Please use this identifier to cite or link to this item:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/21341
Title: | 分散式系統之防禦偵測方法設計與實作 Design and Implementation of a Distributed Architecture for Vulnerability Scanning and Intrusion Prevention |
Authors: | Shi-Kai Huang 黃詩凱 |
Advisor: | 顏嗣鈞 |
Keyword: | 分散式系統,安全,滲透掃描, Distributed System,Security,Scanning, |
Publication Year : | 2019 |
Degree: | 碩士 |
Abstract: | 在這個網路攻擊日益興盛的資訊年代,防火牆、入侵偵測系統、入侵預防系統等防禦性軟硬體產品也逐年增加,舉凡Amazon的CloudFront、Web Application Firewall著名的ModSecurity等都是類似概念下衍伸出的產品。但這些防禦性產品都容易出現安全盲點,舉例像大部分入侵偵測系統在偵測到攻擊流量特徵時,會採取阻擋IP位址的黑名單方法來防禦攻擊者,但這類方法治標不治本,並沒有真正解決系統問題,也容易使系統網管陷入自以為安全的誤區。
在本篇論文中,我們將提出一種較前人方法更佳的系統測試框架,能夠針對前面提到的黑名單機制的防禦性產品做一個全面性的檢測,期望能解決前面所提的安全盲點問題。我們透過雲端分散式的架構來將測試流量分散,其既可以混淆偵測機制,也可以躲避黑名單阻擋機制,並且對測試速度來說有顯著的提升。而此種方法,不僅可以視為資訊安全專家、公司企業一個自我檢測設備防禦程度的工具,也能給防禦性產品開發人員當作一個測試指標。 在過去的方法中,普遍是以單純規則層面上的手法去試著繞過這類安全性產品的黑名單阻擋機制。或者是以少量預先開好抑或是原本自身就擁有多台機器的條件上,去對安全性產品做單一類別的掃描、測試。這些條件對於一般小型公司或資訊安全研究員來說,並不是一個很完善的好方法,故此篇論文主要的貢獻在於:第一、提出一個自動化的開關機器方法 (Auto-scaling),第二、不僅僅局限於單一類別的掃描、測試,而是支援多種類型的常見掃描、測試方法,第三、提出一種高效率、低支出的演算法,能夠在較短時間內完成任務,降低金錢與時間成本。 In this Internet era, cyber attacks happen every second. The safety of network environments rely more and more on firewalls, intrusion prevention systems and intrusion detection systems. Noteable products include Amazon’s CloudFront and the popular Web Application Firewall product ModSecurity. These defense products usually have some security blind spots. When they detect malicious requests, they often directly block the source IP address to prevent further attacks. Such a method is not the best way for defensing cyber attack, because the attacker might be able to bypass the above defense systems. In this thesis, we will introduce a better system testing method and implement a testing framework for detecting previous blacklist bypassing problems. It will use a better scanning method to test the IP-based blacklist defense products, and this framework will automatically create lots of cloud instances to dodge the detection from Amazon EC2 or Google GCP, and so on. This method can confuse a WAF/IDS detection mechanism and it can speed up the scanning time and promote the coverage rate. In the past, researchers usually use rule-based methods to bypass a WAF/IDS detection mechanism. But when WAF/IDS rules become stronger, these methods will become useless for pentesters or researchers. As many companies do not have enough resources to build a huge testing environment to test their products, our goal is to introduce a frugal and faster method and algorithm to find vulnerabilities in their products. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/21341 |
DOI: | 10.6342/NTU201903038 |
Fulltext Rights: | 未授權 |
Appears in Collections: | 電機工程學系 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
ntu-108-1.pdf Restricted Access | 3.97 MB | Adobe PDF |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.