基于Jini的入侵跟踪系统的初步研究
|
摘要
入侵跟踪是计算机网络安全领域的一个重要技术,其目的是跟踪攻击的真正来源,为报警提供精确的信息,以及事后的犯罪举证和修补网络系统安全漏洞提供可靠依据。
现实网络中“黑客”一般采用先攻陷一些安全性能较薄弱的机器,然后以这些机器为“跳板”对最终目标发动攻击的方式。对于这种攻击方式需要一种可靠且又能够在网络上广泛部署的一个跟踪框架。这就正是本文所要解决的问题。
Jini 是Sun 公司1999 年提出的一种新的分布式计算模型。本文将Jini 的这种分布式计算模型应用到入侵跟踪系统中来,使得整个跟踪系统具有可扩展性,可伸缩型,自适应性,使得该系统可以很容易地与现有系统兼容并容易在Internet上大规模的部署。
本文第一章先介绍了网络安全的基本概念和入侵跟踪的必要性,第二章介绍了当前入侵跟踪的技术,着重介绍了协同的入侵响应框架CITRA,第三章参照CITRA 提出了基于Jini 的入侵跟踪系统框架,对框架的可扩展性,可伸缩性以及自适应性进行了论述,并在第四章中进行了仿真试验,取得了很好的效果。
Intrusion traceback is an important technology in network security aspect,,which is aiming at tracing the real source of attacking, providing precise information for alarm and supplying reliable proof for post-crime testification and improving network system’s security.
In actual network a common attacking means are always adopted by hackers, which will firstly break into some weaker hosts, then attack the terminal objects making the weaker ones as “springboard”. An reliable and universal tracing framework useful in network is required for resolving this attacking means.
Jini is a new distributed system model which is put forword buy Sun company in 1999. In this article Jini was applied in the traceback system. It make the traceback system to be expandable, extensible and self-adaptability. All this make the traceback system is compatible with present exist traceback systems and can be easily deployed broadly in the Internet.
The basic conception of network security and necessity of traceback are introduced in the first chapter. Present traceback technology is described in the second chapter, which emphatically introduces CITRA. According to CITRA, an intrusion traceback framework based on Jini is put forward, whose expandability, extensibility and self-adaptability are discussed. In the fourth chapter simulation experiment is practised . which get excellent result.
现实网络中“黑客”一般采用先攻陷一些安全性能较薄弱的机器,然后以这些机器为“跳板”对最终目标发动攻击的方式。对于这种攻击方式需要一种可靠且又能够在网络上广泛部署的一个跟踪框架。这就正是本文所要解决的问题。
Jini 是Sun 公司1999 年提出的一种新的分布式计算模型。本文将Jini 的这种分布式计算模型应用到入侵跟踪系统中来,使得整个跟踪系统具有可扩展性,可伸缩型,自适应性,使得该系统可以很容易地与现有系统兼容并容易在Internet上大规模的部署。
本文第一章先介绍了网络安全的基本概念和入侵跟踪的必要性,第二章介绍了当前入侵跟踪的技术,着重介绍了协同的入侵响应框架CITRA,第三章参照CITRA 提出了基于Jini 的入侵跟踪系统框架,对框架的可扩展性,可伸缩性以及自适应性进行了论述,并在第四章中进行了仿真试验,取得了很好的效果。
Intrusion traceback is an important technology in network security aspect,,which is aiming at tracing the real source of attacking, providing precise information for alarm and supplying reliable proof for post-crime testification and improving network system’s security.
In actual network a common attacking means are always adopted by hackers, which will firstly break into some weaker hosts, then attack the terminal objects making the weaker ones as “springboard”. An reliable and universal tracing framework useful in network is required for resolving this attacking means.
Jini is a new distributed system model which is put forword buy Sun company in 1999. In this article Jini was applied in the traceback system. It make the traceback system to be expandable, extensible and self-adaptability. All this make the traceback system is compatible with present exist traceback systems and can be easily deployed broadly in the Internet.
The basic conception of network security and necessity of traceback are introduced in the first chapter. Present traceback technology is described in the second chapter, which emphatically introduces CITRA. According to CITRA, an intrusion traceback framework based on Jini is put forward, whose expandability, extensibility and self-adaptability are discussed. In the fourth chapter simulation experiment is practised . which get excellent result.
