本調査研究に用いたトラフィック情報は、以下の 3 つのネットワークから得られたもので ある。
1. 国内を幅広くカバーする大規模な研究用ネットワークであるWIDEプロジェクトのバ ックボーンネットワークの対米接続線
2. 大規模なキャンパスネットワークを持つ東北大学の一部局となる東北大学大学院経済 学研究科の学内基幹ネットワークへの接続線
3. キャンパスネットワークとしてのスタブネットワークとなる東北大学情報科学研究科 根元研究室の学内基幹ネットワークへの接続線
それぞれ大規模、中規模、小規模ネットワークの代表的ネットワークとして検討する。
図 61に示す小規模ネットワークでは、全体的にトラフィック量が少ない、また利用者につ いても特定の利用者に限られていることから、利用者個人のネットワーク利用による変化 が顕著に現れている。
図 61 小規模ネットワークの24時間のトラフィック量の推移
図 62に示す中規模ネットワークでは、トラフィック量自体は図 61に比べて大きな違い見 られないが、利用者の広がりが大きいことからその利用状況により統計性がみられる傾向 がある。
図 62 中規模ネットワークの24時間のトラフィック量の推移
図 63に示す大規模ネットワークでは、トラフィック量が定常的に非常多く、観測装置の記 録容量の問題からすべて記録することができないため、10 分間の記録のみであるが、高い レベルのトラフィック量であるとともに、常に多くのトラフィックが安定して観測されて いることがわかる。
謝辞
本調査研究を実施するにあたって、WIDE Project, 東北大学経済学研究科、および東北大 学情報科学研究科には多大な協力をいただきました。東北大学電気通信研究所の白鳥研究 室、東北大学情報科学研究科の根元研究室には、データ分析、フィージビリティスタディ 等で大きなサポートをいただきました。御礼申し上げます。
ツール
本調査で特にフィージビリティスタディに用いた各種ツールを以下のURLから取得可能で ある。
http://www.cysol.co.jp/contrib/index_j.html
参考文献
1 V. Paxson and S. Floyd, Wide-Area Traffic: The Failure of Poisson Modeling.IEE E/ACM Transactions on Networking, Vol. 3 No. 3, pp. 226-244, June 1995.
2 P. Danzig and S. Jamin, “tcplib: A Library of TCP Internetwork Traffic Charact eristics, “Report CS-SYS-91-01, Computer Science Department, University of South ern California, 1991, Available via FTP to catatina.usc.edu as pub/jamin/tcplib/tcpl ib.tar.Z
3 V. Paxson, Fast,Approximate Synthesis of Fractional Gaussian Noise for Genera ting Self-Similar Network Traffic . Computer Communications Review, V. 27 N. 5, October 1997, pp. 5-18.
4 Paul Barford, Jeffery Kline, David Plonka and Amos Ron "A Signal Analysis of Network Traffic Anomalies", Proceedings of ACM SIGCOMMInternet Measuremen t Workshop 2002
5 M. Robinson, J. Mirkovic, M. Schnaider, S Michel and P. Reiher, Challenges an d Principles of DDoS Defense, submitted to SIGCOMM 2003.
6 Rocky K.C. Chang, Hong Kong Polytechnic University, Defending against Floodi ng-Based Distributed Denial-of-Service Attacks: Tutorial, IEEE Communications M agazine October 2002
7 The National Laboratory for Applied Network Research, http://www.nlanr.net/
8 The Cooperative Association for Internet Data Analysis, http://www.caida.org/
9 Huffaker, B., Fomenkov, M., Moore, D., claffy, k., Macroscopic analyses of the in frastructure: measurement and visualization of Internet connectivity and performa nce, Proceedings of PAM2001
10 MAWI (Measurement and Analysis on the WIDE Internet), http://www.wide.ad.j p/wg/active/217_MAWI.html
11 Kenjiro Cho, Ryo Kaizaki, Akira Kato, Aguri: An Aggregation-Based Traffic Pr ofiler, Quality of Future Internet Services,Coimbre,Portugal,September,2001
12 Ryo Kaizaki, Osamu Nakamura, Jun Murai, “Characteristics of Denial of Servi ce sttacks on Internet using AGURI”, The International Conference on Informatio n Networking 2003 Proceedings (vol.1),Jeju Korea, Feb 2003
13 PAM2004, April 19-20, 2004, Antibes Juan-les-Pins, France, http://www.pam200 4.org/
14 Internet Measurement Conference 2004, Sponsored by ACM SIGCOMM and in
15 Steve MaCanne, Craig Leres, Van Jacobson, Network Research Group. Packet Capturing Library, Lawrence Berkeley National Laboratory. ftp://www.ee.lbl.gov/libp cap.tar.Z
16 tcpdump, http://www.tcpdump.org/
17 K. C. Claffy, G. C. Polyzos, and H-W Braun. Application of Sampling Methodol ogies to Network Traffic Characterisation. In Proceedings of ACM SIGCOMM'93, San Francisco, CA, September 1993. (p 65)
18 K.C. Claffy, G.C. Polyzos, and H.-W. Braun. "Application of Sampling Methodol ogies to Network Traffic Characterization", Computer Communication Review, 23 (4):194--203, October 1993.
