達成網路存活性最大化之近似最佳化網路防禦資源配置策略

Ya-Fang Wen; 溫 雅 芳

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/29326

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松
dc.contributor.author	Ya-Fang Wen	en
dc.contributor.author	溫雅芳	zh_TW
dc.date.accessioned	2021-06-13T01:04:37Z	-
dc.date.available	2008-07-27
dc.date.copyright	2007-07-27
dc.date.issued	2007
dc.date.submitted	2007-07-22
dc.identifier.citation	[1] J.C. Knight and K.J. Sullivan, “On the Definition of Survivability,” Technical Report CS-TR-33-00, Department of Computer Science, University of Virginia, December 2000. [2] J.C. Knight, E.A. Strunk, and K.J. Sullivan, “Towards a Rigorous Definition of Information System Survivability,” Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX 2003), Vol. 1, pp.78-89, April 2003. [3] J.C. Knight, K. Sullivan, M.C. Elder, and C. Wang, “Survivability Architectures: Issues and Approaches,” Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 157-171, January 2000. [4] S.C. Liew, and K.W. Lu, “A Framework for Network Survivability Characterization,” IEEE Journal on Selected Areas in Communications, Vol. 12, No. 1, pp. 52-58, January 1994 (ICC, 1992). [5] V.R. Westmark, “A Definition for Information System Survivability,” IEEE Proceedings of the 37th Hawaii International Conference on System Sciences, Vol. 9, pp. 90303.1, 2004. [6] C. Taylor, P. Oman, and A. Krings, “Assessing Power Substation Network Security and Survivability: A Work in Progress Report,” Proceedings of the International Conference on Security and Management (SAM’03), Las Vegas, 2003. [7] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, Software Engineering Institute, Carnegie Mellon University, November 1997 (Revised: May 1999). [8] H.F. Lipson, and D.A. Fisher, “Survivability—A New Technical and Business Perspective on Security,” New Security Paradigms Workshop, Proceedings of the 1999 workshop on New security paradigms, ACM, September 1999. [9] Y.S. Lin, P.H. Tsang, C.H. Chen, C.L. Tseng, Y.L. Lin, “Evaluation of Network Robustness for Given Resource Allocation Strategies”, Proceedings of the First International Conference on Availability, Reliability and Security, IEEE, 2006. [10] R.K. Ahuja, T.L. Magnanti, and J.B. Orlin, “Network Flows: Theory, Algorithms, and Applications: Chapter 16 Lagrangian Relaxation and Network Optimization,” Prentice-Hall, pp. 598-639, 1993. [11] M.L. Fisher, “The Lagrangean Relaxation Method for Solving Integer Programming Problems,” Management Science, Vol. 27, No. 1, pp. 1-18, January 1981. [12] M.L. Fisher, “An Application Oriented Guide to Lagrangean Relaxation,” Interfaces, Vol. 15, No. 2, pp. 10-21, March-April 1985. [13] S. Redner, “How Popular Is Your Paper? An Empirical Study of the Citation Distribution,” European Physical Journal B - Condensed Matter and Complex Systems, pp. 131-134, 1998. [14] M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On Power-Law Relationships of the Internet Topology,” ACM SIGCOMM Computer Communications Review, Vol. 29, Number 4, pp. 251-263, September 1999. [15] G. Siganos, M. Faloutsos, P. Faloutsos, and C. Faloutsos, “Power-Laws and the AS-level Internet Topology,” IEEE/ACM Transactions on Networking, Vol. 11, Issue 4, pp. 514-524, 2003. [16] P. Erdos, and A. Renyi, “On the Evolution of Random Graphs,” Publ. Math. Inst. Hung. Acad. Sci., Vol. 5, pp. 17-60, 1960. [17] D.J. Watts, and S.H. Strogatz, “Collective Dynamics of ‘Small-World’ Networks,” Nature, Vol. 393, pp. 440-442, 1998. [18] R. Albert, H. Jeong, and A.L. Barabasi, “Diameter of the World-Wide Web,” Nature, Vol. 401, pp. 130-131, 1999. [19] A.L. Barabasi, and R. Albert, “Emergence of Scaling in Random Networks,” Science, Vol. 286, pp. 509-512, October 1999. [20] R. Albert, H. Jeong, and A.L. Barabasi, “Error and Attack Tolerance of Complex Networks”, Nature, Vol. 406, pp. 378-382, July 2000. [21] Z. Zeitlin, “Integer Allocation Problems of Min-Max Type with Quasiconvex Separable Functions,” Delft University of Technology, Netherlands, 1981. [22] M.S. Deutsch, and R.R. Willis, “Software Quality Engineering: A Total Technical and Management Approach”, Englewood Cliffs, NJ: Prentice-Hall, 1988. [23] A. Avizienis, J.C. Laprie, B. Randell, and C. Landwehr, “Basic Concepts and Taxonomy of Dependable and Secure Computing”, IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 1, January-March 2004.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/29326	-
