資安技術真實流量實地評比---子計畫二：資安技術網站應用防火牆、攻擊防禦與點對點應用控制之真實流量評比(資訊安全技術)

Abstract

根據『Symantec Internet Security Threat Report』2007年第一季的報告指出，有高達66%的新型態攻擊都是與web application有關的；以往的資安威脅大多是針對網路層或是系統底層，有越來越多的新型態網路攻擊是針對應用層、網路應用服務或是系統本身的漏洞而來；可能是利用程式碼間的漏洞，也有可能是把攻擊夾帶在檔案或是可植入程式碼的圖片中再予以散佈，尤其是以透過Peer-to-Peer 應用服務影響更大，因為使用者可能不清楚檔案來源主機是否安全；現今的network firewall及IDS/IPS如果沒有持續地更新系統、病毒碼及特徵碼的話，將只適用約25%的網路攻擊，因為有高達75%的網路攻擊將超出其偵測能力範圍。 本計畫將著重於資安偵測防禦系統測試平台之建置與測試評比網路應用程式防火牆(WAF)、入侵預防系統(IPS)及點對點控管(Peer-to-Peer Control)三項資安偵防技術；結合流量錄製、流量萃取、資訊重組、資訊詢問及流量重播技術，重播真實網路流量來找出任何潛在的資安威脅或是已發展的資安偵防技術不足之處。預期在一年內可以發展出WAF、IPS及P2P control三類Specific資安技術之實地與重播測試技術，發表這三類資安技術相關之專利與論文如: malicious webpage scoring、extracting ambiguous sessions with IPS、QoE of P2P streaming、evasion survey，研發多個網路監測點錄製流量的工具以及可萃取這三類資安技術相關流量內容的萃取工具，同時將執行至少上三件以上的資安產品測試案。

According to Symantec Internet Security Threat Report in the first quarter of 2007, threats for web applications and web applications related are as high as 66% of new types of attacks. Former security threats mostly aimed at network or system level, but nowadays more and more threats aim at application layer, application service and system vulnerabilities. They may use unsafe programs or be attached or implanted in the picture to distribute widespread, especially by peer-to-peer applications that users even have no ideas about which peers they exchange information with. If network firewalls or IDS/IPS don’t continue to upgrade their systems, virus definitions and signatures, they would fail to detect the newest network threats. They may only be applied to 25% of network threats because 75% of attacks are beyond their detection capabilities. The project will focus on the building of security detection/protection system and the benchmarking of three types of security technologies-Web Application Firewall (WAF), Intrusion Prevention System (IPS) and Peer-to-Peer Control. Combined five benchmarking technologies-traffic recording, traffic extraction, information reorganization, querying, and traffic replaying with real flows, we can discover and resolve any potential network threats and find out the advantages/disadvantages of the security technologies. This project aims to develop security techlogies about WAF, IPS, P2P Control capturing, extracting and replaying and to propose related patents and papers, including malicious webpage scoring, extracting ambiguous sessions with IPS, QoE of P2P streaming, evasion survey. Besides, at least three testing cases are also executed.