考量惡意攻擊及傳染病攻擊下攻擊者成功機率最小化之有效網路規劃與防禦策略

Jia-ling Pan; 潘佳伶

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40687

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松
dc.contributor.author	Jia-ling Pan	en
dc.contributor.author	潘佳伶	zh_TW
dc.date.accessioned	2021-06-14T16:56:00Z	-
dc.date.available	2013-08-16
dc.date.copyright	2011-08-16
dc.date.issued	2011
dc.date.submitted	2011-08-12
dc.identifier.citation	[1] PricewaterhouseCoopers, “Findings from the 2011 Global State of Information Security SurveyR”, PricewaterhouseCoopers, 2010 [2] Symantec Corporation, “State of Enterprise Security 2010”, Symantec, February 2010. [3] IBM Internet Security Systems X-Force research and development team, “IBM X-ForceR 2010 Mid-Year Trend and Risk Report”, IBM, August 2010. [4] F. Cohen, “Managing network security: Attack and defence strategies”, Network Security, Volume 1999, Issue 7, Pages 7-11, July 1999. [5] R. Albert, H. Jeong and A.L. Barabasi, “Error and Attack Tolerance of Complex Networks,” Nature, Volume 406, Pages 378-382, July 2000. [6] J. McHugh, N.R. Mead, R.C. Linger, R.J. Ellison and T. Longstaff, “Survivable Network Analysis Method”, Technical Report CMU/SEI-2000-TR-013, September 2000. [7] M. Barbacci, “Survivability in the Age of Vulnerable Systems”, Computer, Volume 29, Number 11, Pages 8, November 1996. [8] H.F. Lipson, N.R. Mead, and R.C. Linger, “Requirements Definition for Survivable Network Systems”, Proceedings of the 3rd International Conference on Requirements Engineering, Pages 14-23, April 1998. [9] A.D. Malloy, A.P. Snow, and U. Varshney, “Reliability and Survivability of Wireless and Mobile Networks”, Computer, Volume 33, Issue 7, Pages 49-55, July 2000. [10] A.P. Moore and R.C. Linger, “Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models”, Technical Report CMU/SEI-2001-TR-029, October 2001. [11] A. Chiu, A. Elwalid, D. Awduche, I. Widjaja and X. Xiao, “Overview and Principles of Internet Traffic Engineering”, RFC3272, May 2002. [12] V.R. Westmark, “A Definition for Information System Survivability”, Proceedings of the 37th IEEE Hawaii International Conference on System Sciences, Pages 10, January 2004. [13] F.A. Al-Zahrani, “Survivability Performance Evaluation of Slotted Multi-fiber Optical Packet Switching Networks With and Without Wavelength Conversion”, 2nd Information and Communication Technologies, Volume 2, Pages 2242-2247, April 2006. [14] L. Guo, L.J. Zhang, W. Wang, W. Yang, and Y.T. Yang, “A Survivability Quantitative Analysis Model for Network System Based on Attack Graph”, International Conference on Machine Learning and Cybernetics 2007, Volume 6, Pages 3211-3216, August 2007. [15] A.W. Krings and Z. Ma, “Survival Analysis Approach to Reliability, Survivability and Prognostics and Health Management (PHM)”, IEEE Aerospace Conference 2008, Pages 1-20, March 2008. [16] Eugene H. Spafford, “The Internet Worm Program: An Analysis”, Purdue Technical Report CSD-TR-823, Pages 1-29, 1988. [17] C.C. Zou, W. Gong and D. Towsley, “Code Red Worm Propagation Modeling and Analysis”, 9th ACM Symposium on Computer and Communication Security, Pages 138-147, 2002. [18] Darrell M. Kienzle and Matthew C. Elder, “Recent Worms: A Survey and Trends”, Proceedings of the 2003 ACM workshop on Rapid malcode, October 2003. [19] S. Qing and W. Wen, “A survey and trends on Internet worms”, Computers & Security, Volume 24, Issue 4, Pages 334-346, June 2005. [20] D. Anselmi, J. Kuo, R. Boscovich et al., “Microsoft Security Intelligence Report”, Microsoft, Volume 9, 2010. [21] P. Li, M. Salour and X. Su, “A Survey of Internet Worm Detection and Containment”, IEEE Communications Surveys & Tutorials, Volume 10, Issue 1, Pages 20-35, 2008 [22] C. Wong, C. Wang, D. Song, S. Bielski and