MONITORING AND BEHAVIOR ANALYSIS OF NETWORK SECURITY SYSTEMS

• Main Authors: SHEN, WEN-CHU, 沈文吉
• Other Authors: Yeali S. Sun
• Format: Others
• Language: zh-TW
• Published: 2001
• Online Access: http://ndltd.ncl.edu.tw/handle/38956676282567723307

碩士 === 國立臺灣大學 === 資訊管理研究所 === 89 === The network security problem will be more importance because the popular of Internet and Electric Business. Distributed denial of service attack not only successful on ordinary company, but also the well-known company such as Yahoo. The attacker''s click action will make the business lost much transaction. The impact of information security will more serious such as the war of information. This paper will discuss the distributed denial of service attack and its defense. But we think that the real solution is to enhance the protection of every host. After that, the attacker will unable to construct the network of DDoS. The Network-based Intrusion Detection System is a good solution before overall individual protection. A subnet only need one IDS to monitor all the hosts. But the IDS have a common problem-large log data. For this problem, we analyse the behavior of attack and use NIDS snort to implement. Leveling rule as four levels-Emergency, Alert, Warning and Notification. Using the level of event log to mark ip as Hostile state, Threatening state and Suspicious state. The state and ip address will be saved in an IP-State database. Last, we use different rule level and IP state to differentiate the importance of the log for network administrator. We hope that will alleviate the problem of large log data.