引文
[1] [Ande80]James P Anderson, “Computer Security Threat Monitoring and Surveillance,”Technical Report, James P. Anderson Co., Fort Washington, PA, April 1980.
[2] [Asak99] M.Asaka, S.Okazawa, A.Taguchi, and S.Goto, “A Method of Tracing Intruders by Use of Mobile Agents,”INET’99, June 1999.
[3] [Bala98] Jai Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, E. H. Spafford, and Diego Zamboni, “An Architecture for Intrusion Detection using Autonomous Agents,”Department of Computer Sciences, Purdue University; Coast TR 98-05, 1998.
[4] [Braz98] Brazier, F.M.T., Jonker, C.M., and Treur, J., “Principles of Compositional Multi-agent System Development,”In: J. Cuena (ed.), Proceedings of the IFIP’98 Conference on Information Technology and Knowledge Systems, IT&KNOWS’98, Chapman and Hall, 1998.
[5] [Chen96] S. Staniford-Chen, “GrIDS –A Graph Based Intrusion Detection System For Large Networks,”National Computer Security Conference, October 1992.
[6] [Ches95] Chess, D., B. Grosof, C. Harrison, D. Levine, C. Parris, G. Tsudik, “Itinerant Agents for Mobile Computing,”IBM Research Report, RC 20010, March 1995.
[7] [Conn99] Michael Conner, Chirag Patel, Mike Little, “Genetic Algorithm/Artificial Life Evolution of
[8] Security Vulnerability Agents,”Army Research Laboratory Federal Laboratory 3rd Annual Symposium on Advanced Telecommunications & Information Distribution Research Program (ATIRP), February 1999.
[9] [Denn87] Dorothy E. Denning, “An Intrusion Detection Model,”IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, pp. 222-232, February 1987. [Frin98] Frincke, D., Don Tobin, Jesse McConnell, Jamie Marconi, Dean Polla, “A Framework for Cooperative Intrusion Detection,”National Information Systems Security Conference, pp. 361-373,October 1998.
[10] [Helm98] Guy Helmer, Johnny S. K. Wong, Vasant Honavar, and Les Miller, “Intelligent Agents for Intrusion Detection,”Proceedings of the IEEE Information Technology Conference, Syracuse, NY, pp. 121-124, September 1998.
[11] [Hebe90] L.Todd Heberlein, G.V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, D. Wolber., “A Network Security Monitor,”Procceedings of the Symposium on Research in Security and Privacy, pp. 296-304, May 1990.
[12] [Jaco99] Jacobs, S., D. Dumas, W. Booth, M. Little, “Security Architecture for Intelligent Agent Based Vulnerability Analysis,”Proceedings: 3rd Annual Fedlab Symposium on Advanced Telecommunications/Information Distribution Research Program, pp. 447-451, February 1999.
[13] [Jans99] Wayne Jansen, Tom Karygiannis, “Mobile Agents and Security,”NIST Special Publication 800-19, September 1999.
[14] [Karj97] Günter Karjoth, Danny B. Lange, and Mitsuru Oshima, “A Security Model for Aglets,”IEEE Internet Computing, pp. 68-77, August 1997.
[15] [Karj98] G. Karjoth, N. Asokan, and C. Gülcü, “Protecting the Computation Results of Free-Roaming Agents,”Second International Workshop on Mobile Agents, Stuttgart, Germany, September 1998.
[16] [Lang98] Danny Lange and Mitsuru Oshima, Programming and Deploying Java Mobile Agents with Aglets, Addison-Wesley, 1998.
[17] [Lee99] W. Lee, S.J. Stolfo, and K. Mok, “A Data Mining Framework for Building Intrusion Detection Models,”Proceedings of the IEEE Symposium on Security and Privacy, 1999.
[18] [Lunt88] Teresa F. Lunt and R. Jagannathan, “A Prototype Real-Time Intrusion-Detection Expert System,”IEEE Symposium on Security and Privacy, April 1988.
