| 题名 |
基於時間域之惡意連線偵測系統設計與實作 |
| DOI |
10.29428/9789860544169.201801.0061 |
| 作者 |
郭振忠;曾鼎凱;林殿智;楊竹星 |
| 关键词 |
惡意流量 ; Netflow ; 異常偵測 ; 入侵偵測系統 ; Malicious Network Traffic ; Netflow ; abnormal detection ; Anomaly-Based ; Intrusion Detection |
| 期刊名称 |
NCS 2017 全國計算機會議 |
| 卷期/出版年月 |
2017(2018 / 01 / 01) |
| 页次 |
323 - 326 |
| 内容语文 |
繁體中文 |
| 中文摘要 |
近年來網路的發展已大大的改變人類的生活方式,人們的日常生活已漸漸離不開網路,然而網路使用上便利、匿名的特性,亦讓有心人士有機可趁。本研究發現當惡意網路攻擊產生時,常透過一連串的網路行為來達到匿蹤分散來避免遭到偵測,而這一連串的動作即為攻擊的前兆。目前大部分的研究皆以單一flow/IP 來進行惡意偵測,而忽略flow 間的先後關聯性亦是偵測重點之一。本研究利用懷疑名單、黑名單與網路異常行為分析,並透過追朔及追蹤的方式找出潛藏在內部的惡意使用者。 |
| 英文摘要 |
Nowadays, development of network influences and changes our life a lot. People can almost do everything through the network, and this is what we should be aware of. The availability and anonymity of network are convenient to normal users, but also benefit attackers/hackers too. Our research focus on the time and space distribution method that the malicious flows do to avoid detection. Most of the current research focus on single flow/IP, but actually the relationship between flow/IP in time and space dimension are significant. Using suspicious list, blacklist, and malicious traffic behavior with time traceback and space distributed method, we can effectively and efficiently figure out potential inner malicious device. |
| 主题分类 |
基礎與應用科學 >
資訊科學 |
