English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 109948/140897 (78%)
Visitors : 46102989      Online Users : 1131
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/113732


    Title: Designing a Collaborative Defense System
    Authors: Hsin, Wen-Yi
    Tseng, Shian-Shyong
    Lin, Shun-Chieh
    Keywords: 網路應用安全;入侵偵測系統;有限狀態機;網路處理器
    Collaborative Defense Collaborative security Cooperative Intrusion Detection Distributed
    Date: 2005
    Issue Date: 2017-10-17 17:04:14 (UTC+8)
    Abstract: 本篇論文提出一個以警報資料為基礎的聯合防禦解決方案。大量日誌記錄與警報資料很難分析,造成系統管理員無法掌控狀況且無法針對事件的處理做出立即的決策。我們延伸分散式入侵偵測的模式,提出一個聯合防禦的架構,包含警報收集、萃取、分析、回報、資料倉儲和分析。此外我們發展一個混合式的安全資訊分享的方法,就像升起狼煙警告其他夥伴一般,參與電腦安全事件回報團隊的成員能獲得安全防禦相關的解決資訊。這個架構提供學術界和企業界一個建立有效合作的安全聯防團隊方案。經由評估實驗,並追查出SQL Slammer 蠕蟲的傳播情形。結果發現,透過聯合防禦的機制,廣泛部署系統,能更加準確地追查出攻擊的行為,並且可以協助成員評估威脅的衝擊和採取適當的行動來降低風險。
    This paper proposes a lightweight alert-based collaborative defense solution. Because it is hard to analyze a large number of logs and alerts, the administrator can not control the situation and make decision immediately. We propose a framework for collaborative defense by extending the original distributed intrusion detection model. It contains alert’s collector, extractor, analyzer, report’s generator, alert warehouse and alert’s analysis. Besides, we develop a hybrid approach to share security information like raising the wolf smoke to warn partners. By the security information sharing, the members of CSIRT can obtain the solutions of defense, such as blacklists, detection rules, and security knowledge about alerts. The framework provides a solution to build effective cooperative security teams for academia and industry. We evaluate the feasibility of our framework and track the spreading behaviors of the SQL Slammer Worm. As a result, we can deploy security system more widely and detect the aggressor`s behavior more accurately. The alert-based collaborative defense mechanism can help members to evaluate the impact of the threats and take proper actions to mitigate the risk.
    Relation: TANET 2005 台灣網際網路研討會論文集
    資訊安全技術
    Data Type: conference
    Appears in Collections:[TANET 台灣網際網路研討會] 會議論文

    Files in This Item:

    File Description SizeFormat
    348.pdf838KbAdobe PDF2159View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback