網路安全監控行為之實作與分析

Abstract

隨著電子商務及網際網路的普及，故網路的安全問題也受到重視，然而分散阻絕服務 ( Denial of Service )的攻擊不僅一般的網站無法解決，就連知名的網路大站也同樣無法抵擋，其攻擊者彈指間的動作，往往令企業損失甚重；而世界各國的資訊戰也不斷的上演，足以了解資訊安全所帶來的影響之大。

本論文將以NIDS Snort為例實作與分析網路攻擊行為之程序，並將入侵事件記錄分級後，利用不同的記錄等級將來源IP address標示成可疑、威脅、惡意等三個狀態存放在IP狀態資料庫中，最後以不同的記錄分級與IP address狀態來提供網管人員不同重要層次的記錄資料，以減輕記錄過多的問題。

As the E-Commerce and the internet become popular, people pay much more attention to the security issues of internet. However, Denial of Service attacks cannot be solved by ordinary websites; nor did by the famous ones. Usually, just in a second, it caused enterprises lost a lot. Moreover, information warfare is fiercer around the world. Therefore, people know that information security plays a big role.

This thesis will take NIDS Snort as an example to analyze the procedure of network attacks. The records will also be stored in IP status database by 3 kinds of IP address sources which marked in doubtful, baleful, and despiteful. Finally, by different record categories and IP address status, MIS staff can focus on the important ones among the huge records.