G.R. Ganger, “Dynamic Quarantine of Internet Worms”, Proceedings of the 2004 International Conference on Dependable Systems and Networks, 2004. [23] G. Zhang and M. Parashar, “Cooperative detection and protection against network attacks using decentralized information sharing”, Cluster Computing, Volume 13, Number 1, Pages 67-86, 2010. [24] R. Moskovitch, Y. Elovici and L. Rokach, “Detection of unknown computer worms based on behavioral classification of the host”, Computational Statistics & Data Analysis, Volume 52, Issue 9, Pages 4544-4566, May 2008. [25] Y. Xie, V. Sekar, D.A. Maltz, M.K. Reiter and H. Zhang, “Worm Origin Identification Using Random Moonwalks”, 2005 IEEE Symposium on Security and Privacy, May 2005. [26] Y. Xie, V. Sekar, M.K. Reiter and H. Zhang, “Forensic Analysis for Epidemic Attacks in Federated Networks”, Proceedings of the 2006 14th IEEE International Conference on Network Protocols, November 2006. [27] Y. Huang, D. Arsenault and A. Sood, “Closing Cluster Attack Windows Through Server Redundancy and Rotations”, Proceedings of the 6th IEEE International Symposium on Cluster Computing and the Grid, 2006. [28] Y. Huang, D. Arsenault and A. Sood, “Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security”, Journal of Networks, Volume 1, Number 5, Pages 21-30, October 2006. [29] S. Skaperdas, “Contest success functions”, Economic Theory, Volume 7, Number 2, Pages 283–290, 1996. [30] G. Levitin and K. Hausken, “False targets efficiency in defense strategy”, European Journal of Operational Research, Volume 194, Issue 1, Pages 155-162, April 2009. [31] S. Staniford, V. Paxsony and N. Weaver, “How to Own the Internet in Your Spare Time”, Proceedings of the 11th USENIX Security Symposium, 2002. [32] W. Yu, N. Zhang, X. Fu and W. Zhao, ”Self-Disciplinary Worms and Countermeasures: Modeling and Analysis”, IEEE Transactions on Parallel and Distributed Systems, 2010 [33] D. J. Leversage and E. J. Byres, ”Estimating a System's Mean Time-to-Compromise”, IEEE Security & Privacy, Volume 6, Number 1, Pages 52-60, January/February 2008. [34] J. Blitzstein and P. Diaconis, ”A Sequential Importance Sampling Algorithm for Generating Random Graphs with Prescribed Degrees”, Internet Mathematics, Volume 6, Issue 4, 2011. [35] S. Nagaraja and R. Anderson, ”Dynamic Topologies for Robust Scale-Free Networks”, Lecture Notes in Computer Science, Volume 5151, Pages 411-426, 2008.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/40687	-
dc.description.abstract	由於網際網路的連結性與擴展性，使得企業組織更加依賴透過網際網路提供服務或進行電子商務等活動。而攻擊者也透過了不斷發掘的電腦弱點及日益進步的攻擊手法與策略，更有智慧的對企業組織進行攻擊以達到服務阻斷或竊取機密資訊的目標。其中，有許多攻擊者應用傳染病型態之攻擊能夠迅速感染網路大量節點的特性，並透過所獲得的網路拓樸資訊以規劃出更縝密的謀略。為了應付此種特殊攻擊，防禦者可在其保護的網路上部署偵測節點達到協同偵測未知傳染病攻擊並產生對應的特徵碼，除此之外，也可在攻擊者進行攻擊時啟動多種即時性防禦機制以抑制傳染病攻擊的擴散。在本論文中我們將其攻防情境轉化為一個數學規劃問題，以描述攻擊者成功的機率。首先以蒙地卡羅法模擬出各式各樣的攻擊者與對應的攻擊策略，並應用數學規劃中鬆弛的解題概念，將防禦資源相關的限制式予以鬆弛，所產生的乘數將搭配模擬過程中所紀錄的資訊作為資源重分配的依據，以期獲得讓攻擊者成功率最小化之防禦資源配置。本論文結合了數學規劃法的精確性以及蒙地卡羅法可以處理變異性及不完美資訊的優點進而優化防禦者面對攻擊時採行的策略及資源的配置方式。	zh_TW
dc.description.abstract	Due to the Internet’s scalability and connectivity, enterprises and organizations increasingly rely upon the Internet to provide services and to engage in electronic commerce. On the other hand, attackers intelligently attack enterprises and organizations though continuous vulnerability exploitation and advanced attack strategies to achieve the goals of service interruption and/or theft of confidential information. Recently, many attackers apply the characteristics of fast propagation and infection of epidemic attacks to plan more deliberate strategies by using obtained network topology information. In order to deal with those special attacks, defenders may deploy detection nodes to achieve cooperatively detect unknown epidemic attacks and to generate/distribute