A Learning Based Illegal Access Detection and Prevention System for Next Generation Network

基于学习的下一代网络非法接入检测与预防系统

• 批准号: 15300011
• 负责人: KATO Nei
• 金额: $ 3.97万
• 依托单位: Tohoku University
• 依托单位国家: 日本
• 项目类别: Grant-in-Aid for Scientific Research (B)
• 财政年份: 2003
• 资助国家: 日本
• 起止时间: 2003 至 2004
• 项目状态: 已结题
• 来源: https://kaken.nii.ac.jp/en/grant/KAKENHI-PROJECT-15300011/
• 关键词: Illegal Access; Security; NIDS; Next generation network; DoS; ネットワークセキュリティ; 学習型検出; IDS; 主成分分析

Recently, NIDS (Network-based Intrusion Detection System) has played an important role in Internet security system. However, the pattern matching technique used in NIDS is weak for new-type virus or unauthorized access, intentionally evasion act and is not expectable for next generation internet protocol IPv6 equipped with encryption. In this study, we propose a new access detection system which have learning function on subnetwork. Our goal is to develop next generation access detection system which include unknown illegal access detection structure, cooperate with NIDS and adapt to IPv6.In this research, we discussed about DoS (Denial of Service) attack that is difficult to detect in pattern matching technique and developed the system that learn and detect DoS attack This system exploit that the normal access follows the TCP congestion avoidance mechanism and will send test feedback to the source that being suspected of unauthorized access to decrease the transmission rate. By detecting the source's response, we can determine whether it is unauthorized access or not.Furthermore, we develop the software necessary for sharing information of detected unauthorized access among subnet NIDS and neighboring NIDS. This software makes it possible to block the unauthorized access extensively and we construct unauthorized access detection and extermination system combined with detection system. We had performed experiments over real network. As a result, we verified that detection-system is able to detect attack rapidly and accurately and we can realize high detection rate and low false negative rate.

近年来，基于网络的入侵检测系统（NIDS）在网络安全体系中扮演着重要的角色。然而，NIDS所采用的模式匹配技术对于新型病毒或非授权访问、故意规避行为的检测能力较弱，对于下一代IPv6加密网络也不适用。在本研究中，我们提出一个新的具有学习功能的子网路存取侦测系统。我们的目标是开发出一个包含未知非法访问检测结构、与NIDS协同工作、适应IPv6的下一代访问检测系统。我们讨论了DoS（拒绝服务）针对模式匹配技术中难以检测到的拒绝服务攻击，开发了学习和检测拒绝服务攻击的系统。该系统利用正常访问遵循TCP拥塞避免机制，并将发送测试向被怀疑未经授权访问的源反馈以降低传输速率。通过检测源的响应，我们可以确定它是否是未经授权的访问或没有。此外，我们开发了必要的软件，共享子网NIDS和邻居NIDS之间的检测到的未经授权的访问信息。该软件使得大范围的拦截非法访问成为可能，并结合检测系统构建了非法访问检测和查杀系统。我们在真实的网络上进行了实验。实验结果表明，该检测系统能够快速、准确地检测出攻击，实现了高检测率和低漏报率。

项目成果

加藤寧: "ユーザトラヒックパターンの特徴付けによるUDP Flooding抑制方式"2004年電子情報通信学会総合大会講演論文集. B-7-14. 223 (2004)

Yasushi Kato：“基于用户流量模式特征的 UDP 洪泛抑制方法”2004 年 IEICE 大会记录 B-7-14 (2004)。

A Recursive, Explicit and Fair Method to Efficiently and Fairly Adjust TCP Windows in Satellite Networks

卫星网络中高效公平调整 TCP 窗口的递归、显式、公平方法

• 发表时间: 2004
• 期刊: 2004 IEEE International Conference on Communications 7
• 作者: Tarik Taleb;Tarik Taleb;Tarik Taleb;Tarik Taleb;Tarik Taleb;Tarik Taleb
• 通讯作者: Tarik Taleb

A Dummy Segment Based Bandwidth Probing Technique to Enhance the Performance of TCP over Heterogeneous Networks

基于虚拟段的带宽探测技术增强异构网络上的 TCP 性能

• 发表时间: 2005
• 期刊: IEEE Wireless Communications and Networking Conference
• 作者: A.SANO;K.NISHI;H.MIYANISHI;H.FUJIMOTO;Tarik Taleb
• 通讯作者: Tarik Taleb

On-Demand Media Streaming to Hybrid Wired/Wireless Networks over Quasi-Geo Stationary Satellite Systems

通过准地球静止卫星系统将点播媒体流传输到混合有线/无线网络

• 发表时间: 2005
• 期刊: Elsevier Journal on Computer Networks Vol.47, No.2
• 作者: T.Taleb;N.Kato;Y.Nemoto
• 通讯作者: Y.Nemoto

和泉勇治: "異常検知のためのネットワーク特徴量抽出法に関する一考察"2004年電子情報通信学会総合大会講演論文集. SB-4-1. S-27 (2004)

Yuji Izumi：“异常检测的网络特征提取方法的研究”2004 年 IEICE 大会 S-27 会议记录（2004 年）。