A study of high sensitive illegal access detection system using distributed and cooperative scan detecting method.

采用分布式协同扫描检测方法的高灵敏非法访问检测系统研究

• 批准号: 13558038
• 负责人: KATO Nei
• 金额: $ 2.56万
• 依托单位: Tohoku University
• 依托单位国家: 日本
• 项目类别: Grant-in-Aid for Scientific Research (B)
• 财政年份: 2001
• 资助国家: 日本
• 起止时间: 2001 至 2002
• 项目状态: 已结题
• 来源: https://kaken.nii.ac.jp/en/grant/KAKENHI-PROJECT-13558038/
• 关键词: distributed and cooperative detection system; illegal access; scan; high sensitive detection; 検出; 分散協調

In recent years, networks without sharing the common media come into wide use. The SCAN, a sign of illegal accesses has become very difficult to detect for their crafty trick.In this research, we have proposed a distributed and cooperative manner to detect these SCANs successfully by dispersing the NIDSs on monitoring locations of networks. The simulation of using real networks data showed effectiveness of our proposed method. Comparing the traditional methods, the proposed method can detect SCANs in short time. Furthermore, the proposed method can restrain redundant control messages, so that only small amount of traffic between the manager and NIDSs are needed for managing the system. From these results, we can say this research has achieved its goal.

近年来，不共享公共媒体的网络得到广泛使用。 SCAN作为非法访问的标志，因其狡猾的伎俩而变得很难检测。在本研究中，我们提出了一种分布式协作方式，通过将NIDS分散在网络的监控位置来成功检测这些SCAN。使用真实网络数据的模拟表明了我们提出的方法的有效性。与传统方法相比，该方法可以在短时间内检测到SCAN。此外，所提出的方法可以抑制冗余控制消息，因此管理器和NIDS之间只需要少量的流量来管理系统。从这些结果来看，我们可以说本研究达到了目的。

项目成果

Ryouta ABURAKAWA: "An Early Warning System for Illegal Access based on Distributed Network Monitoring"IEICE Trans. on Commun.(in press), (in Japanese).

Ryouta ABURAKAWA：“基于分布式网络监控的非法访问预警系统”IEICE Trans。

坂口 薫: "2次計画法を用いたトラヒックパターンの比較によるDOSの追跡手法の提案"電子情報通信学会技術研究報告. CS2001-89. 15-22 (2001)

Kaoru Sakaguchi：“通过使用二次规划比较流量模式提出 DOS 跟踪方法” IEICE 技术研究报告 15-22 (2001)。

Kaoru SAKAGUCHI: "Tracing DDoS Attacks by Comparing Traffic Patterns based no Quadratic Programming Method"IEICE Trans. on Commun.. J85-B, No.8. pp.1295-1303 (2002)

Kaoru SAKAGUCHI：“通过比较基于非二次规划方法的流量模式来跟踪 DDoS 攻击”IEICE Trans。

坂口 薫: "2次計画法に基づいたトラヒックパターンの比較によるDoSの追跡"電子情報通信学会論文誌(B). J85・B・7. 1295-1303 (2002)

Kaoru Sakaguchi：“通过比较基于二次规划的流量模式来跟踪 DoS”，电子信息通信工程师学会汇刊 (B) 1295-1303 (2002)。

Akira KANAMARU: "Proposal and Evaluation of Multi Stage Distributed Traffic Monitoring System"IEICE Trans. on Commun.. J85-B, No.8. pp.1285-1294 (2002)

Akira KANAMARU：“多级分布式交通监控系统的建议和评估”IEICE Trans。