English  |  正體中文  |  简体中文  |  Post-Print筆數 : 11 |  Items with full text/Total items : 88866/118573 (75%)
Visitors : 23555041      Online Users : 229
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://nccur.lib.nccu.edu.tw/handle/140.119/114948

    Title: 以網路流量偵測SSH字典攻擊之研究
    Authors: 薛昱仁
    Keywords: 字典攻擊;網路流量;資料探勘;網路攻擊
    Dictionary Attack NetFlow Data Mining Network Attack
    Date: 2008
    Issue Date: 2017-11-30 14:30:48 (UTC+8)
    Abstract: 隨著各式網際網路應用程式的快速發展,在網路上進行身份認證是無可避免的流程,密碼認證的方法是目前仍無法取代的認證方式。而字典攻擊手法為利用字典中經常出現的字詞猜測使用者可能的密碼,所以這類字典攻擊的技術仍被入侵者拿來做為主要的入侵手段之一。近年來觀察台灣學術網路,經常有許多入侵者以字典攻擊的方法試圖入侵學校的主機,這類的攻擊方法因為網路程式的技術日益發達,有許多利用字典攻擊自動入侵的機制被發展出來,所以這類的攻擊事件有越來越嚴重的趨勢,造成了各級網管人員的困擾。
    本研究利用了網路 NetFlow 的流量資料,蒐集了針對 SSH 進行字典攻擊的流量記錄,以資料探勘中分類分析的技術建立了一個有效的偵測模組。在本研究中實證了這個偵測模組有很好的效果,在預測準確率上可達 90% 以上的正確率。相信這個研究的結果未來可以有效的提供網路管理人員從網路流量的記錄中自動找出那些潛在進行的SSH字典攻擊行為,對於提高網路安全防護具有很大的幫助。
    With the rapid growth of technology, there are a lot of applications system needs to authenticate on the Internet environment. Password is an intrinsic way for authentication in our daily life. Adversaries attempt to login accounts by trying all possible password is called dictionary attack. When we inspected the server authentication logs in the TANET environment, there are a lot of login failed records. It implies that dictionary attack is a serious intrusive event. and is needed to defend .
    In this paper, we proposed an SSH dictionary attack detection module. We used two well-known data mining classification algorithms, Naive Bayes and C4.5 to build our detection module. We collected real world SSH normal and dictionary attack NetFlow data in a month as training samples. As a research result, This detection module has over and above 90% accuracy detection rate. In the future, we hope this research result that could be helpful for network managers to detect implicit dictionary attack behaviors using network traffic data and improve the network security.
    Relation: 2008台灣網際網路研討會論文發表論文集
    Data Type: conference
    Appears in Collections:[TANET 台灣網際網路研討會] 會議論文

    Files in This Item:

    File Description SizeFormat
    788.pdf190KbAdobe PDF198View/Open

    All items in 政大典藏 are protected by copyright, with all rights reserved.

    社群 sharing

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback