就目前的網路安全機制而言,例如,Firewall、IDS,對於攻擊者的入侵行為只有警示作用,沒有嚇阻效果。事實上,惟有找到攻擊者,訴諸法律,才能有效地嚇阻攻擊事件的發生。 一個完善的區域防禦機制應該包含入侵偵測與追蹤系統,藉由前者,可偵測出攻擊的行為,再以後者進行追蹤,俾迅速地找到攻擊者,切斷攻擊來源,以保障區域內的網路安全。 在本論文中,將探討區域防禦機制內的入侵追蹤系統。我們所提出的入侵追蹤機制,能適用於目前的網路環境。方法是將龐大的網路環境分為多個網路管理區域,以方便追蹤管理。追蹤系統透過各區域間的相互合作以追蹤攻擊者,而彼此間的追蹤是依據事先記錄在各區域以雜湊函數產生的識別值。 追蹤系統必須架構在一安全的環境上,以免遭受攻擊。本研究是透過CA(Certification Authority)與SSL(Secure Socket Layer)等安全機制,在追蹤系統各單元相互通訊時,保障其身分的識別、傳送的訊息與資料本身的安全性。使整個追蹤機制,能夠快速、正確且安全地找出攻擊者,並保障系統的堅固性,以免遭受攻擊者的破壞而無法正常的運作。 Currently security mechanisms, such as Firewall, Intrusion Detection System, only focus on caution, prevention and detection. In order to prevent an information system from illegal attacks, finding and punishing malevolent hackers are perhaps the most effective ways. A perfect section defense mechanism should include intrusion detection system and intrusion traceback system. When receiving an alert from intrusion detection system, it can trace the intruder by intrusion traceback system. As an intruder is found, the section defense mechanism will cut off the network connection in order to protect the section. In this paper, we design and construct the intrusion traceback system of the section defense mechanism, which is applicable to current environment of a network system. In this research, we divide a network system into many network management unit (NMU) for tracing intruder and convenient management purpose. Each NMU cooperatively trace the intruder with one another based on the identification code produced by hash function and pre-recorded in each section. Intrusion traceback system needs a secure environment to perform its tracing. CA (Certification Authority) and SSL (Secure Socket Layer) are those mechanisms to guarantee safe authentication and confidentiality in each NMU. Under such an environment, the intruder can be quickly and correctly found. Of course, the system will be robust enough to protect itself from hackers and intruders.