[19] JINI核心技术作者:W.Keith Edwards 译者:王召福任鸿刘作伟出版社:机械工业出版社原出版社: Prentice Hall/Pearson
[20] Smaha, S.E., H协stack: an intrusion detection system, Aerospace Computer Security Applications Conference, 1988., Fourth, 1988,pp. 37 -44
[21] Lunt. T.F et.al., Knowledge-based intrusion detection, Al Systems in Government Conference, 1989,Proceedings of the Annual, pp. 102-107
[21] Lunt, T.F. et.al., IDES: a progress report (Intrusion-Detection Expert System), Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual, 1990,Page(s): 273 -285
[22] L.T. Hebelein, K.N. Levit, and B. Mukhe巧ee, A Method to Detect Intrusive Activity in a Networked Environment, Proc. 14th National Comp. Security Con#, Oct. 1991, pp. 362-71
[23] Shieh, S.W.; Gligor, VD. A pattern-oriented intrusion-detection model and its applications, Research in Security and Privacy, 1991. Proceedings., 1991 IEEE Computer Society Symposium on pp. 327 -342
[24] Debar, H.; Dorizzi, B. An application of a recurrent network to an intrusion detection system, Neural Networks, 1992. IJCNN., International Joint Conference on, 1992, pp. 478 -483 vol.2
[25] J.Hochberg et.al, NADIR: An Automated System for Detecting Network Intrusion and Misuse, Comp.& Security, Vol. 12, no. 3, 1993, pp. 235-88
[26] Mukherjee, B.; Heberlein, L.T.; Levit, K.N., Network intrusion detection, IEEE Network, May-June 1994 Vol. 8 3,pp. 26 -41
[27] M. Crosbie and E.H. Spaford. Active defense of a computer system using autonomous agents. Technical report, Department of Computer Science, CSD-TR-95-008, Purdue University, West Lafayette IN, 1995
[28] Mounji, A.; Le Charlier, B.; Zampunieris, D.; Habra, N., Distributed audit trail analysis, Network and Distributed System Security, 1995., Proceedings of the Symposium on, pp. 102一112
[29] Esmaili, M.; Balachandran, B.; Safavi-Naini, R.; Pieprzyk, J., Case-based reasoning for intrusion detection, Computer Security Applications Conference, 1996., 12th Annual, 1996, pp. 214 -223
[30] Bishop, M.; Cheung, S.; Wee, C. The threat from the net [Internet security], IEEE Spectrum, Aug. 1997, vol. 34 8, pp. 56 -63
[31] Kosoresow, A.E; Hofmeyer, S.A., Intrusion detection via system call traces, IEEE Software, Sept. Oct. 1997, Vol. 14 5,pp. 35 -42
[32] Shiuh-Pyng Shieh; Gligor, VD., On a pattern-oriented model for intrusion detection, Knowledge and Data Engineering, IEEE Transactions on, July-Aug. 1997 Volume: 9 4, pp. 661 -667
[33] Venkatesan, R.M.; Bhatacharya, S., Threat-adaptive security policy, Performance, Computing, and Communications Conference, 1997. IPCCC 1997., IEEE International, 1997,pp. 525 -531
[34] Bonifacio, J.M.et.al, Neural networks applied in intrusion detection systems, Neural Networks Proceedings, 1998. IEEE World Congress on Computational Intelligence. The1998 IEEE International Joint Conference on, 1998, Page(s): 205 -210 vol. I
[35] Helmer, G.G.; Wong, J.S.K.; Honavar, V.; Miller, L., Intelligent agents for intrusion detection, Information Technology Conference, 1998. IEEE, pp. 121一124
[36] Nong Ye; Giordano, J.; Feldman, J.; Qiu Zhong, Information fusion techniques for network intrusion detection, Information Technology Conference, 1998. IEEE, pp. 117一120
[37] D.Frinke, T.Johnson, J. Marconi, and D. Polla, Towards a distributed architecture for cooperative intrusion detection, 2002
[38] (美)匿名著,网络安全技术内幕,机械工业出版社,1999
[39] 张小斌、严望佳著,黑客分析与防范技术,清华大学出版社,1999
[40] (美)Terry Escamilla著,入侵者检测,电子工业出版社,1999
[41] (美)Stephen Northcut著,网络入侵检测分析员手册,人民邮电出版社,2000
[42] (美)Thomas A. Wadlow著,网络安全实施方法,人民邮电出版社,2000
[43] (美)McClure, Secmbray, Kurtz著,黑客大曝光,2000
[44] D. Denning, An Intrusion Detection Model, Proc. 1986 IEEE Symp. on Security and Privacy, Apr. 7-9,pp. 118-31
[2] [Asak99] M.Asaka, S.Okazawa, A.Taguchi, and S.Goto, “A Method of Tracing Intruders by Use of Mobile Agents,”INET’99, June 1999.