signatures. In addition, defenders can activate several defense mechanisms to restrain propagation of epidemic attacks. In this thesis, we model the attack-defense scenario as a mathematical programming problem where the attackers’ success probability is minimized. We first apply the Monte Carlo method to simulate a variety of attackers and corresponding strategies, and then apply the concept of relaxation-based method in mathematical programming. Through relaxing the budget related constraints and further generating corresponding multipliers, we can use them as directions of resource reallocation. In the above process, alternatively or alternatingly, we may also collect essential information accumulated during the course of simulations combined with the aforementioned multipliers as a more efficient method to enhancement the evaluation, which are then adopted to form a feasible direction in search for effective solutions. In summary, in our research we take advantages of mathematical programming, which is precise, combine it with the Monte Carlo method, which is capable of handling complicated attackers’ strategies and behaviors under the condition of incomplete information, and adjust the defense strategies and resource allocation policies against malicious and epidemic attacks.	en
dc.description.provenance	Made available in DSpace on 2021-06-14T16:56:00Z (GMT). No. of bitstreams: 1 ntu-100-R98725041-1.pdf: 2924548 bytes, checksum: be09b4c4edcd8a1c4bccc4a414dabb8b (MD5) Previous issue date: 2011	en
dc.description.tableofcontents	謝誌 I 論文摘要 II THESIS ABSTRACT III CONTENTS V LIST OF TABLES VII LIST OF FIGURES VIII Chapter 1. Introduction 1 1.1. Background 1 1.2. Motivation 7 1.3. Literature Survey 9 1.3.1. Survivability 9 1.3.2. Epidemic attacks 12 1.4. Thesis Organization 30 Chapter 2. Problem Formulation 32 2.1. Problem Description 32 2.1.1. Defender perspective 32 2.1.2. Attacker perspective 36 2.1.3. Possible scenario 43 2.2. Problem Formulation 55 Chapter 3. Solution Approach 65 3.1. Mathematical Programming 65 3.2. Monte Carlo Simulation 66 3.3. The Combination of Mathematical Programming and Monte Carlo Simulation 67 3.3.1. Evaluation process 68 3.3.2. Policy enhancement 72 3.4. Initial Configuration 80 Chapter 4. Computational Experiments 81 4.1 Experiment Environment 81 4.2 Experiment Results 86 Chapter 5. Conclusion and Future Work 95 REFERENCES 97
dc.language.iso	en
dc.subject	不完美資訊	zh_TW
dc.subject	網路攻防	zh_TW
dc.subject	網路存活度最佳化	zh_TW
dc.subject	資源配置	zh_TW
dc.subject	數學規劃	zh_TW
dc.subject	蒙地卡羅法	zh_TW
dc.subject	拉格蘭日鬆弛法	zh_TW
dc.subject	傳染病攻擊	zh_TW
dc.subject	蠕蟲	zh_TW
dc.subject	Resource Allocation	en
dc.subject	Optimization	en
dc.subject	Mathematical Programming	en
dc.subject	Incomplete Information	en
dc.subject	Worm	en
dc.subject	Epidemic Attacks	en
dc.subject	Lagrangian Relaxation	en
dc.subject	Monte Carlo Method	en
dc.subject	Network Attack and Defense	en
dc.subject	Network Survivability	en
dc.title	考量惡意攻擊及傳染病攻擊下攻擊者成功機率最小化之有效網路規劃與防禦策略	zh_TW
dc.title	Effective Network Planning and Defending Strategies to Minimize Attackers’ Success Probabilities under Malicious and Epidemic Attacks	en
dc.type	Thesis
dc.date.schoolyear	99-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	林盈達,呂俊德,趙啟超,莊東穎
dc.subject.keyword	網路攻防,網路存活度最佳化,資源配置,數學規劃,蒙地卡羅法,拉格蘭日鬆弛法,傳染病攻擊,蠕蟲,不完美資訊,	zh_TW
dc.subject.keyword	Network Attack and Defense,Network Survivability,Optimization,Resource Allocation,Mathematical Programming,Monte Carlo Method,Lagrangian Relaxation,Epidemic Attacks,Worm,Incomplete Information,	en
dc.relation.page	102
dc.rights.note	有償授權
dc.date.accepted	2011-08-12
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-100-1.pdf 未授權公開取用	2.86 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。