機器學習對金融業資訊安全的影響： 以公股銀行為例

Abstract

資訊安全對企業而言是一項永遠無法停下腳步的競賽，尤其在駭客攻擊技巧不斷演進、推陳出新的情形下，唯有超越駭客進步的步伐才有機會在這場永無止境的競賽中取得領先。 對於企業而言，尤其是金融產業，對於資訊安全高度重視，因為資訊安全不僅為了保護企業鉅額的金融資產與大量客戶個資，更是賭上企業名譽與民眾對於金融安全的信心。有鑑於此，已經有眾多的相關研究在金融業的資訊安全管理制度導入、建置強化銀行基礎架構的資訊安全專案、分析金融業的資訊安全成熟度等等。 本論文研究以創新科技中的「機器學習」技術為核心，並且以金融業中的公股銀行為例，透過使用者與實體裝置行為分析(UEBA)在數間公股銀行的實際工作環境中進行觀察與學習員工、電腦與伺服器間的日常活動，經由一定時間的觀察發掘出可能潛在的異常行為或攻擊活動，而這些是目前銀行資訊安全基礎架構中所無法偵測出的問題，對銀行而言將是一個重大的資訊安全挑戰並亟待解決。 藉由分析學習找出的可疑行為與銀行現有的資訊安全基礎架構，找出公股銀行仍可以持續改進之處以及未來資訊安全方案與管理策略之建議，同時，本研究希望也可以幫助到其他金融產業如民營銀行、保險、證券等等以及需要透過機器學習機制強化整體資訊安全架構的其他非金融產業做為參考。

Cybersecurity is an endless war for enterprises. The attacking skills of hackers are continuously evolving, so the only way to win this war is to keep surpassing hackers. For enterprises, particularly in the financial industry, cybersecurity is always the top priority. They need to protect not only the huge amount of financial assets and personal data, but also the company reputation and customer’s trust. Therefore, there have been numerous researches on the implementation of information security management system in the financial industry, on building security projects to enhance the infrastructure for banking, and on analyzing the maturity of security in financial industry, etc. This research focuses on “Machine Learning (ML)” of security and applying it to the production environment of state-owned banks. By leveraging User and Entity Behavior Analysis (UEBA) technology, ML can observe and learn the communications among employees, desktops and servers, and then identify abnormal activities or attacks that are difficult to detect for most of the state-owned and private banks. In addition, by analyzing the suspicious behaviors and the existing security infrastructure of banks, we can find out the ways in which state-owned banks can continue to make improvements and propose strategic suggestions for cybersecurity management. Finally, this research can also be the reference for other financial sectors such as private banks, insurance, securities, as well as non-financial industries such as high-tech companies that need to enhance cybersecurity management by leveraging machine learning.