Системный анализ трафика для выявления аномальных состояний сети
Диссертация
Результаты исследования соответствуют пунктам 4 — «Разработка методов и алгоритмов решения задач системного анализа, оптимизации, управления, принятия решений и обработки информации», 5 — «Разработка специального математического и программного обеспечения систем анализа, оптимизации, управления, принятия решений и обработки информации» паспорта научной специальности 05.13.01 — Системный анализ… Читать ещё >
Список литературы
- Гнеденко, Б.В. Курс теории вероятностей Текст. / Б. В. Гнеденко // М.: -Эдиториал УРСС, 2001. 320 с.
- Официальный сайт ОС Cisco IOS и NX-OS, Электронный ресурс. Режим доступаhttp://www.cisco.com/en/US/products/sw/iosswrel/productsiosciscoiossoftwa recategoryhome. html, свободный, дата доступа: январь 2012.
- Сухов, A.M. Моделирование нагрузки на участке высокоскоростной сети Текст. / А. М Сухов // Телелекоммуникации М., № 2, 2006. — С. 23−29.
- Aydin, М. A hybrid intrusion detection system for computer netwrok security Text. / M. Ali Aydin, A. Halim Zaim, K. Gokhan Ceylan // Computer & Electrical Engineering, Vol. 35, Issue 3, May 2009. P. 517−526.
- Altman, E. A stochastic model for TCP/IP with stationary random losses Text. / E. Altman, K. Avratchenkov, C. Barakat, // ACM SIGCOMM Computer Communication Review. ACM, 2000. — V. 30. — №. 4. — P. 231−242.
- Amoroso, E. Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response Text. / Edward Amoroso // No.: ISBN 0−9 666 700−7-8.- 1999.-P. 218.
- Anderson, J. Computer Security Threat Monitoring and Surveillance Text. / J. Anderson // Technical report, James P. Anderson Company, Fort Washington, Pennsylvania, 1980.-Vol. 17.
- Barakat, C. A flow-based model for Interner backbone traffics Text. / C. Barakat, P. Thiran, G. Iannaconec, C. Diot, P. Owezarski //Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment. ACM, 2002. — P. 35−47.
- Barbara, D. ADAM: Detecting Intrusions by Data Mining Text. / Daniel Barbara, Julia Couto, Sushil Jajodia, Leonard Popyack, Ningning Wu // Proceedings of the IEEE Workshop on Information Assurance and Security, West Point, NY, June 2001.
- Barlow, J. TFN2K An Analysis Electronic resource. / Jason Barlow, Woody Thrower // sitehttp://www2.axent.com/swat/News/TFN2kAnalysis.htm, date January 2012.
- Ben Fredj S. Statistical Bandwidth Sharing: A Study of Congestion at Flow Level Text. / S. Ben Fredj, T. Bonald, A. Proutiere, G. Regnie, J. Roberts //ACM SIGCOMM Computer Communication Review. 2001. — Vol. 31. — №. 4. — P. 111 -122.
- Bremaud, P. Power spectra of general shot noises and Hawkes point processes with a random excitation Text. / P. Bremaud, L. Massoulie //Advances in Applied Probability. 2002. — T. 34. — №. 1. — C. 205−222.
- Brownlee, N. Traffic flow measurement: architecture Text. / N. Brownlee, C. Mills, G. Ruth // RFC 2722, October 1999.
- Bu, T. Fixed Point Approximation for TCP behavior in an AQM Network Text. / T. Bu, D. Towsley // ACM SIGMETRICS Performance Evaluation Review. ACM, 2001.-Vol. 29. №. 1.-P. 216−225.
- Cardwell, N. Modeling TCP Latency Text. / N. Cardwell, S. Savage, T. Anderson // INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE. IEEE, 2000. — Vol. 3. — P. 17 421 751.
- Calyam, P. Performance Measurement and Analysis of H.323 Traffic Text. / P. Calyam, M. Sridharan, W. Mandrawa, P. Schopis // Passive and Active Network Measurement. 2004. — P. 137−146.
- Chan, P.K. A Machine Learning Approach to Anomaly Detection Text. / P.K. Chan, M.V. Mahoney, M.H. Arshad // Department of Computer Sciences, Florida Institute of Technology, Melbourne. 2003.
- Chang, R.K.C. Defending against flooding-based Distributed Denial of Service attacks: a tutorial Text. / R.K.C. Chang // Communications Magazine, IEEE.2002. Vol. 40. — №. 10. — P. 42−51.
