標題: 一個為阻絕服務攻擊的蠕蟲免疫服務專家系統
WISE:A Worm Immune Service Expert system for denial of service attacks
作者: 吳政霖
Cheng-Lin Wu
曾憲雄
Shian-Shyong Tseng
資訊科學與工程研究所
關鍵字: 蠕蟲;專家系統;知識庫;變異物件;知識擷取;worm;expert system;knowledge base;VODKA;knowledge acquisition
公開日期: 2004
摘要: 隨著網路快速的發展,蠕蟲感染和傳播的速度也隨之增快.除此之外,新型變種蠕蟲的產生也越來越快.因此在本論文中我們利用VODKA來幫助專家容易的找出這些變種蠕蟲.VODKA是一個發現變異物件的知識擷取方法,找出隱藏在實際世界中的變異物件。另外,目前網路關於蠕蟲的技術文件大都缺乏結構化,所以想要透過資料探勘的方式找出知識是不容易的,因此,我們藉由兩階段知識擷取,先建構概念階層,再透過階層式表格法進行蠕蟲的知識擷取動作,最後建構出整體系統的蠕蟲知識庫。 通常當使用者的系統發生異常狀況時,使用者常常會藉由察覺到的徵狀到搜尋引擎找尋相關資料也因此而浪費了不少時間.為了幫助使用者能夠夠容易的發現蠕蟲危害,我們提出一個為阻絕服務攻擊的蠕蟲免疫服務專家系統並且也完成包含三個模組的系統之實作.此三個模組包含了:診斷模組、教學模組和學習模組,分別用來幫助使用者偵測系統的安全狀況、教導使用者在面對蠕蟲時如何防禦和透過VODKA來協助專家找出變種蠕蟲.
With the rapid development of Internet, the worm can spread and infect other computers quickly. Besides, new variant worm is evolving too fast, so we need some efficient approaches to discover it. Therefore, we use VODKA approach to help experts discover these variant worms easily in this thesis. The Variant Object Discovering Knowledge Acquisition (VODKA) is a method of finding a new object from the inference results. And most of worm technological documents are non-structured, so discovery of knowledge by data mining is not easy. We use a Two-Phase Knowledge Acquisition methodology is proposed to acquire the concept hierarchy of worm first and then to extract knowledge of worms based upon hierarchical repertory grids adjustment from experts. Last, we will construct the knowledge base of worm. When worm infects the system, the users perceive some abnormal behaviors. The users usually will usually input what he or she looks to the search engine on the network and looks for the solution. Such a way consume large time look for correct solutions. Consequently, we propose and implement a worm immune service expert system (WISE) to the user. WISE contains three modules: diagnosis module, tutorial module and discovery module for detecting the security status of machines, teaching users how to defense threat of worms and learning variant worm by VODKA respectively.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT009223580
http://hdl.handle.net/11536/76631
Appears in Collections:Thesis