政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/114948
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113656/144643 (79%)
Visitors : 51747283      Online Users : 609
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/114948


    Title: 以網路流量偵測SSH字典攻擊之研究
    Authors: 薛昱仁
    蕭漢威
    Keywords: 字典攻擊;網路流量;資料探勘;網路攻擊
    Dictionary Attack NetFlow Data Mining Network Attack
    Date: 2008
    Issue Date: 2017-11-30 14:30:48 (UTC+8)
    Abstract: 隨著各式網際網路應用程式的快速發展,在網路上進行身份認證是無可避免的流程,密碼認證的方法是目前仍無法取代的認證方式。而字典攻擊手法為利用字典中經常出現的字詞猜測使用者可能的密碼,所以這類字典攻擊的技術仍被入侵者拿來做為主要的入侵手段之一。近年來觀察台灣學術網路,經常有許多入侵者以字典攻擊的方法試圖入侵學校的主機,這類的攻擊方法因為網路程式的技術日益發達,有許多利用字典攻擊自動入侵的機制被發展出來,所以這類的攻擊事件有越來越嚴重的趨勢,造成了各級網管人員的困擾。
    本研究利用了網路 NetFlow 的流量資料,蒐集了針對 SSH 進行字典攻擊的流量記錄,以資料探勘中分類分析的技術建立了一個有效的偵測模組。在本研究中實證了這個偵測模組有很好的效果,在預測準確率上可達 90% 以上的正確率。相信這個研究的結果未來可以有效的提供網路管理人員從網路流量的記錄中自動找出那些潛在進行的SSH字典攻擊行為,對於提高網路安全防護具有很大的幫助。
    With the rapid growth of technology, there are a lot of applications system needs to authenticate on the Internet environment. Password is an intrinsic way for authentication in our daily life. Adversaries attempt to login accounts by trying all possible password is called dictionary attack. When we inspected the server authentication logs in the TANET environment, there are a lot of login failed records. It implies that dictionary attack is a serious intrusive event. and is needed to defend .
    In this paper, we proposed an SSH dictionary attack detection module. We used two well-known data mining classification algorithms, Naive Bayes and C4.5 to build our detection module. We collected real world SSH normal and dictionary attack NetFlow data in a month as training samples. As a research result, This detection module has over and above 90% accuracy detection rate. In the future, we hope this research result that could be helpful for network managers to detect implicit dictionary attack behaviors using network traffic data and improve the network security.
    Relation: 2008台灣網際網路研討會論文發表論文集
    資訊安全(含資訊倫理、智慧財產權保護)
    Data Type: conference
    Appears in Collections:[TANet Conference] Conference Papers

    Files in This Item:

    File Description SizeFormat
    788.pdf190KbAdobe PDF2356View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback