouedi Z.,Naive Bayes vs Decision Trees in Intrusion Detection Systems,ACM (SAC),pp 420-424, Mars 2004
[BDJJ 01] BARBARA, D., COUTO, J., JAJODIA, S., POPYACK, L. and WU, N. 2001a, ADAM: Detecting Intrusions by Data Mining, IEEE Workshop on Information Assurance and Security, 2001
[BVN 03] Binh Viet Nguyen, An Application of Support Vector Machines to Anomaly Detection,Research in Computer Science - Support Vector Machine , report,Fall 2002
[CCCS 88-04] CERT/CC Statistics 1988-2004,http://www.cert.org/stats/
[CCCS] CERT/CC Statistics,http://www.cert.org/stats/cert_stats.html
[CCSS 02] 2002 CSI/FBI Computer Crime and Security Survey http://www.gocsi.com/press/20030528.jhtml
[CCSS 04] 2004 CSI/FBI computer crime and security survey http://www.gocsi.com/press/20040609.jhtml
[CINO] Cisco ISO NetFlow Overview,
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080438d7c.html#wp1049258
[CJL] Chih-Wei Hsu.Chih-Chung Chang,Chih-Jen Lin, A Practical Guide to Support Vector Classification, Department of Computer Science and Information Engineering National Taiwan University
[DJC 03] Daniel J. Clark, Backdoor EncryptedTunnels: Detection and Analysis, SANS 2003
[DP 96] P.Domingos and M. Pazzani,Beyond independence: Conditions for the optimality of the simple Bayesian classifier. In Proc. 13th Intl Conf. Machine Learning, 1996
[ID 01] iDEFENSE,US-China Cyber Skirmish of April-May 2001
[IPAU] IPAudit,http://ipaudit.sourceforge.net/index.html
[ISS 99] Internet Security System, http://xforce.iss.net/xforce/alerts/id/advise43
[JLBC 03] John Levine,Brian Culver, A Methodology for Detecting New Binary Rootkit Exploits,IEEE 2003
[LSVM] LIBSVM,http://www.csie.ntu.edu.tw/~cjlin/libsvm/index.html
[MEES 01] Matthew G. Schultz,Eleazar Eskin,Erez Zadok,and Salvatore J. Stolfo,Data Mining Methods for Detection of New Malicious Executables, IEEE,2001
[MLL] MIT Lincoln Laboratories DARPA Intrusion Evaluation Detection,http://www.ll.mit.edu/IST/ideval/index.html 2002
[MQKH 04] Min Qin and Kai Hwang, Anomaly Intrusion Detection by Internet Data mining of Traffic Episodes, ACM(TISSec)March 1, 2004.
[MSB 05] Microsoft Security Bulletin MS05-020,http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx
[MSJG 02] Mukkamala, S. Janoski, G. Sung, A.,Intrusion detection using neural networks and support vector machines, Proceedings of the 2002 International Joint Conference on Neural Networks,IEEE, pp. 710-715, May 2002
[MSSAI 03] Mukkamala S.,and Sung A.H.,Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques, International Journal on Digital Evidence,IJDE Volume 1, Issue 4.
[MSSAF 03] Mukkamala S.,and Sung A.H.,Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transportation Research Board of the National Academies,
Transportation Research Record No.1822,pp.33-39.
[QJC 86] Quinlan, J. R. Induction of Decision Trees, Machine Learning, Vol. 1,1986
[QJC 93] Quinlan, J. R. C4.5: Programs for Empirical Learning. San Mateo, CA,1993
[RD 99] Robert Durst,Testing and evaluating computer intrusion detection systems,ACM 1999
[RXD 03] Rao X, Dong CX, Yang SQ. An intrusion detection system based on support vector machine. Journal of Software, 2003,14(4):798~803.
[SANS] SANS Press,http://www.sans.org/resources/idfaq/
[SOPH] Sophos,http://www.sophos.com/
[SUSA] SCO Unix Security Advisory, http://www.sco.com/support/security/
[SSS] Swiss Security Summit,http://www.securitysummit.net
[SYMA] Symantec,http://www.symantec.com
[TB 00] Tim Bass,Intrusion detection systems and multisensor data fusion Communications of the ACM,pp.99-105,Vol.43,No.4,April 2000
[TCPD] Tcpdump,http://www.tcpdump.org
[TJ 98] Thorsten Joachims,Text Categorization with Support Vector Machines: Learning with Many Relevant Features,Proceedings of the European Conference on Machine Learning,1998,Berlin,pp. 137-142.
[TREND] Trend,http://www.trendmicro.com/en/home/us/enterprise.htm
[VVN 95] Vapnik VN.,The Nature of Statistical Learning Theory,New York: Spring-Verlag,1995
[WL 99] Wenke Lee, Savatore J. Stolfo and Kui W. Mok,A data mining framework for building intrusion detection models,Security and Privacy, Proceeding of the 1999 IEEE symposium on,9-1 May 1999,p120-132
[WSM2 99] Wenke Lee, Salvatore J. Stolfo and Kui W. Mok.,Mining in a data-flow environment: Experience in network intrusion detection,ACM SIGKDD 1999
[YZVP 00] Y. Zhang, and V. Paxson. Detecting Backdoors, Proceedings of the 9th USENIX Security Symposium,Aug14-17,2000
[ZL 04] ZHANG Lian-hua, ZHANG Guan-hua, YU Lang, ZHANG Jie, BAI Ying-cai, Intrusion detection using rough set classification,Journal of Zhejiang University SCIENCE,2004 Vol.5 No.9 p.1076-1086
中文參考文獻
[B 00] 林秉忠,台灣網路安全性之評估,國立中山大學資管所 2000
[CHEN 02] 陳英傑、林國樹、范谷良、黃景彰,探究網路線上遊戲引發之司法與資訊安全問題,第四屆2002年網際空間---資訊、法律與社會學術研究暨實務研討會論文集
[H03] 蕭漢威、曾金山、魏志平、楊竹星,以網際網路流量進行網路服務分類預測之研究,TANET, 2003
[H04] 蕭漢威,以資料探勘方法協助偵測網路服務不當使用之研究,國立中山大學資管博士班論文, 2004
[LAI01] 賴冠州 楊明豪,網路駭客手冊「後門的攻擊、偵測與防禦」,2001 旗標出版股份有限公司
[MJGS] Michael J. A. Berry, Gordon S. Linoff,資料挖礦理論與實務-顧客關係管理的技巧與科學,數博網資訊股份有限公司。
[S 00] 黃世昆,防止攻擊跳板主機的安全管理策略,中央警察大學論文發表 2000年
[SIST 04]賽門鐵克網路安全威脅研究報告重點摘要2004,http://www.symantec.com/region/tw/avcenter/threat_report.html
[SKY] 網路後門面面觀,http://www.skynet.com.tw/8/h3.htm
[Y 04] 王岳忠,網路攻擊新趨勢-Bot,2004 http://shoppingguide.ithome.com.tw/interview/print/interview2004-10-27-001.html
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available

您的 IP(校外) 位址是 3.81.184.170
論文開放下載的時間是 校外不公開

Your IP address is 3.81.184.170
This thesis will be available to you on Indicate off-campus access is not available.

紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code