本研究應用以政策為基礎網路管理(Policy-based Network Management)理論於網路安全上。以往異常行為偵測法(abnormal detection)大多應用於未知入侵行為偵測,因先天上之限制,會有無法發現新型的入侵行為及錯誤警報(false alarm)等缺點。為了減低錯誤入侵警報發生,使異常行為偵測方式能有較準確之判斷,本研究提出一個應用以政策為基礎網路管理理論之模型。首先以簡易網路管理協定(SNMP)由路由器取得流量資訊後,再使用倒傳遞網路進行分析找出異常流量,最後以政策分析的方式解救受到攻擊無法提供服務的伺服器,使其恢復正常。本研究以偵測阻絕服務攻擊之例子來驗證所提出之之模型的可行性。
This study applies the Policy-based Network Management (PBNM) model to net-work security. The abnormal detection method was used to detect unknown intrusions very often. However, due to its instinctive limitations and weaknesses, it is hard to de-tect intrusions with new patterns and easy to arise false alarms.
In order to reduce number of false alarms and increase accuracy of abnormal de-tections, this paper proposed a new model based on PBNM. The study first gathered network traffic data in the router by using SNMP. It then used back-propagation net-works to analyze and find out abnormal traffic, and finally solving the problems of servers under-attacked by setting their protection policies. In order to verify the practi-cability of proposed, we used the “deny of service (DoS)” attack as an example.
