考量智慧攻擊與天然災害下透過機密共享與防禦資源分配以最大化網路存活度之研究

Yu-Hsuan Chou; 周聿軒

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/58569

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松(Yeong-Sung Lin)
dc.contributor.author	Yu-Hsuan Chou	en
dc.contributor.author	周聿軒	zh_TW
dc.date.accessioned	2021-06-16T08:20:18Z	-
dc.date.available	2014-03-08
dc.date.copyright	2014-03-08
dc.date.issued	2014
dc.date.submitted	2014-02-05
dc.identifier.citation	[1] Symantec, Inc., “State of Security Survey”, 2011 [2] IBM Internet Security Systems X-Force research and development team, “IBM X-ForceR2012 Mid-Year Trend and Risk Report”, IBM, September 2012 [3] R. Richardson, “2010 CSI Computer Crime and Security Survey,” Computer Security Institute, December 2010 [4] UNESCAP, UNISDR “The Asia-Pacific Disaster Report 2010”,The UN Office for Disaster Risk Reduction (UNISDR) and the UN Economic and Social Commission for Asia and the Pacific (ESCAP), October 2010 [5] UNESCAP, UNISDR “The Asia-Pacific Disaster Report 2012”,The UN Office for Disaster Risk Reduction (UNISDR) and the UN Economic and Social Commission for Asia and the Pacific (ESCAP), October 2012 [6] Ramirez-Marquez, J.E. and Rocco, C. (2012), “Vulnerability Based Robust Protection Strategy. Selection in Service Networks”, Computers & Industrial Engineering, Volume 63, Issue 1, August 2012, Pages 235–242 [7] Li Wang, Shangping Ren, Ke Yue, and Kevin Kwiat, 'Optimal Resource Allocation for Protecting System Availability against Random Cyber Attacks', Proceedings of IEEE Conference on Computer Research and Development, 2011 [8] Edward Korczak, Gregory Levitin, “Survivability of systems under multiple factor impact”, Reliability Engineering and System Safety, vol.92, pp.269-274, 2007 [9] Rui Peng, Gregory Levitin, Min Xie and Szu Hui Ng, “Optimal Replacement and Protection Strategy for Parallel Systems”, Recent Advances in System Reliability, pp.135-144, 2012 [10] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, November 1997 (Revised: May 1999). [11] H.C. Cankaya and V.S.S. Nair, “Accelerated Reliability Analysis for Self-Healing SONET Networks”, ACM SIGCOMM Computer Communication Review, Volume 28, Issue 4, pp. 268-277, October 1998. [12] K.J. Sullivan, P. Shaw, and S. Geist, “Mediators in Infrastructure Survivability Enhancement,” ACM Proceedings of the 3rdIinternational Workshop on Software Architecture, pp. 141-144, November 1998. [13] J.C. Knight, K. Sullivan, S. Geist, and X. Du, “Information Survivability Control Systems,” ACM Proceedings of the 21st International Conference on Software Engineering, pp. 184-192, May 1999. [14] D. Tipper, S. Ramaswamy, and T. Dahlberg, “PCS Network Survivability,” IEEE Wireless Communications and Networking Conference 1999 (WCNC‘99), Volume 2, pp. 1028-1032, September 1999. [15] C. Wang, J.C. Knight, K.J. Sullivan, and M.C. Elder, “Survivability Architectures: Issues and Approaches”, Proceedings of DARPA Information Survivability Conference and Exposition 2000 (DISCEX’00), Volume 2, pp. 157-171, January 2000. [16] C. Charnsripinyo, D. Tipper, H. Shin, and T. Dahlberg, “Providing Fault Tolerance in Wireless Access Networks,” IEEE Communications Magazine, Volume 40, Issue 1, pp. 58-64, January 2002. [17] B.R. Haverkort and L. Cloth, “Model Checking for Survivability!,”2nd International Conference on the Quantitative Evaluation of Systems, pp. 145-154, September 2005. [18] D. Botvich, N. Agoulmine, S. Balasubramaniam, and W. Donnelly, “A Multi-layered Approach Towards Achieving Survivability in Autonomic Network,” IEEE International Conference on Telecommunications and Malaysia International Conference on Communications 2007 (ICT-MICC‘07), pp. 360-365, May 2007. [19] A.H. Wang, S. Yan, and P. Liu, “A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems”, Availability, Reliability, and Security, 2010.ARES’10 International Conference on, pp.104-111, 2010. [20] S. Xu, “Collaborative Attack vs. Collaborative Defense,” COLLABORATVIE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2009, Volume 10, Part 2,217-228. [21] S. Braynov and M. Jadiwala, “Representation and Analysis of Coordinated Attacks”, Proceedings of the 2003 ACM workshop on Formal methods in security engineering, pp. 43-51, October, 