- Claise, B. NetFlow Services Export Version 9 Text. / B. Claise // RFC 3954, 2004.
- Crovella, M. Self-Similarity in World Wide Web Traffic: Evidence and Possible Causes Text. / M. Crovella, A. Bestavros // Networking, IEEE/ACM Transactions on. 1997. — Vol. 5. — №. 6. — P. 835−846.
- Daley, D. An introduction to the theory of point processes Text. / D. Daley, D. Vere-Jones // Springer, 2007. -Vol. 2.
- Deal, R. Cisco Router Firewall Security: DoS Protection Electronic resource. / Richard A Deal // Cisco Press, Oct. 2004. site http://www.informit.com/articles/printerfriendly.aspx?p=345 618,date: January 2012.
- Denning, D. An Intrusion Detection Model Text. / D. Denning // Proceedings of the Seventh IEEE Symposium on Security and Privacy, 1986. P. 119−131.
- Dietrich, S. Analyzing distributed denial of service tools: The shaft case Text. / S. Dietrich, N. Long, D. Dittrich // In Proceedings of USENIX LISA'2000, New Orleans, LA, 2000.
- Douligeris, C. DDoS Attacks and Defense Mechanisms: Classification and State-of-theart Text. / C. Douligeris, A. Mitrokotsa // Comp. Networks. 2004. — Vol. 44,-P. 643−660.
- Dowell, C. The ComputerWatch Data Reduction Tool Text. / C. Dowell, Paul Ramstedt // Proceedings of the 13th National Computer Security Conference. -University of California, 1990. P. 99−108.
- Dumas, V. A Markovian analysis of AIMD algorithms Text. / V. Dumas, F. Guillemin, P. Robert // Advances in Applied Probability. 2002. — Vol. 34. — №. 1. -P. 85−111.
- Farid, D.M. Learning intrusion detection based on adaptive Bayesian algorithm Text. / D.M. Farid, M.Z. Rahman // Computer and Information Technology, 2008. ICCIT 2008. 11th International Conference on. IEEE, 2008. — P. 652−656.
- Feldmann, A. Characteristics of TCP connection arrivals Text. / A. Feldmann // Self-similar network traffic and performance evaluation. 2000. — P. 367−399.
- Ferguson, P. RFC-2827 Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Electronic resource. / P. Ferguson, D. Senie // 2000. -sitehttp://www.faqs.org/rfcs/rfc2827.html, date: January 2012.
- Fraleigh, C. Packet-level traffic measurements from the Sprint IP backbone Text. / C. Fraleigh, S. Moon, C. Diot, B. Lyles, F. Tobagi // Network, IEEE. 2003. -Vol. 17.-№. 6.-P. 6−16.
- Fullmer, M. The OSU Flow-tools Package and Cisco Netflow logs Text. / M. Fullmer, S. Roming // In Proceedings of the 2000 USENIX LISA Conference, New Orleans, LA. 2000.
- Greenhalgh, A. Flow Processing and The Rise of Commodity Network Hardware Text. / A. Greenhalgh, F. Huici, M. Hoerdt, P. Papadimitriou, M. Handley, L. Mathy // ACM SIGCOMM Computer Communication Review. 2009. — Vol. 39. -№. 2.-P. 20−26.
- Haag, P. Watch your Flows with NfSen and NfDump Text. / P. Haag, // 50th RIPE Meeting, 2005.
- Heberlein, L. A Network Security Monitor Text. / L Heberlein, D. Todd, V. Giha, K. Levitt, B. Mukherjee, J. Wood, D. Wolber // Symposium on Research in Security and Privacy, Oakland, CA, 1990. P. 296−304.
- Houle, K.J. Trends in denial of service attack technology Text. / K.J. Houle, G.M. Weaver // CERT Coordination Center. 2001. — T. 839.
- Jackson, K. A Phased Approach to Network Intrusion Detection Text. / Kathleen Jackson, David H. DuBois, Cathy A. Stallings // Los Alamos National Lab., NM (USA), 1991. №. LA-UR-91−334- CONF-9 105 126−1.
- Yang, W. Network Traffic Emulation for IDS Evaluation Text. / W. Yang, J. Gong, W. Ding, X. Wu // Network and Parallel Computing Workshops, 2007. NPC Workshops. IFIP International Conference on. IEEE, 2007. — P. 608−612.
- Kandula, S. The Nature of Data Center Traffic: Measurements & Analysis Text. / S. Kandula, S. Sengupta, A. Greenberg, P. Patel, R. Chaiken // Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference. ACM, 2009.-P. 202−208.