19 IETF WG, Packet Sampling (psamp), http://www.ietf.org/html.charters/psamp-ch arter.html
20 Stefan Savage et.al at, “Estimating Global Denial-of-Service Activity” NANOG2 2, May 20-22, 2001 Scottsdale, AZ
21 Zhi-Li Zhang, Vinay J. Ribeiro, Sue Moon, and Christophe Diot, Small-Time Sc aling Behaviors of Internet Backbone Traffic: An Empirical Study”, the Proceeding s of IEEE INFOCOM 2003, April 2003.
22 Glenn MANSFIELD Keeni, “The Managed Object Aggregation MIB”, work in p rogress, July 2003
23 Management Infromation Base for IP Version 6: Textual Convensions and Gen ral Group, D. Haskin, S. Onishi, Dec. 1998, RFC 2465
24 IP Version 6 Management Information Base for the Transmission Control Prot ocol, M. Daniele, Dec. 1998, RFC 2452
25 IP Version 6 Management Information Base for the User Datagram Protocol, M. Daniele, Dec. 1998, RFC 2454
26 Management Infromation Base for IP Version 6: Textual Convensions and Gen ral Group, D. Haskin, S. Onishi, Dec. 1998, RFC 2465
27 Management Infromation Base for IP Version 6: ICMPv6 Group, D. Haskin, S.
Onishi, Dec. 1998, RFC 2466
28 IP Version 6 Management Information Base for the Multicast Listener Discove ry Protocol, B. Haverman, R. Worzella, Jan. 2001, RFC 3019
29 NETWORLD + INTEROP 2003 TOKYO,IPv6 Show Case, http://www.medialive.j p/events/ni2003/_exhibit/_project/ipv6.html
30 net-snmp, http://www.net-snmp.org/
31 Kun-chan Lan, Alefiya Hussain and Debojyoti Dutta, The Effect of Malicious T raffic on the Network, In the Proceedings of PAM 2003, April 6-8, La Jolla 32 Alefiya Hussain, John Heidemann, and Christos Papadopoulos. A Framework f or Classifying Denial of Service Attacks. In Proceedings of the ACM SIGCOMM C onference, Karlsruhe, Germany, ACM. August, 2003.
33 D. Moore, G. Voelker & S. Savage., "Inferring Internet Denial-of-Service Activit y", USENIX Security Symp, 2001.
34 Hussam O.mousa ,A Survey and Analysis of Neural Netwrk approaches to Intr usion Detection, SANS institute, 2002/11/12
35 Jake Ryan(1), Meng-Jang Lin(2), and Risto Miikkulainen(1) (2002). Intrusion D etection With Neural Networks, In Jordan, M. I., Kearns, M. J., and Solla, S. A.
(editors) Advances in Neural Information Processing Systems 10 (NIPS'97, Denve r, CO), 943-949. Cambridge, MA: MIT Press, 1998..
36 Kymie Tan, The Application Of Neural Networks To UNIX Computer Security Proc. Int. Conf. Neural Networks, ICNN 2002
37 Anup K. Ghosh, James Wanken, Frank Charron, Detectiong Anomalous and U nknown Intrusions Against Programs, Reliable Software Technol., Sterling, VA, US A
38 Cannady, J., Artificial Neural Networks for Misuse Detection, Proceedings of t he 1998 National Information Systems Security Conference (NISSC'98) October 5-8 1995-8. Arlington, VA.
