English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 18278/19583 (93%)
造訪人次 : 917616      線上人數 : 934
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://nhuir.nhu.edu.tw/handle/987654321/17727


    題名: 於 Gigabit 被動光纖網路下多媒體串流鑑識系統之設計與實作─以 SIP 網路電話為例
    其他題名: Design and Implementation of Multimedia Streaming Forensics System in a Gigabit Passive Optical Network--The Case Study of SIP Phone Applications
    作者: 洪丞緯
    Hung, Cheng-wei
    貢獻者: 資訊管理學系
    吳光閔;蘇暉凱
    Guang-ming Wu;Hui-kai Su
    關鍵詞: 會談描述協定;數位鑑識;影音串流;會談初始協定;千兆位元被動光纖網路
    digital forensics;Session Initiation Protocol;Session Description Protocol;multimedia streaming;Gigabit Passive Optical Network
    日期: 2013
    上傳時間: 2015-01-05 11:59:02 (UTC+8)
    摘要:   隨著影音串流技術之發達,多媒體會談串流服務已成為電腦網路使用者最常使用服務之一,在啟用會談服務時,會談之控制通道 (Control Channel) 傳輸為利用固定已知埠號 (Well-Known Port),但其資料傳輸通道 (Data Channel) 則利用動態非已知埠號 (Unknown Port),需透過觀察 SIP 封包中所夾帶之 SDP 資訊得知,故在數位鑑識上之實現有其難度。由於網路架構之迅速發展,從傳統撥接存取網路到現今所提供之光纖網路,網路速度與品質不斷地提升,同時也導致網路攻擊難以追縱與記錄,延伸出許多網路安全問題,故須透過數位鑑識還原網路使用之記錄。數位鑑識又稱為電腦鑑識,乃透過電腦鑑識技術輔助偵查與還原環境,透過分析與比對還原案發當時之環境。傳統 GPON 網路鑑識大多利用封包在骨幹傳輸時以局端 OLT 作為監聽點,透過軟體監聽封包,但由於 GPON 骨幹網路擁有 2.5Gbps 之上下行對稱速率,如以傳統之鑑識架構在 GPON 環境下單一節點高速傳輸之流量會難以完全負荷,進而造成封包遺漏不完整。本論文提出兩層式負載分散之架構,以自行開發之系統元件:Snooping Agent、Analyzing Server、與Media Processing Server。透過系統建構於 GPON 環境上,先於用戶端 ONU 建構 Snooping Agent 監聽 SIP 網路電話控制通道並回傳至後端 Analyzing Server 分析找出資料傳輸通道所使用之傳輸埠號 (Port Number),再將監聽得到之 Port Number 給予 ONU Snooping Agent 元件,將目的地 IP address 與影音 Port Number 設定至過濾條件中過濾影音封包並回傳至多媒體處理伺服器,並將結果儲存於資料庫中並透過 Web 介面查詢。透過本論文兩層分散監聽負載之作法可將 GPON 網路龐大之流量於用戶端 ONU 先行過濾與分析,並且降低集中式分析器與資料儲存負載,以提升網路鑑識效能。
      With the mature development of video and audio streaming applications, the multimedia session streaming services have become one of the popular internet services. While using the session service, the session control channel is fixed and using a well-known port, but the data channel is using select a dynamical and unknown port. The data channel would be decided in the control messages. For SIP (Session Initiation Protocol) applications, the voice data channel would be aware from the SDP (Session Description Protocol) information of SIP messages. Therefore, it’s difficult to implement a digital forensics system for multimedia session streaming services. Because of the rapid development of network architecture, the speed and quality of networks is increasing continually, such as from traditional dial-up access networks to fiber optic networks. The malicious attack from internet becomes difficult to tracking and record the illegal network behavior. Many network security problems are spread. Thus, it has to be redrawn by using digital forensics system to diagnose and recover the security events. Digital forensics is also called computer forensics. The network situation and behavior of the security events would be replayed by using computer forensics technology. The network packets are captured in OLT (Optical Line Termination) by using a traditional network forensics for GPON (Gigabit-capable Passive Optical Networks). Due to the symmetrical network speed with 2.5Gbps, the forensics task could not be handled in the high-speed situation. Some packets could be lost and the forensics is incomplete. This thesis proposed a two-tier architecture of forensics system with distributed loading. The system components were developed: Snooping Agent, Analyzing Server, and Media Processing Server. The System is design for GPON environment. Snooping Agent on the ONU (Optical Network Unit) deals with the packet capturing of SIP control channel, and the captured SIP packets are sent to the back-end component (Analyzing Server). The port numbers of the data channels will be figured out by Analyzing Server. According the port numbers, the audio and video packets will be captured and delivered to Media Processing Server. All of the session information and users data is stored in database and presented with web interface for event search. This thesis presented the two-tier structure of forensics system with distributed loading can reduce the loading of the centralized analyzer and data storage. The most packets are filtered in each ONU, and only the captured packets would be analyzed or stored.
    顯示於類別:[資訊管理學系] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    101NHU05396044-001.pdf2141KbAdobe PDF493檢視/開啟
    index.html0KbHTML171檢視/開啟


    在NHUIR中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