Design and Implementation of a Distributed Architecture for Vulnerability Scanning and Intrusion Prevention

• Main Authors: Shi-Kai Huang, 黃詩凱
• Other Authors: 顏嗣鈞
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/95ca43

碩士 === 國立臺灣大學 === 電機工程學研究所 === 107 === In this Internet era, cyber attacks happen every second. The safety of network environments rely more and more on firewalls, intrusion prevention systems and intrusion detection systems. Noteable products include Amazon’s CloudFront and the popular Web Application Firewall product ModSecurity. These defense products usually have some security blind spots. When they detect malicious requests, they often directly block the source IP address to prevent further attacks. Such a method is not the best way for defensing cyber attack, because the attacker might be able to bypass the above defense systems. In this thesis, we will introduce a better system testing method and implement a testing framework for detecting previous blacklist bypassing problems. It will use a better scanning method to test the IP-based blacklist defense products, and this framework will automatically create lots of cloud instances to dodge the detection from Amazon EC2 or Google GCP, and so on. This method can confuse a WAF/IDS detection mechanism and it can speed up the scanning time and promote the coverage rate. In the past, researchers usually use rule-based methods to bypass a WAF/IDS detection mechanism. But when WAF/IDS rules become stronger, these methods will become useless for pentesters or researchers. As many companies do not have enough resources to build a huge testing environment to test their products, our goal is to introduce a frugal and faster method and algorithm to find vulnerabilities in their products.