基於誘捕與弱點檢測技術建構高安全無線區域網路

Constructing Highly Secure Wireless Local Area Networks Based on Honeypot and Vulnerability Scan Techniques

10.6382/JIM.201210.0739

曹偉駿(Woei-Jiunn Tsaur)；黃偉智(Wei-Chih Huang)；蔡欣潔(Shin-Chieh Tsai)

網路安全 ； 無線區域網路 ； 誘捕系統 ； 弱點檢測 ； Network Security ； Wireless Local Area Networks ； Honeypot ； Vulnerability Scan

資訊管理學報

19卷4期（2012 / 10 / 01）

739 - 767

繁體中文

由於資訊的爆炸與科技的進步，網路的應用儼然與我們的生活產生了密不可分的關係，但是安全問題也隨之而起。雖然目前有許多的安全工具可以成功地偵測、攔截或者掃除某特定入侵行為，但卻少有工具可以在受到駭客未知型的攻擊入侵時，能及時做出適當的反應措施，其原因在於現行安全檢測工具大多採用資料庫特徵比對的方式進行檢測，所以才會造成無法及時偵測出未知型入侵攻擊的狀況，因此往往會錯失防護的時機與捕獲入侵者的機會。有鑑於上述安全檢測方法之缺失，本研究首先建立一個高誘捕率的無線誘捕系統（Wireless Honeypot），進而加入鍵擊側錄與弱點檢測模組，以求更加詳盡的收集與分析入侵者惡意行為，如此一來不僅能夠大幅降低入侵偵測的誤判與增加WLAN的安全性，更能在受到未知型的駭客入侵前進行防護，把所有可能造成的損失降至最低。

With the information explosion and technological progress, the applications of networks have already been bound up with our daily life. Meanwhile, security problems have arisen following this. Although there are many security tools that can successfully detect, intercept or remove certain kinds of intrusions, few tools can give response and find solutions promptly when the system is being attacked and intruded by unknown hackers. Current security detection tools execute the detection mostly via the method of signature comparison, so that unknown attacks and intrusions cannot be detected in time. Therefore, opportunities to defend the system and to capture the intruders are likely to slip.In view of the defects of security detection tools mentioned above, this study will construct a wireless honeypot of high arrestment rate together with keyloggers and vulnerability scan modules in order to collect and analyze intruders' malicious behavior more exhaustively. In this way, the false positive rate of intrusion detection will be greatly reduced and the security of WLAN will be dramatically improved, and therefore the proposed protection mechanism can get underway before unknown hackers start to attack, by which potential losses will be minimized.

1. Siles, R. (2007), HoneySpot: the Wireless Honeypot, Spanish Honeynet Project..
2. The Honeynet Project (2010), available at http://www.honeynet.org (accessed 10 December 2010).
3. Honeypots: Definitions and Value of Honeypots (2003), available at http://www.tracking-hackers.com/papers/honeypots.html (accessed 20 December. 2010).
4. Artaila, H.,Safab, H.,Sraja, M.,Kuwatlya, I.,Al-Masria, Z.(2006).A hybrid Honeypot framework for improving intrusion detection systems in protecting organizational networks.Computers & Security,25(4),274-288.
5. Balas, E.,Travis, G.,Viecco, C.(2006).A dynamic filtering technique for Sebek system monitoring.Proceedings of the Information Assurance Workshop,West Point, NY, USA:
6. Beheshti, M.,Wasniowski, R.(2007).Data fusion support for intrusion detection and prevention.Proceedings of Fourth International Conference on Information Technology,Las Vegas, Nevada, USA:
7. Benini, M.,Sicari, S.(2008).Risk assessment in practice: a real case study.Computer Communications,31(15),3691-3699.
8. Biermann, E.,Cloete, E.,Venter, L.M.(2001).A comparison of intrusion detection system.Computers & Security,20(8),676-683.
9. Cheswick, B.(1991).An evening with berferd.Proceedings of USENIX,San Francisco, CA, USA:
10. Denning, D.E.(1987).An intrusion detection model.IEEE Transactions on Software Engineering,13(2),222-232.
11. Hilley, S.(2002).At last, a Wireless Honeypot.Network Security,8,1-2.
12. Kim, D.,Koh, S.,Kim, S.(2006).An integrated scheme for intrusion detection in WLAN.Proceedings of International Conference on Information Networking, Advances in Data Communications and Wireless Networks,Sendai, Japan:
13. Lim, Y.,Schmoyer, T.,Levine, J.,Owen, H.(2003).Wireless intrusion detection and response.Proceedings of the IEEE Workshop on Information Assurance,West Point, NY, USA:
14. Mukkamala, S.,Yendrapalli, K.,Basnet, R.,Shankarapani, M.K.,Sung, A.H.(2007).Detection of virtual environments and low interaction Honeypots.Proceedings of the Information Assurance and Security Workshop,West Point, NY, USA:
15. Potter, B.(2004).Wireless Intrusion Detection.Network Security,2004(4),4-5.
16. Sobh, T.(2006).Wired and wireless intrusion detection system: classifications, good characteristics and state-of-the-art.Computer standards & interfaces,28(6),670-694.
17. Spitzner, L.(2002).Honeypot: Tracking Hackers.Boston, MA, USA:Addison Wesley.
18. Stoll, C.(1990).The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage.New York:Pocket Books.
19. Verwoerd, T.,Hunt, R.(2002).Intrusion detection techniques and approaches.Computer Communications,25(15),1356-1365.
20. Viecco, C.(2007).Improving Honeynet data analysis.Proceedings of the IEEE Workshop on Information Assurance and Security,West Point, NY, USA:
21. Wang, S.,Tao, R.,Wang, Y.,Zhang, J.(2003).WLAN and it's security problems.Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies,Chengdu, China:
22. Watson, D.(2007).Honeynets: a tool for counterintelligence in online security.Network Security,2007(1),4-8.
23. Yang, L.,Wang, J.L.,Tian, Z.H.,Lu, T.B.,Chen, Y.(2009).Building lightweight intrusion detection system using wrapper-based feature selection mechanisms.Computers & Security,28(6),466-475.
24. Yek, S.(2003).Measuring the effectiveness of deception in a wireless Honeypot.Proceedings of the 1st Australian Computer, Network & Information Forensics Conference,Perth, WA, Australia:
25. Yek, S.(2004).Implementing network defense using deception in a wireless Honeypot.Proceedings of the 2nd Australian Computer, Network & Information Forensics Conference,Perth, WA, Australia: