應用雲端環境下資源重分配之特性以最小化服務被攻克率

Yen-Fen Kao; 高燕芬

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/52227

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松
dc.contributor.author	Yen-Fen Kao	en
dc.contributor.author	高燕芬	zh_TW
dc.date.accessioned	2021-06-15T16:09:53Z	-
dc.date.available	2020-08-19
dc.date.copyright	2015-08-19
dc.date.issued	2015
dc.date.submitted	2015-08-18
dc.identifier.citation	[1] Symantec (2015). Internet Security Threat Report, 2015 Trends, Volume 20. California. [2] IBM Internet Security Systems X-Force research and development team (2015, September). IBM X-Force Threat Intelligence Quarterly,1Q 2015. New York. [3] Cisco (2014). Cisco 2014 Annual Security Report. San Jose. [4] Yu, S., Doss, R., Zhou, W., and Guo, S. (2013, June). A general cloud firewall framework with dynamic resource allocation. In Communications (ICC), 2013 IEEE International Conference on, pp. 1941-1945. [5] Xing, T., Huang, D., Xu, L., Chung, C. J., and Khatkar, P. (2013, March). SnortFlow: A OpenFlow-Based Intrusion Prevention System in Cloud Environment. In Research and Educational Experiment Workshop (GREE), 2013 Second GENI (pp. 89-92). [6] Yang, L., Zhang, T., Song, J., Wang, J. S., and Chen, P. (2012, May). Defense of DDoS attack for cloud computing. In Computer Science and Automation Engineering (CSAE), 2012 IEEE International Conference on (Vol. 2, pp. 626-629). [7] Kumar, N., and Sharma, S. (2013, July). Study of intrusion detection system for DDoS attacks in cloud computing. In Wireless and Optical Communications Networks (WOCN), 2013 Tenth International Conference on (pp. 1-5). [8] Moitra, S. D., and Konda, S. L. (2000). A simulation model for managing survivability of networked information systems (No. CMU/SEI-2000-TR-021). CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST. [9] Shi, J., and Fonseka, J. P. (1995, November). Traffic-based survivability analysis of telecommunications networks. In Global Telecommunications Conference, 1995. GLOBECOM'95., IEEE (Vol. 2, pp. 936-940). [10] Wilson, M. R. (1998). The quantitative impact of survivable network architectures on service availability. Communications Magazine, IEEE, 36(5), 122-126. [11] J.E. Eegleston, J.K. Mackie-Mason, M.P. Wellman, S. Jamin, T.P. Kelly, and W.E. Walsh. (2000, January). Survivability through Market Based Adaptivity: the MARX Project. In Proceedings of DARPA Information Survivability Conference and Exposition 2000. Volume 2, pp. 145-156. [12] Westmark, V. R. (2004, January). A definition for information system survivability. In System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on (pp. 10-pp). [13] A. Snow, G. Weckman, and P. Rastogi. (2005, October). Assessing Dependability of Wireless Networks Using Neural Networks. In IEEE Military Communications Conference, 2005. Volume 5, pp. 2809-2815. [14] Al-Zahrani, F. A. (2006, April). Survivability performance evaluation of slotted multi-fiber optical packet switching networks with and without wavelength conversion. In Information and Communication Technologies, 2006. ICTTA'06. 2nd (Vol. 2, pp. 2242-2247). [15] Zhang, L. J., Wang, W., Guo, L., Yang, W., and Yang, Y. T. (2007, August). A survivability quantitative analysis model for network system based on attack graph. In Machine Learning and Cybernetics, 2007 International Conference on (Vol. 6, pp. 3211-3216). [16] Qian, Y., Lu, K., and Tipper, D. (2007). A design for secure and survivable wireless sensor networks. Wireless Communications, IEEE, 14(5), 30-37. [17] Ma, Z. (2008, March). Survival analysis approach to reliability, survivability and prognostics and health management (phm). In Aerospace Conference, 2008 IEEE (pp. 1-20). [18] Yallouz, J., and Orda, A. (2013, April). Tunable QoS-aware network survivability. In INFOCOM, 2013 Proceedings IEEE (pp. 944-952). [19] Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., and Lee, I. (2009). Above the clouds: A Berkeley view of cloud computing. Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS, 28, 13. [20] Fan, G., Yu, H., Chen, L., and Liu, D. (2013, June). A Game Theoretic Method to Model and Evaluate Attack-Defense Strategy in Cloud Computing. In Services Computing (SCC), 2013 IEEE International Conference on (pp. 659-666). [21] Wang, Q., and Jin, H. (2011, June). Data leakage mitigation for discretionary access control in collaboration clouds. In Proceedings of the 16th ACM symposium on Access control models and technologies (pp. 103-112). [22] Grobauer, B., Walloschek, T., and Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security & Privacy, IEEE, 9(2), 50-57. [23] Subashini, S., and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11. [24] Hwang, F. K., Richards, D. S., and Winter, P. (1992). The Steiner tree problem. Elsevier. [25] Skaperdas, S. (1996). Contest success functions. Economic Theory, 7(2), 283-290. [26] Peng, R., Levitin, G., Xie, M., and Ng, S. H. (2010). Optimal defence of single object with imperfect false targets. Journal of the Operational Research Society,62(1), 134-141. [27] Hausken, K., and Levitin, G. (2008). Efficiency of even separation of parallel elements with variable contest intensity. Risk Analysis, 28(5), 1477-1486. [28] Cobb, C. W., and Douglas, P. H. (1928). A theory of production. The American Economic Review, 18(1), 139-165.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/52227	-
dc.description.abstract	在過去的幾年裡，我們已經看到了IT投資的大幅增長，於是出現雲端計算這個新的名詞。目前已經有許多的企業與組織採用雲端運算。然而，仍然有一些技術障礙，可能會阻止雲端計算成為一個真正的無處不在的服務。尤其是對於顧客在基礎設施的安全性上有嚴格或複雜的要求。對一些著名的企業的新的網路攻擊以及雲端上網路攻擊會更多的預測，都使得雲端運算面臨了可能會減緩其發展的威脅。網絡攻擊的數量現在已經非常多，也具有很大的複雜性，許多組織都遇到了要確定哪些新的威脅和漏洞帶來的風險最大的問題，以及資源應如何分配，以確保要首先處理最可能的破壞性攻擊。但另一方面，防禦機制的發展也相當多元，所以有相當多的防禦措施可供防禦者選擇以保護服務不受外在威脅。資源重新分配是用於分配大規模任務的可用資源的方法。該方法考慮了在虛擬化的環境中的網絡狀態。我們可以運用雲端資源可重新分配的這個特形，也就是當service預測到高危險，會將VM關掉，並將該VM的資源加到其他VM，以加強防禦能力。因此我們希望能夠提供一個方法，讓雲端服務的提供商能夠有效的佈建資安防禦措施來增加網路的存活度，加以抵抗外在環境的威脅。在本研究中，將會著重在資源重新分配的防禦機制去抵抗攻擊。研究問題會使用Monte Carlo simulation 來模擬結果。最後找出防禦者最好的防禦策略配置方式。	zh_TW
dc.description.abstract	In the last few years, we have seen a dramatic growth in IT investments, and a new term has come on the surface which is cloud computing. Cloud Computing has been highly adopted by many enterprises and organizations. However, there are still a number of technical barriers that may prevent cloud computing from becoming a truly ubiquitous service. Especially where the customer has strict or complex requirements over the security of an infrastructure. The latest cyber-attacks on high profile firms (Amazon, Google and Sony’s PlayStation) and the predictions of more cyberattacks on cloud infrastructure are threatening to slow the take-off of cloud computing. The numbers of cyber-attacks are now extremely large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt first. In contrast, the network defense mechanism is diverse development, so there have more defense alternative for defender to protect the network from external threats. The resource reallocation is the method to allocate the large-scale task to the available resource. The method considers a network state on the virtualization environments. When the service predicted high risk level, a VM will be switch off and withdraw the VM resources to strengthen defense capabilities. Hence, we help the service provider to allocate their defense resource, in order to find the most efficient way against external attacks. In this thesis, we focus on resource reallocation to increasing the network survivability. And we use Monte Carlo to simulate the model of the network attack-defense scenario. Finally, the ultimate goal is to figure out the optimal defense strategy.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T16:09:53Z (GMT). No. of bitstreams: 1 ntu-104-R02725016-1.pdf: 2576588 bytes, checksum: 85833dc694aed941e59d3468737b9c5e (MD5) Previous issue date: 2015	en
dc.description.tableofcontents	致謝 i Thesis Abstract ii 論文摘要 iv List of Figures viii List of Tables ix Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 6 1.3 Literature Survey 9 1.3.1 Survivability 9 1.3.2 Information Warfare in Cloud 11 1.4 Thesis Organization 13 Chapter 2 Problem Formulation 14 2.1 Problem Description 14 2.1.1 Attacker Perspective 14 2.1.2 Attacker Optimization 18 2.1.3 Defender Perspective 22 2.2 Attack-Defense Scenarios 29 2.2.1 Contest Success Function 29 2.2.2 The Sight of the Network 30 2.3 Mathematical Formulation 36 Chapter 3 Solution Approach 41 3.1 Mathematical Programming 41 3.2 Monte Carlo Simulation 42 3.3 Problem Evaluation Process 44 3.4 Policy Enhancement 47 3.4.1 Defender Enhancement 47 Chapter 4 Computational Experiment 52 4.1 Experiment environment 52 4.2 Simulation Result 54 4.2.1 Convergence Evaluation Times 54 4.2.2 Topology robustness 55 4.2.3 Attack strategy analysis 56 4.2.4 Defense strategy analysis 57 4.2.5 Enhancement results 60 Chapter 5 Conclusion and Future Work 63 Reference 65
dc.language.iso	zh-TW
dc.title	應用雲端環境下資源重分配之特性以最小化服務被攻克率	zh_TW
dc.title	Minimization of Service Compromise Probability Using Resource Reallocation Strategies in a Cloud Computing Environment	en
dc.type	Thesis
dc.date.schoolyear	103-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	孔令傑,鍾順平,呂俊賢,莊東穎
dc.subject.keyword	資源重新分配,數學規劃法,網路存活度,雲端運算,蒙地卡羅法,最佳化,	zh_TW
dc.subject.keyword	Resource Reallocation,Mathematical Programming,Network Survivability,Cloud Computing,Monte Carlo Simulation,Optimization,	en
dc.relation.page	69
dc.rights.note	有償授權
dc.date.accepted	2015-08-19
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-104-1.pdf 目前未授權公開取用	2.52 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。