2003. [22] Izaddoost, A., Heydari, S.S. “Analyzing network failures in disaster scenarios using a travelling wave probabilistic model”, Communications (QBSC), 2012 26th Biennial Symposium on, pp. 138 – 141, 28-29 May 2012. [23] United States Geological Survey’s (USGS) Earthquake Hazards Program, http://earthquake.usgs.gov/ [24] Tsunami and Earthquake Research at United States Geological Survey’s (USGS), http://walrus.wr.usgs.gov/tsunami/ [25] IBM Global Education, “Virtualization in Education”, IBM, October, 2007. [26] Y. Huang, D. Arsenault and A. Sood,“Incorruptible System Self-cleansing forIntrusion Tolerance”, Performance, Computing, and Communications Conference, IPCCC 2006. 25th IEEE International, 2006, pp.4 -496. [27] Y. Huang, D. Arsenault and A. Sood, “Closing Cluster Attack Windows through Server Redundancy and Rotations”, the Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid, 2006. [28] M. Atighetchi, P. Pal, F. Webber and C. Jones, “Adaptive Use of Network-Centric Mechanisms in Cyber-Defense”, Proceedings of the Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, pp. 183-192, May 2003. [29] Jean-Paul M.G. Linnartz (Editor-in-Chief), “Poisson Arrival Process”, Wireless Communication Reference Website, 1996-2010. http://www.wirelesscommunication.nl/reference/appendix/poisson.htm [30] Gutenberg, R., and C.F. Richter, (1944). “Frequency of earthquakes in California”, Bulletin of the Seismological Society of America, 34, 185-188. [31] Yin Myo Min Htwe, Shen WenBin, “Gutenberg-Richter Recurrence Law to Seismicity Analysis of Southern Segment of the Sagaing Fault and Its Associate Components”, World Academy of Science, Engineering and Technology 26, 2009. [32] Central Weather Bureau, Taiwan, http://www.cwb.gov.tw [33] Ma, Kuo-Fong, Chien, Wen-Feng, “Tsunami Waveform Calculation and Its Application for Tsunami Warning”, National Science Council Data Center, 1998. [34] Blakley, G. R. (1979). “Safeguarding cryptographic keys”, Proceedings of the National Computer Conference 48: 313–317. [35] Ivan Damgard, “Secret Sharing”, CPT 2006, Ver. 3, Lecture series [36] S. Skaperdas, “Contest success functions”, Economic Theory, vol. 7, pp. 283-290, 1996. [37] Hwang, Sung-Ha, “Contest Success Functions: Theory and Evidence”, Economics Department Working Paper Series, Paper 11, 2009. [38] K. Hausken and G. Levitin, “Protection vs. false targets in series systems”, Reliability Engineering & System Safety, vol. 94, pp. 973-981, 2009. [39] Hausken K, Levitin G (2008) “Efficiency of even separation of parallel elements with variable contest intensity”, Risk Anal 28(5):1477–1486 [40] Cobb, C.W. and Douglas, P. H. (1928) “A Theory of Production”, American Economic Review 18(Supplement), 139-165. [41] Fandel, G., et al., “Measuring synergy effects of a Public Social Private Partnership (PSPP) project”, International Journal of Production Economics, 2012 [42] Wittwer, J.W., 'Monte Carlo Simulation in Excel: A Practical Guide' From Vertex42.com, June 1, 2004, http://www.vertex42.com/ExcelArticles/mc/
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/58569	-
dc.description.abstract	近年來，由於網際網路與資訊科技的發展，越來越多的交易服務提供都在網路上。越來越多的企業開始在網路上提供服務與創造新的事業，正因如此，持續性的服務提供與可靠的資料儲存對於企業與客戶來說越來越重要。然而，網路世界的駭客也隨著科技發展使得攻擊手法與能力與日俱增，協同攻擊就是一個很好的例子。一群網路上的攻擊者可以一起合作來發動協同攻擊，他能帶給目標網路更大更強的傷害。另一方面，在真實世界上常常會發生許多的天然災害，舉例來說，台灣在1999年發生的921大地震與日本在2011年發生的311大地震伴隨著海嘯，都帶來了巨大的生命財產損失。由於這些天災人禍，它們可能會對於企業網路產生重大的影響，企業必須要抵抗這些惡意攻擊與天然災害來使得使用者能持續使用網路服務，並且有著安全的資料儲存空間。因此，本研究的目標就是要幫助企業找到一個好的防禦方式來抵抗這些惡意攻擊與天然災害。基於數學規劃與Monte Carlo simulation，我們將採用“Definition of Gradient”與“Local Information Estimation”來找到一個最佳的資源分配方式，讓防禦者能在有限資源下達到對大的防禦效果。	zh_TW