39 Zheng Zhang, JunLi C.N. Manikopoulos, Jay Jorgenson, Jose Ucles, HIDE: a H ierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification, Proceedings of the 2001 IEEE, Workshop on Infor mation Assurance and Security, United States Military Academy, West Point, NY, 5-6 June, 2001
40 Peter Lichodzijewski, A. Nur Zincir-Heywood, Malcolm I.Heywood, "Host-Based In trusion Detection Using Self-Organizing Maps", 14th Annual Canadian Informatio n Technology Security Symposium, May 2002.
41 Anup K. Ghosh, Aaron Schwartzbard, and Michael Schatz, "Learning Program Behavior Profiles for Intrusion Detection", Proceedings 1st USENIX Workshop on Intrusion Detection and Network Monitoring
42 Review of Anomaly-based Network Intrusion Detection Jonathan Werrett, 2003/
05/26, http://www.csse.uwa.edu.au/~werrej01/docs/review.pdf
43 Stuart Staniford, James A. Hoagland, and Joseph M. McAlerny. SPADE, Retrieve d May 20th 2003 from the World Wide Web: http://www.silicondefense.com/software/sp
44 Christopher Krugel, Thomas Toth, and Engin Kirda. Service Specific Anomaly Dete ction for Network Intrusion Detection Proceedings of the ACM Symposium on Appli ed Computing, 2002
45 Matthew C. Mahoney and Philip K. Chan. Learning Nonstarationary Models of No rmal Network Traffic for Detecting Novel Attacks. Proceedings of the Eighth Internati onal Conference of Knowledge Discovery and Data Mining, pp376-385, 2002. Retrieve d May 21st 2003 from the World Wide Web: http://www.cs.fit.edu/~mmahoney/
46 Carol Taylor and Jim Alves-Foss. NATE - Network Analysis of Anomalous Traf fic Events, A Low-Cost Approach. Proceedings of the New Security Paradigms Wo rkshop '01, pp 89-96, September 2001.
47 R. Sekar, A. Gupta, J. Frullo, T. Shanbhad, A. Tiwari, H. Yang, and S. Zhou.
Specification-based Anomaly Detection: A New Approach for Detectiong Network I ntrusions. Proceedings of the ACM Conference on Computer and Communications Security 2002, November 2002.
48 W. Lee, S. J. Stolfo, and K. W. Mok. Mining in a data-flow environment: Expe rience in network intrusion detection. Proceedings of the ACM SIGKDD Internatio nal Conference on Knowledge Discovery & Data Mining (KDD-99), 1999.
49 K.Koide, G.Mansfield Keeni, G.Kitagata and N.Shiratori, ``DCAA: A Dynamic Constrained Adaptive Aggregation method for Effective Network Traffic Informatio n Summarization,'' IEICE Transactions on Communications Special Issue on IPv6 Technology (to be appeared in 2004).
50 NSPIXP6: http://www.wide.ad.jp/nspixp6/
51 Extended Incident Handling (inch) WG, http://www.ietf.org/html.charters/inch-ch arter.html
52 Yuri Demchenko, Hiroyuki Ohno, Glenn M Keeni, Requirements for Format for INcident information Exchange (FINE), work in progress, October, 2003, http://w ww.ietf.org/internet-drafts/draft-ietf-inch-requirements-02.txt
53 J. Meijer, R. Danyliw, Y. Demchenko, The Incident Data Exchange Format Dat a Model and XML Implementation, work in progress, September 29, 2003, http://
www.ietf.org/internet-drafts/draft-ietf-inch-iodef-02.txt 54 Steve Gibson, ``DRDoS'', http://grc.com/dos/drdos.htm
55 Vern Paxson, ``An Analysis of Using Reflectors for Distributed Denial-of-Servic e Attacks'', Computer Communication Review 31(3),July 2001
56 Rodney Denno ``A Next-Generation DoS Attack: Distributed Reflection'', http://
www.scmagazine.com/scmagazine/sc-online/2002/article/36/article.html
57 Aleksandar Kuzmanovic, Edward W. Knightly, Low-Rate TCP-Targeted Denial