- Karasaridis, A. Wide-scale botnet detection and characterization Text. / A. Karasaridis, B. Rexroad, D. Hoeflin // Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. 2007. — C. 7−7.
- Kherani, A.A. Performance Analysis of TCP with Nonpersistent Sessions Text. / A.A. Kherani, A. Kumar // Workshop on Modeling of Flow and Congestion Control. -2000.-P. 4−6.
- Kleinrock, L. Queueing Systems: Theory Text. / L. Kleinrock // Wiley, NY. -Vol. I. 1975.
- Kleinrock, L. Queueing Systems: Computer Applications Text. / L. Kleinrock // Wiley, NY.-Vol. II.-1976.
- Kohlenberg, T. Snort IDS and IPS Toolkit Text. / Toby Kohlenberg, Raven Alder, Everett F. Carter, James C. Foster, Raffael Jonkman Marty, Mike Poor // Syngress. 2007.
- Krugel C. Network Alertness: Towards an Adaptive, Collaborating Intrusion Detection System Text. / C. Krugel // Dissertation, Vienna, Austria. 2002.
- Kumar, S. Classification and Detection of Computer Intrusions / S. Kumar // Dissertation, Dept. of Computer Science, Purdue University, 1995.
- Labovitz, C. Internet Traffic and Content Consolidation Text. / C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, F. Jahanian // Proceedings of the seventy seventh Internet Engineering Task Force meeting. 2010.
- Lee, W. Data mining approaches for intrusion detection Text. / W. Lee, S. J. Stolfo // Defense Technical Information Center, 2000.
- Leland, W. On the self-similar nature of Ethernet traffic Text. / W. Leland, M. Taqq, W. Willinger, D. Wilson // ACM SIGCOMM Computer Communication Review.-ACM, 1993.-Vol. 23.-№. 4.-P. 183−193.
- Lyon, G.F. Lyon G. F. Nmap Network Scanning: The Official Nmap Project Guide To Network Discovery And Security Scanning Author: Gordon Fyodor L. 2009. Text. / G. F. Lyon // Nmap Project, 2009.
- Lunt, T. Detecting Intruders in Computer Systems Text. / T. Lunt // 1993 Conference on Auditing and Computer Technology, SRI International. 1993.
- Lunt, T. IDES: An Intelligent System for Detecting Intruders Text. / T. Lunt // Proceedings of the Symposium: Computer Security, Threat and Countermeasures. -1990.-P. 30−45.
- McGIone, J. An Attack-Resilient Sampling Mechanism for Integrated IP Flow Monitors Text. / J. McGIone, A. Marshall, R. Woods // 29th IEEE International Conference on Distributed Computing Systems Workshops. 2009. — P. 233−238.
- Mao, Z.M. Analyzing Large DDoS Attacks Using Multiple Data Sources Text. / Z. M. Mao, V. Sekar, O. Spatscheck, J. van der Merwe, R. Vasudevan // Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense. ACM, 2006. -P. 161−168.
- Marmorstein, R. A tool for automated iptables firewall analysis Text. / R. Marmorstein, K. Phil // Proceedings of the annual conference on USENIX Annual Technical Conference. USENIX Association, 2005. — P. 44−44.
- Menasce, D. Capacity planning for Web performance: Metrics, models, and methods Text. / D. Menasce, V. Almeida // Prentice Hall, 2002. P. 133.
- Mirkovic, J. A taxonomy of DDoS attack and DDoS defense mechanisms Text. / J. Mirkovic, P. Reiher // ACM SIGCOMM Computer Communication Review. -2004. Vol. 34. — №. 2. — P. 39−53.
- Mishra, A. Intrusion detection in wireless ad-hoc networks Text. / A. Mishra, K. Nadkarni, A. Patcha // Wireless Communications, IEEE. 2004. — Vol. 11. -№. l.-P. 48−60.
- Padhye, J. Modeling TCP Throughput: a Simple Model and its Empirical Validation Text. / J. Padhye, V. Firoiu, D. Towsley, J. Kurose // ACM SIGCOMM Computer Communication Review. ACM, 1998. — Vol. 28. — №. 4. — P. 303−314.
- Paulauskas, N. Computer System Attack ClassificationText. / N. Paulauskas, E. Garsva // Electronics and Electrical Engineering. 2006. — Vol. 2. — №. 66. — P. 8487.