dc.description.abstract	Nowadays, more and more transactions and services are provided on internet, thanks to the development of the Internet and information technologies. There are many enterprises provide businesses and services on internet. Therefore, service continuity and data storage reliability are very important to both companies and customers. However, attackers like hackers have being more and more powerful and skillful on cyber-attacks. For example, collaborative attack is a powerful attack method that enables a group of attackers working together and every attacker can cooperate with each other. Therefore, attackers can group together and make more powerful attack on their target network because of collaborative attack. Moreover, enterprise network may be impacted by serious natural disasters. For example, the earthquake on September 21, 1999 in Taiwan and the one on March 11, 2011 in Japan which was followed by a large tsunami. They both caused tremendous damages in society. Enterprises and organizations may face with varieties of threats such as cyber-attacks and natural disasters. These threats could cause serious impact on company network or system. It is important for system or network to improve its robustness by adopting Quality of Service (QoS) requirements on user service satisfaction and data storage, so that all categories of malicious assaults and natural disasters can be prevented. Our goal is to help defender find out the trade-off balance and offer a guideline to allocate defense resources. Since the attacking process might be complicated and non-deterministic, we resort to the Monte Carlo simulation method to simulate a variety of feasible attack strategies. First, we look for a powerful and efficient attack method to attack target network. Then, we carry out an attack-defense simulation and gather information to evaluate the optimal method of allocating defense resources according to the topology and defending strategies.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T08:20:18Z (GMT). No. of bitstreams: 1 ntu-103-R00725050-1.pdf: 3788051 bytes, checksum: aecbc790a78ccd4735285d2edac231d5 (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	致謝 I Thesis Abstract II 論文摘要 IV Table of Contents VI List of Figures VIII List of Tables X Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 9 1.3 Literature Survey 12 1.3.1 Survivability 12 1.3.2 Collaborative Attack 14 1.3.3 Natural disaster 15 1.3.4 Virtualization 18 1.3.5 Dynamic Topology Reconfiguration 19 1.4 Thesis Organization 20 Chapter 2 Problem Formulation 21 2.1 Problem Description 21 2.1.1 Components failure 21 2.1.2 Natural disaster 22 2.1.3 Attacker Perspective 26 2.1.4 Defender Perspective 29 2.2 Attack-defense Scenario 35 2.2.1 The view of a specific node 35 2.2.2 The view of the network 38 2.3 Mathematical Formulation 51 Chapter 3 Solution Approach 60 3.1 Mathematical Programming 60 3.2 Monte Carlo Simulation 61 3.3 Problem Evaluation Process 63 3.4 Policy Enhancement 66 3.4.1 Commander Enhancement 66 3.4.2 Defender Enhancement 67 Chapter 4 Computational Experiment 82 4.1 Experiment Environment 82 4.2 Simulation Result 85 4.2.1 Convergence Evaluation Times 85 4.2.2 Topology Robustness 86 4.2.3 Steal confidential information analysis 89 4.3 Enhancement results 91 4.3.1 Enhancement in proactive and reactive defense resource 91 4.3.2 Enhancement in QoS related reactive defense resource 98 4.3.3 Enhancement in secret sharing strategy 100 Chapter 5 Conclusion and Future Work 102 Reference 104
dc.language.iso	en
dc.subject	蒙地卡羅法	zh_TW
dc.subject	不完全資訊	zh_TW
dc.subject	網路存活度	zh_TW
dc.subject	協同攻擊	zh_TW
dc.subject	網路攻防	zh_TW
dc.subject	天然災害	zh_TW
dc.subject	最佳化	zh_TW
dc.subject	資源分配	zh_TW
dc.subject	數學規劃法	zh_TW
dc.subject	Mathematical Programming	en
dc.subject	Network Attack and Defense	en
dc.subject	Network Survivability	en
dc.subject	Natural Disaster	en
dc.subject	Optimization	en
dc.subject	Resource Allocation	en
dc.subject	Collaborative Attack	en
dc.subject	Monte Carlo Method	en
dc.subject	Incomplete Information	en
dc.title	考量智慧攻擊與天然災害下透過機密共享與防禦資源分配以最大化網路存活度之研究	zh_TW
dc.title	Maximization of Network Survivability with Secret Sharing and Defense Resource Allocation Against Intelligent Attacks and Natural Disasters	en
dc.type	Thesis
dc.date.schoolyear	102-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	呂俊賢,趙啟超,莊東穎
dc.subject.keyword	協同攻擊,網路攻防,網路存活度,天然災害,最佳化,資源分配,數學規劃法,蒙地卡羅法,不完全資訊,	zh_TW
dc.subject.keyword	Collaborative Attack,Network Attack and Defense,Network Survivability,Natural Disaster,Optimization,Resource Allocation,Mathematical Programming,Monte Carlo Method,Incomplete Information,	en
dc.relation.page	106
dc.rights.note	有償授權
dc.date.accepted	2014-02-06
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 未授權公開取用	3.7 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。