利用動態叢集技術所建構之高效能及具可靠性之入侵防禦系統

Jung-Feng Lin; 林峻鋒

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/29738

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	雷欽隆
dc.contributor.author	Jung-Feng Lin	en
dc.contributor.author	林峻鋒	zh_TW
dc.date.accessioned	2021-06-13T01:16:52Z	-
dc.date.available	2007-07-23
dc.date.copyright	2007-07-23
dc.date.issued	2007
dc.date.submitted	2007-07-19
dc.identifier.citation	[1] M. Shoaib Alam, Qasim Javed, Dr M. Akbar, M. Raza Ur Rehman, M. Bilal Anwer, “Adaptive Load Balancing Architecture for Snort,” Proceedings of IEEE In-terna-tional Conference on Networking and Communication (INCC 204). pp. 48-52, June 2004 [2] S. Antonatos, K. G. Anagnostakis, E. P. Markatos, M. Polychronakis, “Performance Analysis of Content Matching Intrusion Detection Systems,” Proceedings of In-ternational Symposium on Applications and the Internet, 2004. [3] “Intel IXP425 Network Processor,” Intel, Corporation, http://www.intel.com/design/network/products/npfamily/ixp425.htm [4] Young Bae Jang and Jung Wan Cho, “A Cluster-Based Router Architecture for Massive and Various Computations in Active Networks”, Proceedings of 17th In-ternational Conference on Information Networking (ICOIN 2003), LNCS 2662, pp. 326-335, February 2003. [5] Hans Kellerer, Ulrich Pferschy, and David Pisinger, “Knapsack Problems,” Springer-Verlag GmbH, ISBN: 3-540-40286-1, October 2004. [6] David Kettler, Hank Kafka, and Dan Spears, “Driving Fiber to the Home,” IEEE Communications Magazine Vol. 38, No. 11, pp. 106-110, 2000. [7] Christopher Kruegel, Fredrik Valeur, Giovanni Vigna, and Richard Kemmerer, “Stateful Intrusion Detection for High-Speed Networks,” Proceedings of IEEE Symposium on Security and Privacy, pp. 285-293, 2002 [8] “Windows 2000 Network Load Balancing Technical Overview,” Microsoft Cor-poration, http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/nlbovw.mspx. [9] David C. Plummer, “Ethernet Address Resolution Protocol,” RFC 826, November 1982. [10] Martin Roesch, 'Snort - lightweight intrusion detection for networks,' Proceedings of the 13th USENIX conference on System administration, pp. 229-238, 1999. [11] Martin Roesch, “Writing Snort Rules,” http://www.ussrback.com/docs/papers/IDS/snort_rules.htm [12] Rusty Russell and Harald Welte, “Linux netfilter Hacking HOWTO,” http://www.netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO.html [13] Lambert Schaelicke, Thomas Slabach, Branden Moore, and Curt Freeland, 'Char-acterizing the Performance of Network Intrusion Detection Sensors,' Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection (RAID 2003), vol. 2820, pp. 155-172, September 2003 [14] Lambert Schaelicke, Kyle Wheeler and Curt Freeland, “SPANIDS: A Scalable Network Intrusion Detection Loadbalancer,” Proceedings of Computing Frontiers, ACM Press, pp. 315-322, 2005 [15] Rich Seifert, “The Switch Book: The Complete Guide to LAN Switching Tech-nology,” ISBN 0-471-34586-5 [16] Haoyu Song, Todd Sproull, Mike Attig, John Lockwood, “Snort offloader: a re-configurable hardware NIDS filter,” Proceedings of International Conference on Field Programmable Logic and Applications, August 2005. [17] “Snort - the de facto standard for intrusion detection/prevention,” Sourcefire, Inc.,http://www.snort.org/ [18] “Sourcefire Network Securty – Security for the Real Worldfor the Real World,” Sourcefire, Inc., http://www.sourcefire.com/ [19] Spirent Communications, Inc., “Highest Port Density Performance Analysis Sys-tem – SmartBits 6000C,” Data Sheet 360-1061-001 Rev B, April 2004. On-Line Available at http://www.spirentcom.com/documents/1050.pdf. [20] Pan-Lung Tsai, Chun-Ying Huang, Yun-Yin Huang, Chia-Chang Hsu, and Chin-Laung Lei, “A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec VPNs,” Proceedings of 12th IEEE International Confer-ence onHigh Performance Computing (HiPC 2005), LNCS 3769, pp. 432-443, December 2005. [21] Sujit Vaidya and Kenneth J. Christensen, “A Single System Image Server Cluster Using Duplicated MAC and IP Addresses,” Proceedings of 26th IEEE Conference on Local Computer Networks (LCN 2001), pp. 206-214, November 2001. [22] Chih-Chiang Wu, Sung-Hua Wen, Nen-Fu Huang, and Chia-Nan Kao, “A pattern matching coprocessor for deep and large signature set in network security system,” Proceedings of IEEE Global Telecommunications Conference (GLOBE-COM '05), December 2005. [23] Konstantinos Xinidis, Ioannis Charitakis, Spiros Antonatos, Kostas G. Anag-nostakis, and Evangelos P. Markatos,“ An Active Splitter Architecture for Intrusion Detection and Prevention”, IEEE Transactions on Dependable and Secure Computing. Vol. 3, no. 1, pp. 31-44, Jan.-Mar 2006 [24] Seungyong Yoon, Byoungkoo Kim, Jintae Oh, “High-Performance Stateful Intru-sion Detection System,” Proceedings of International Conference on Computational Intelligence and Security, November 2006.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/29738	-