- Paxson, V. An Analysis of Using Reflectors for Distributed Denial-of-service Attacks Text. / V. Paxson // ACM SIGCOMM Computer Communication Review. 2001. — Vol. 31. — №. 3. — P. 38−47.
- Paxson, V. Bro: A System for Detecting Network Intruders in Real-Time Text. / Vern Paxson // Computer networks. 1999. — Vol. 31. — №. 23. — P. 2435−2463.
- Paxson, V. Measurements and Analysis of End-to-End Internet traffic Text. / V. Paxon // Dissertation, University of California Berkeley, 1997.
- Paxson, V. Wide-Area Traffic: The Failure of Poisson Modeling Text. / V. Paxson, S. Floyd // IEEE/ACM Transactions on Networking (ToN). 1995. — Vol. 3. — №. 3.-P. 226−244.
- Phaal, P. sFlow Version 5 Electronic resource. / Peter Phaal, Marc Lavine // 2010. site — http://sFlow.org, date: January 2012.
- Postel, J. RFC 793 Transmission Control Protocol Electronic resource. / Jon Postel // 1981. — site — http://www.ietf.org/rfc/rfc793.txt, date: January 2012.
- Ramadas, M. Detecting anomalous network traffic with self-organizing maps Text. / M. Ramadas, S. Ostermann, B. Tjaden // Recent Advances in Intrusion Detection. Springer Berlin/Heidelberg, 2003. — P. 36−54.
- Reichle, D. Analysis and detection of DDoS attacks in the internet backbone using netflow logs Text. / D. Reichle // Dissertation DA-2005.06, TIK, ETH Zurich, 2005.
- Roesch, M. Snort Lightweight Intrusion Detection for Networks Text. / M. Roesch // Proceedings of the 13th USENIX conference on System administration. -1999.-P. 229−238.
- Sebring, M. Expert Systems in Intrusion Detection: A Case Study Text. / M. Sebring, R. Whitehurst // Proceedings of the 11th National Computer Security Conference. 1988. — Vol. 32.
- Smaha, S. Haystack: An Intrusion Detection System Text. / S. Smaha // The Fourth Aerospace Computer Security Applications Conference. IEEE, 1988. — P. 37−44.
- Sommer, R. Outside the Closed World: On Using Machine Learning For Network Intrusion Detection Text. / R. Sommer, V. Paxson // Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 2010.-P. 305−316.
- Sperotto, A. Anomaly characterization in flow-based traffic time series Text. / A. Sperotto, R. Sadre, A. Pras // Proceedings of the 8th IEEE International Workshop on IP Operations and Management, IPOM 2008, Samos, Greece. 2008. — P. 1520.
- Teng, H.S. Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns Text. / H.S. Teng, K. Chen, S. Lu// Research in Security and Privacy: Proceedings of the IEEE Computer Society Symposium on. IEEE, 1990. — P. 278−284.
- Thottan, M. Anomaly detection in IP Networks Text. / M. Thottan, C. Ji // Signal Processing, IEEE Transactions on. 2003. — Vol. 51. — №. 8. — P. 2191−2204.
- Vaccaro, H.S. Detection of Anomalous Computer Session Activity Text. / H.S. Vaccaro, G.E. Liepins // Security and Privacy: Proceedings of the IEEE Symposium on. IEEE, 1989. — P. 280−289.
- Quittek, J. Requirements for IP Flow Information Export (IPFIX) Text. / J. Quittek and others // RFC 3917. 2004.
- Wang, Y. Distributed intrusion detection system based on data fusion method Text. / Y. Wang, H. Yang, X. Wang, R. Zhang // Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on. IEEE, 2004. — Vol. 5. — P. 43 314 334.
- Williams, H. E. Web Database Applications with PHP and MySQL Text. / H. E. Williams, D. Lane // O’Reilly Media, 2nd edition. 2004.
- Willinger, W. Self-similarity through high-variability: Statistical analysis of Ethernet LAN traffic at the source level Text. / W. Willinger, M. Taqqu, R. Sherman, D. Wilson // Networking, IEEE/ACM Transactions on. 1997. — Vol. 5. — №. 1. — P. 71−86.
- Winkeler, J.R. A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks Text. / J.R. Winkeler// Proceedings of the 13th National Computer Security Conference. 1990. — P. 115−124.
- Ye, X. Countering ddos and xdos attacks against web services Text. / X. Ye // Embedded and Ubiquitous Computing, 2008. EUC'08. IEEE/IFIP International Conference on. IEEE, 2008. — Vol. 1. — P. 346−352.