[3] [Bala98] Jai Balasubramaniyan, Jose Omar Garcia-Fernandez, David Isacoff, E. H. Spafford, and Diego Zamboni, “An Architecture for Intrusion Detection using Autonomous Agents,”Department of Computer Sciences, Purdue University; Coast TR 98-05, 1998.
[4] [Braz98] Brazier, F.M.T., Jonker, C.M., and Treur, J., “Principles of Compositional Multi-agent System Development,”In: J. Cuena (ed.), Proceedings of the IFIP’98 Conference on Information Technology and Knowledge Systems, IT&KNOWS’98, Chapman and Hall, 1998.
[5] [Chen96] S. Staniford-Chen, “GrIDS –A Graph Based Intrusion Detection System For Large Networks,”National Computer Security Conference, October 1992.
[6] [Ches95] Chess, D., B. Grosof, C. Harrison, D. Levine, C. Parris, G. Tsudik, “Itinerant Agents for Mobile Computing,”IBM Research Report, RC 20010, March 1995.
[7] [Conn99] Michael Conner, Chirag Patel, Mike Little, “Genetic Algorithm/Artificial Life Evolution of
[8] Security Vulnerability Agents,”Army Research Laboratory Federal Laboratory 3rd Annual Symposium on Advanced Telecommunications & Information Distribution Research Program (ATIRP), February 1999.
[9] [Denn87] Dorothy E. Denning, “An Intrusion Detection Model,”IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, pp. 222-232, February 1987. [Frin98] Frincke, D., Don Tobin, Jesse McConnell, Jamie Marconi, Dean Polla, “A Framework for Cooperative Intrusion Detection,”National Information Systems Security Conference, pp. 361-373,October 1998.
[10] [Helm98] Guy Helmer, Johnny S. K. Wong, Vasant Honavar, and Les Miller, “Intelligent Agents for Intrusion Detection,”Proceedings of the IEEE Information Technology Conference, Syracuse, NY, pp. 121-124, September 1998.
[11] [Hebe90] L.Todd Heberlein, G.V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, D. Wolber., “A Network Security Monitor,”Procceedings of the Symposium on Research in Security and Privacy, pp. 296-304, May 1990.
[12] [Jaco99] Jacobs, S., D. Dumas, W. Booth, M. Little, “Security Architecture for Intelligent Agent Based Vulnerability Analysis,”Proceedings: 3rd Annual Fedlab Symposium on Advanced Telecommunications/Information Distribution Research Program, pp. 447-451, February 1999.
[13] [Jans99] Wayne Jansen, Tom Karygiannis, “Mobile Agents and Security,”NIST Special Publication 800-19, September 1999.
[14] [Karj97] Günter Karjoth, Danny B. Lange, and Mitsuru Oshima, “A Security Model for Aglets,”IEEE Internet Computing, pp. 68-77, August 1997.
[15] [Karj98] G. Karjoth, N. Asokan, and C. Gülcü, “Protecting the Computation Results of Free-Roaming Agents,”Second International Workshop on Mobile Agents, Stuttgart, Germany, September 1998.
[16] [Lang98] Danny Lange and Mitsuru Oshima, Programming and Deploying Java Mobile Agents with Aglets, Addison-Wesley, 1998.
[17] [Lee99] W. Lee, S.J. Stolfo, and K. Mok, “A Data Mining Framework for Building Intrusion Detection Models,”Proceedings of the IEEE Symposium on Security and Privacy, 1999.
[18] [Lunt88] Teresa F. Lunt and R. Jagannathan, “A Prototype Real-Time Intrusion-Detection Expert System,”IEEE Symposium on Security and Privacy, April 1988.