dc.description.abstract	在今日的社會中，網路的安全性已經廣為各大組織機構所重視。越來越多的安全性系統被裝設以保護網際網路上的裝置及通訊。網路入侵防禦系統是其中一種可以詳細分析網路內容及主動阻擋有害封包的安全系統。而由於網路連線頻寬大量成長及需要進行越來越多的複雜檢查，對於高效能網路入侵防禦系統的需求也隨之日益增加。在本篇論文中，我們提出了一種叢集式架構，藉由集合多台裝置之力來共同實作出一個高效能的網路入侵防禦系統。在此架構下，流量將會自動的分散到各個裝置中，而且流量再分配機制可以使系統達成動態負載平衡的效果。基於叢集系統的架構，我們也設計了一個網路流量搬動機制使系統能夠更快速的反應網路流量的變化而達成負載平衡的狀態。這個叢集架構同時也支援容錯機制以及動態擴充的功能而不須停止系統。我們安裝了一個知名的入侵防禦系統『Snort』在叢集系統的每台電腦上，並實作出上述的機制於嵌入式Linux系統核心模組中。最後從實驗及實作中驗證我們所提出的方法可以應用在建構高效能及具可靠性的網路入侵防禦系統。	zh_TW
dc.description.abstract	Security has become a big issue for all organizations in today's network environ-ment. More and more systems have been developed to secure the network infrastructure and communication over the Internet. Network intrusion prevention system (NIPS) is a kind of security system which can perform deeply content inspection and block the sus-pected packets. The demand for high performance NIPS is driven by the growing bandwidth available and the more complex packet inspection. In this thesis, we propose a clustering scheme by aggregating several devices to provide high throughput and im-plement the network intrusion prevention system over a cluster. The proposed scheme makes incoming traffic self-dispatched and applies traffic redistribution to keep the load of devices balanced. Base on the cluster scheme, we design a dynamic migration ap-proach to fast achieve the state of load balance with the variance of network. This clus-tering scheme also supports the fault tolerance and dynamic expansion without shutting down the system. Based on the designed architecture, we deploy Snort, which is a well-known and popular NIPS, on each device of the cluster and implement all the pro-posed mechanisms as kernel modules over embedded Linux. According to the results of performance evaluation, we can successfully build a high performance, dependable NIPS by means of the proposed schemes over the designed in-line device cluster.	en
dc.description.provenance	Made available in DSpace on 2021-06-13T01:16:52Z (GMT). No. of bitstreams: 1 ntu-96-R94921107-1.pdf: 450197 bytes, checksum: ace0c780bbc35041b85a0f57e7d05347 (MD5) Previous issue date: 2007	en
dc.description.tableofcontents	誌謝 i 摘要 ii Abstract iii Content iv List of Figures v Chapter 1 Introduction 1 Chapter 2 Related Works 5 2.1 Performance Improvement and Load Dispatching 5 2.1.1 Clustering with Traffic Dispatchers 8 2.1.2 Clustering with Self-Dispatching Mechanisms 9 2.2 IDS and IPS 10 2.2.1 IDS 10 2.2.2 IPS 12 2.2.3 Snort 14 Chapter 3 Clustering of NIPS 17 3.1 System Architecture 17 3.2 Traffic Dispatching Mechanism 19 3.3 Clustering with Traffic Redistribution 21 3.3.1 Virtual Device 22 3.3.2 Virtual Device Migration 24 3.3.3 Migration Strategy 26 3.4 Fault-Tolerance and Dynamic Expansion Mechanism 28 Chapter 4 Implementation and Experiments 32 4.1 The Experiment Environment 32 4.2 Experiment Results 35 Chapter 5 Simulation 39 5.1 Migration Approaches 39 5.2 Cluster Size 41 5.3 Detection Rate 42 Chapter 6 Conclusions 47 Reference 49
dc.language.iso	en
dc.subject	動態負載平衡	zh_TW
dc.subject	高效能封包處理	zh_TW
dc.subject	入侵防禦系統	zh_TW
dc.subject	叢集式架構	zh_TW
dc.subject	load balance	en
dc.subject	fault tolerant	en
dc.subject	high performance packet process	en
dc.subject	IPS	en
dc.subject	cluster	en
dc.title	利用動態叢集技術所建構之高效能及具可靠性之入侵防禦系統	zh_TW
dc.title	A High-Performance Dependable Network Intrusion Prevention System with Adaptive Clustering	en
dc.type	Thesis
dc.date.schoolyear	95-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	黃秋煌,莊文勝,劉立
dc.subject.keyword	高效能封包處理,入侵防禦系統,叢集式架構,動態負載平衡,	zh_TW
dc.subject.keyword	high performance packet process,IPS,cluster,load balance,fault tolerant,	en
dc.relation.page	52
dc.rights.note	有償授權
dc.date.accepted	2007-07-19
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-96-1.pdf 未授權公開取用	439.65 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。