請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/89984
標題: | 利用惡意攻擊樣板比對評量資安威脅情資報告品質 Measuring the Quality of Cyber Threat Intelligence Documents through Malware Attack Pattern Matching |
作者: | 呂晟維 Cheng-Wei Lu |
指導教授: | 孫雅麗 Yea-Li Sun |
關鍵字: | 惡意程式動態分析,威脅情資報評量,報告解析,Syscall Synonym Base, Dynamically Analysis,Malware CTI Document Quality Evaluation,Report Extraction,Syscall Synonym Base, |
出版年 : | 2023 |
學位: | 碩士 |
摘要: | 惡意程式的資安威脅情報(CTI)記錄入侵指標(IoCs)和惡意活動,對於偵測和應對網路威脅的環節扮演了至關重要的角色。然而,目前現有研究很少涉及文本報告的評估,我們需要解決評估層面、自動化和基本事實等方面的議題。在這篇論文中,我們引入了基於系統物件和行為層次的 CTI 文件質量評估概念,並使用評估指標和視覺的攻擊圖譜來進行評估。我們的評估系統是客觀、自動化和有效率的,並通過案例研究來展示其流程、功能和效能。此外,我們還提供了一個嶄新的、整理有序的資安威脅情報文件數據集,以及一個 Syscall SynonymBase,用於彌合 Linux 系統呼叫和自然語言之間的語意隔閡。 Malware Cyber Threat Intelligence (CTI) reports – which record the Indicators of Compromise (IoCs) and malicious activities – playing a crucial role in detecting and responding to cyber threats. Text report evaluation is an area that is not often covered by existing research and we need to overcome evaluation aspect issue, automation issue and ground truth issue. In this paper, we introduce concepts of measuring the quality of individual CTI document based on system object and behavior levels with quality metrics and visual representations. Our evaluation system is objective, automated, and distinguished, and we demonstrate its pipeline, functionality, and effectiveness through case studies. We also contribute a new, well-sorted malware CTI documents dataset and a Syscall SynonymBase that bridge the semantic gap between Linux system call and natural language. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/89984 |
DOI: | 10.6342/NTU202302378 |
全文授權: | 同意授權(全球公開) |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-111-2.pdf | 4.43 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。