請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/27308
標題: | 考量服務品質與多重防禦手法最小化攻擊者成功機率之有效網路建置與防禦策略 Effective Network Planning and Defense Strategies to Minimize Attackers’ Success Probabilities with Various Defense Mechanisms under Quality of Service Constraints |
作者: | Chia-Yang Hsu 徐嘉陽 |
指導教授: | 林永松(Frank Yeong-Sung Lin) |
關鍵字: | 網路存活度,最佳化,數學規劃法,模擬,攻防情境,雲端運算,虛擬化,資源配置,不完整資訊,拉格蘭日鬆弛法, Network Survivability,Optimization,Mathematical Programming,Simulation,Network Attack and Defense,Cloud Computing,Virtualization,Resource Allocation,Imperfect Knowledge,Lagrangian Relaxation, |
出版年 : | 2011 |
學位: | 碩士 |
摘要: | 近年來由於電腦軟、硬體及有線、無線通訊技術的進步,加上基於虛擬化及雲端技術建構而成的基礎建設,各式各樣的網路應用服務正蓬勃發展。在各種服務迅速發展之際,政府、企業也順應此潮流將許多服務電子化,使網路應用服務更根深柢固地進入我們的日常生活中。然而人們對網路高度的依頼卻也造成攻擊者的覬覦,針對伺服器和網路設備層出不窮的攻擊使政府、企業遭受財務及名譽上極大的損失。為了提升網路服務的安全性與可用性,網路在惡意攻擊下的存活度便成為一個必須考量的議題。
本篇論文將網路攻防情境以數學模式描述,並搭配模擬與鬆弛法作為解題方法,同時考量網路營運者在資源佈署與防禦策略兩方面的重要議題。使用模擬的優點在於可以考量網路中眾多攻擊者類型與攻擊模式,進而衡量網路的平均存活狀態。網路營運者在佈署階段考量如何將有限防禦資源配置在網路節點上以達到嚇阻效果,防禦策略則透過攻防間動態調整網路拓樸,並應用虛擬化環境及雲端安全服務達到即時回應的防禦效果。本篇論文的結果最終將提供網路營運者採取不同防禦策略時的參考依據。 Recently, due to the improvements of computer software, hardware and both wired and wireless communication technologies, governments, enterprises and individuals can now use cheap and high performance equipment. Based on the popularity of all kinds of net-devices and the infrastructure based on virtualization and cloud computing techniques, more and more applications on the Internet have been developed. At this time of web era, governments and enterprises also follow the trend to transfer their services to the web, making web applications and services get into our life more deeply. However, the heavy reliance on the Internet has caught the eyes of malicious hackers and intruders. Intrusions targeted to the web and servers keep making governments and enterprises suffer from both financial and reputational losses. In order to increase the security and availability of web services, the survivability of attacked networks has become a great issue that must be considered. In this thesis, we apply mathematical model to describe the scenario of network attack and defense, consider important issues of network operators in both resource allocation and defense strategies, and use simulation and relaxation-based method to solve the problem. The advantage of applying simulation is that we can evaluate many kinds of attacker categories with various intrusion strategies, and then examine average survivability of the network. In resource allocation, the defender considers how to allocate his finite defense resources to nodes in order to achieve the effect of deterrence. In defense strategies, the defender uses various defense mechanisms such as dynamic topology reconfiguration, request for signature and cloud computing security services to defend and react in real-time. The relaxation-based method can help us obtain a better solution for the problem, and the experiment results provide network operators a guideline to adopt different defense strategies. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/27308 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-100-1.pdf 目前未授權公開取用 | 4.37 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。