[19] JINI核心技术作者:W.Keith Edwards 译者:王召福任鸿刘作伟出版社:机械工业出版社原出版社: Prentice Hall/Pearson
[20] Smaha, S.E., H协stack: an intrusion detection system, Aerospace Computer Security Applications Conference, 1988., Fourth, 1988,pp. 37 -44
[21] Lunt. T.F et.al., Knowledge-based intrusion detection, Al Systems in Government Conference, 1989,Proceedings of the Annual, pp. 102-107
[21] Lunt, T.F. et.al., IDES: a progress report (Intrusion-Detection Expert System), Computer Security Applications Conference, 1990., Proceedings of the Sixth Annual, 1990,Page(s): 273 -285
[22] L.T. Hebelein, K.N. Levit, and B. Mukhe巧ee, A Method to Detect Intrusive Activity in a Networked Environment, Proc. 14th National Comp. Security Con#, Oct. 1991, pp. 362-71
[23] Shieh, S.W.; Gligor, VD. A pattern-oriented intrusion-detection model and its applications, Research in Security and Privacy, 1991. Proceedings., 1991 IEEE Computer Society Symposium on pp. 327 -342
[24] Debar, H.; Dorizzi, B. An application of a recurrent network to an intrusion detection system, Neural Networks, 1992. IJCNN., International Joint Conference on, 1992, pp. 478 -483 vol.2
[25] J.Hochberg et.al, NADIR: An Automated System for Detecting Network Intrusion and Misuse, Comp.& Security, Vol. 12, no. 3, 1993, pp. 235-88
[26] Mukherjee, B.; Heberlein, L.T.; Levit, K.N., Network intrusion detection, IEEE Network, May-June 1994 Vol. 8 3,pp. 26 -41
[27] M. Crosbie and E.H. Spaford. Active defense of a computer system using autonomous agents. Technical report, Department of Computer Science, CSD-TR-95-008, Purdue University, West Lafayette IN, 1995
[28] Mounji, A.; Le Charlier, B.; Zampunieris, D.; Habra, N., Distributed audit trail analysis, Network and Distributed System Security, 1995., Proceedings of the Symposium on, pp. 102一112
[29] Esmaili, M.; Balachandran, B.; Safavi-Naini, R.; Pieprzyk, J., Case-based reasoning for intrusion detection, Computer Security Applications Conference, 1996., 12th Annual, 1996, pp. 214 -223
[30] Bishop, M.; Cheung, S.; Wee, C. The threat from the net [Internet security], IEEE Spectrum, Aug. 1997, vol. 34 8, pp. 56 -63
[31] Kosoresow, A.E; Hofmeyer, S.A., Intrusion detection via system call traces, IEEE Software, Sept. Oct. 1997, Vol. 14 5,pp. 35 -42
[32] Shiuh-Pyng Shieh; Gligor, VD., On a pattern-oriented model for intrusion detection, Knowledge and Data Engineering, IEEE Transactions on, July-Aug. 1997 Volume: 9 4, pp. 661 -667
[33] Venkatesan, R.M.; Bhatacharya, S., Threat-adaptive security policy, Performance, Computing, and Communications Conference, 1997. IPCCC 1997., IEEE International, 1997,pp. 525 -531
[34] Bonifacio, J.M.et.al, Neural networks applied in intrusion detection systems, Neural Networks Proceedings, 1998. IEEE World Congress on Computational Intelligence. The1998 IEEE International Joint Conference on, 1998, Page(s): 205 -210 vol. I
[35] Helmer, G.G.; Wong, J.S.K.; Honavar, V.; Miller, L., Intelligent agents for intrusion detection, Information Technology Conference, 1998. IEEE, pp. 121一124
[36] Nong Ye; Giordano, J.; Feldman, J.; Qiu Zhong, Information fusion techniques for network intrusion detection, Information Technology Conference, 1998. IEEE, pp. 117一120
[37] D.Frinke, T.Johnson, J. Marconi, and D. Polla, Towards a distributed architecture for cooperative intrusion detection, 2002
[38] (美)匿名著,网络安全技术内幕,机械工业出版社,1999
[39] 张小斌、严望佳著,黑客分析与防范技术,清华大学出版社,1999
[40] (美)Terry Escamilla著,入侵者检测,电子工业出版社,1999
[41] (美)Stephen Northcut著,网络入侵检测分析员手册,人民邮电出版社,2000
[42] (美)Thomas A. Wadlow著,网络安全实施方法,人民邮电出版社,2000
[43] (美)McClure, Secmbray, Kurtz著,黑客大曝光,2000
[44] D. Denning, An Intrusion Detection Model, Proc. 1986 IEEE Symp. on Security and Privacy, Apr. 7-9,pp. 118-31