dc.description.abstract	由於電腦硬體成本逐漸下降、軟體性能逐漸上昇，大部份的關鍵性網路都已電腦化控制。這些與日常生活息息相關的網路系統，一旦其毀損，除了對我們的生活造成極大的不方便，更是在生命與財產方面，引起不小的損失。所以，有效地評估與衡量關鍵性網路系統的存活性，是現今資訊安全領域中亟需重視的議題。有鑑於此，我們提出一個全新且簡單的網路存活性指標—網路分隔度(Degree Of Separation, DOS)。這是一種網路傷害指標，用來衡量網路遭受毀損的平均程度。DOS值愈大，代表其網路毀損愈嚴重，即表示必須付出更大的代價去修復整個網路。倘若其損害程度大於某一門檻值，則我們宣稱該網路已全然毀損。因此，我們模擬一個網路攻防情境以建立一個最佳化資源配置目標之數學線性規劃模型，並加入DOS指標的概念來評估其存活性。在求解的過程之中，利用“拉格蘭日鬆弛法”與“梯度法”來幫助我們逐漸找到最佳解。最後，經由實驗證明，不僅我們所提出的三階段選擇 (3-Stage Selection, 3SS) 攻擊演算法能夠有效評估攻擊成本，而且針對不同的網路拓樸所提出的網路資源配置策略效果顯著。	zh_TW
dc.description.abstract	Due to the decreasing cost of computer hardware and the increasing capacity of computer software, most critical networks are being progressively computerized. If one of these systems were to fail, it would not only cause extreme inconvenience in our daily lives, but could even have catastrophic or fatal consequences. Thus, how to assess and evaluate the survivability of a system effectively is a crucial issue in the field of information security. In this thesis, we propose a simple and novel metric of network survivability, called Degree of Separation (DOS). DOS is a survivability metric used to measure the average damage level of a system; naturally, the larger the DOS value, the more serious the network damage will be. If the DOS value is larger than a pre-established threshold, we say that the network has been compromised. We express the scenario of network attack-defense as a mathematical linear programming model to near-optimize the resource allocation policies. In the process of problem solving, we adopt the concept of DOS to assess the network survivability and use the Lagrangean Relaxation method and the subgradient method to approach the optimal solution. Finally, based on the experiment results, not only can the 3-stage selection (3SS) attack algorithm we proposed evaluate the attack cost effectively, but are the results of different defense budget allocation policies to different network topologies quite significant.	en
dc.description.provenance	Made available in DSpace on 2021-06-13T01:04:37Z (GMT). No. of bitstreams: 1 ntu-96-R94725048-1.pdf: 1191894 bytes, checksum: 4d18a1b56e74fbc4f8c2fa0f14839355 (MD5) Previous issue date: 2007	en
dc.description.tableofcontents	口試委員會審定書 I 誌謝 II 論文摘要 III THESIS ABSTRACT IV Table of Contents VI List of Figures VIII List of Tables IX Chapter 1 INTRODUCTION 1 1.1 Background 1 1.2 Motivation 4 1.3 Literature Survey 6 1.3.1 Network Survivability 6 1.3.2 Scale-free Networks 10 1.4 Thesis Organization 14 Chapter 2 DEGREE OF SEPARATION 15 2.1 Introduction 15 2.2 Illustration 16 2.3 Lemma 21 Chapter 3 PROBLEM FORMULATION 23 3.1 Model 1 23 3.1.1 Problem Description and Assumptions 23 3.1.2 Mathematical Model 25 3.1.3 Problem Reformulation 29 3.2 Model 2 31 3.2.1 Problem Description and Assumptions 31 3.2.2 Mathematical Model 33 3.2.3 Problem Reformulation 37 Chapter 4 SOLUTION APPROACH 40 4.1 Lagrangean Relaxation Method 40 4.2 Solution Approach for Model 1 45 4.2.1 Lagrangean Relaxation 45 4.2.1.1 Subproblem 1 (related to decision variable xp) 47 4.2.1.2 Subproblem 2 (related to decision variable yi) 48 4.2.1.3 Subproblem 3 (related to decision variable twi, ci) 49 4.2.2 The Dual Problem and the Subgradient Method 50 4.2.3 Getting Primal Feasible Solutions 52 Chapter 5 COMPUTATIONAL EXPERIMENTS 58 5.1 Simple Algorithm 58 5.1.1 Degree-based Attack Algorithm (DAA) 59 5.1.2 Popularity-based Attack Algorithm (PAA) 61 5.2 Experiment Environment 63 5.3 Experiment Results and Discussion 66 5.3.1 Experiment Results of Model 1 67 5.3.2 Discussion of Experiment Results for Model 1 75 5.3.3 Experiment Results of Model 2 77 5.3.4 Discussion of Experiment Results for Model 2 80 Chapter 6 SUMMARY AND FUTURE WORK 81 6.1 Summary 81 6.2 Future Work 84 REFERENCES 87
dc.language.iso	en
dc.subject	網路存活性	zh_TW
dc.subject	無尺度網路	zh_TW
dc.subject	網路分隔度	zh_TW
dc.subject	拉格蘭日鬆弛法	zh_TW
dc.subject	最佳化	zh_TW
dc.subject	資源配置	zh_TW
dc.subject	Scale-free Network	en
dc.subject	Degree of Separation	en
dc.subject	Lagrangean Relaxation	en
dc.subject	Network Survivability	en
dc.subject	Optimization	en
dc.subject	Resource Allocation	en
dc.title	達成網路存活性最大化之近似最佳化網路防禦資源配置策略	zh_TW
dc.title	Near Optimal Network Defense Resource Allocation Policies for Maximization of Network Survivability	en
dc.type	Thesis
dc.date.schoolyear	95-2
dc.description.degree	碩士
dc.contributor.coadvisor	顏宏旭
dc.contributor.oralexamcommittee	孫雅麗,呂俊賢,祝國忠
dc.subject.keyword	網路分隔度,拉格蘭日鬆弛法,網路存活性,最佳化,資源配置,無尺度網路,	zh_TW
dc.subject.keyword	Degree of Separation,Lagrangean Relaxation,Network Survivability,Optimization,Resource Allocation,Scale-free Network,	en
dc.relation.page	89
dc.rights.note	有償授權
dc.date.accepted	2007-07-24
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-96-1.pdf 未授權公開取用	1.16 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。