請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63007
標題: | 考量合作與傳染病式攻擊下確保服務持續性之有效防禦策略 Effective Defense Strategies to Assure Service Continuity against Collaborative and Epidemic Attacks |
作者: | Hui-Yu Chung 鍾蕙宇 |
指導教授: | 林永松 |
關鍵字: | 協同攻擊,網路存活度,最佳化,資源配置,數學規劃,蒙地卡羅法,傳染病攻擊,蠕蟲,不完全資訊, Collaborative Attack,Network Attack and Defense,Network Survivability,Optimization,Resource Allocation,Mathematical Programming,Monte Carlo Method,Epidemic Attacks,Worm,Incomplete Information, |
出版年 : | 2012 |
學位: | 碩士 |
摘要: | 隨著科技的日益進步與網路的普及,拓展了網際網路的連結性與擴展性。這使得網際網路在企業組織提供服務或進行電子商務等活動時扮演更重要的角色。然而,這些在網路上所提供的服務,也逐漸成為網路駭客的攻擊目標。攻擊者為阻斷企業組織之正常服務或是竊取機密資訊,不斷地發掘網路中的弱點,而攻擊手法與策略也日益精進。除了獨立發動的攻擊行動外,攻擊者也可以彼此聯手合作,以達到資訊流通、分工化、產生綜效等優勢,強化攻擊成效。近年來的調查資料顯示,合作攻擊將會成為未來網路攻擊的新趨勢。另外,有許多攻擊者利用傳染病式攻擊能夠迅速感染網路大量節點的特性,得到更多的網路拓樸資訊,做出更縝密的謀略。而防禦者也可藉由佈署偵測節點偵測未知傳染病攻擊的方式以保護網路,並透過各種即時性防禦機制抑制傳染病式攻擊的擴散速度。
在本論文中,我們考量合作攻擊,將網路攻防情境轉化為一個雙層的數學規劃問題,描述防禦者該如何優化其網路存活度。由於攻防的過程極為複雜且具高度隨機性,故以蒙地卡羅法模擬出各式各樣的攻防情境,除對攻擊者與防禦者在不同網路拓樸、不同環境之下做資源分析外,並收集在攻防過程中的資訊,做為讓防禦者資源配置最佳化的參考,以期讓防禦者最小化被攻擊者最大化的系統攻克機率。本論文結合了數學規劃法的精確性,以及蒙地卡羅法具處理變異性與不完美資訊的優點,進而優化防禦者面對攻擊時採行的防禦策略及資源的配置方式。 Technology progress and network infrastructure expands scalability and connectivity of the Internet. This phenomenon makes enterprises and organizations rely more on the Internet when providing services and engaging in electronic commerce. However, these services on the Internet gradually become the target of malicious attackers. To achieve the goals of service disruption or stealing confidential information, attackers continuously exploit network vulnerabilities and advance their attack strategies. In addition to independent attacks, the attackers could also cooperate with each other to achieve the advantages such as information sharing, specialization, and synergy. Some survey data also shows that collaborative attacks have become a new trend of cyber attacks in recent years. Furthermore, many attackers apply epidemic attacks to get more topology information of the network and evaluate more deliberate strategies. Meanwhile, to protect the network, the defenders may deploy detection nodes to detect unknown epidemic attacks. Furthermore, the defenders could also activate several defense mechanisms to restrain propagation of epidemic attacks. In this thesis, we take collaborative attack into consideration and model the network attack-defense scenario as a bi-level mathematical programming formulation which describes how the defender should optimize his network survivability. Since the processes of the attack are complicated and non-deterministic, we apply the Monte Carlo simulation method to simulate a variety of attack strategies. The information gathered in the evaluation process is used to make some direction of resource reallocation, whose purpose is to minimize maximized service compromise probability and obtain defend policies against malicious and epidemic attacks. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63007 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf 目前未授權公開取用 | 3.18 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。