考量合作與傳染病式攻擊下確保服務持續性之有效防禦策略

Hui-Yu Chung; 鍾蕙宇

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63007

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松
dc.contributor.author	Hui-Yu Chung	en
dc.contributor.author	鍾蕙宇	zh_TW
dc.date.accessioned	2021-06-16T16:18:31Z	-
dc.date.available	2014-02-16
dc.date.copyright	2013-02-16
dc.date.issued	2012
dc.date.submitted	2013-02-04
dc.identifier.citation	[1] PricewaterhouseCoopers, “Findings from the 2012 Global State of Information Security SurveyR”, PricewaterhouseCoopers, 2011 [2] Symantec Corporation, “State of Enterprise Security 2010”, Symantec, February 2010 [3] IBM Internet Security Systems X-Force research and development team, “IBM X-ForceR 2011 Mid-Year Trend and Risk Report”, IBM, September 2011 [4] F. Cohen, 'Managing network security: Attack and defense strategies', Network Security, Volume 1999, Issue 7, Pages 7-11, July 1999. [5] R. Albert, H. Jeong and A.L. Barabasi, 'Error and Attack Tolerance of Complex Networks,' Nature, Volume 406, Pages 378-382, July 2000 [6] D.A. Fisher, H.F. Lipson, N.R. Mead, R.C. Linger, R.J. Ellison, and T. Longstaff, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, November 1997. [7] H.C. Cankaya and V.S.S. Nair, “Accelerated Reliability Analysis for Self-Healing SONET Networks,” ACM SIGCOMM Computer Communication Review, Volume 28, Issue 4, pp. 268-277, October 1998. [8] K.J. Sullivan, P. Shaw, and S. Geist, “Mediators in Infrastructure Survivability Enhancement,” ACM Proceedings of the 3rdIinternational Workshop on Software Architecture, pp. 141-144, November 1998. [9] J.C. Knight, K. Sullivan, S. Geist, and X. Du, “Information Survivability Control Systems,” ACM Proceedings of the 21st International Conference on Software Engineering, pp. 184-192, May 1999. [10] D. Tipper, S. Ramaswamy, and T. Dahlberg, “PCS Network Survivability,” IEEE Wireless Communications and Networking Conference 1999 (WCNC‘99), Volume 2, pp. 1028-1032, September 1999. [11] C. Wang, J.C. Knight, K.J. Sullivan, and M.C. Elder, “Survivability Architectures: Issues and Approaches,” Proceedings of DARPA Information Survivability Conference and Exposition 2000 (DISCEX’00), Volume 2, pp. 157-171, January 2000. [12] A. Jones, “The Challenge of Building Survivable Information-Intensive Systems,” Computer, Volume 33, Issue 8, pp. 39-43, August 2000. [13] D. Doss, H. Kruse, and W. Yurcik, “Survivability-Over-Security: Providing Whole System Assurance,” Information Survivability Workshop, October 2000. [14] C. Charnsripinyo, D. Tipper, H. Shin, and T. Dahlberg, “Providing Fault Tolerance in Wireless Access Networks,” IEEE Communications Magazine, Volume 40, Issue 1, pp. 58-64, January 2002. [15] C.A. Ugarte, M.A. Hiltunen, and R.D. Schlichting, “Building Survivable Services Using Redundancy and Adaptation,” IEEE Transactions on Computers, Volume 52, Issue 2, pp. 181-194, February 2003. [16] B.R. Haverkort and L. Cloth, “Model Checking for Survivability!,” 2nd International Conference on the Quantitative Evaluation of Systems, pp.145-154, September 2005. [17] D. Botvich, N. Agoulmine, S. Balasubramaniam, and W. Donnelly, “A Multi-layered Approach Towards Achieving Survivability in Autonomic Network,” IEEE International Conference on Telecommunications and Malaysia International Conference on Communications 2007 (ICT-MICC‘07), pp. 360-365, May 2007. [18] A.W. Krings and Z. Ma, “Survival Analysis Approach to Reliability, Survivability and Prognostics and Health Management (PHM),” IEEE Aerospace Conference 2008, pp. 1-20, March 2008. [19] A.H. Wang, S. Yan, and P. Liu, “A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems,” Availability, Reliability, and Security, 2010. ARES’10 International Conference on, 2010, pp. 104-111 [20] S. Xu,” Collaborative Attack vs. Collaborative Defense”, COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2009, Volume 10, Part 2, 217-228 [21] S. Braynov and M. Jadliwala “Representation and Analysis of Coordinated Attacks”, FMSE '03 Proceedings of the 2003 ACM workshop on Formal methods in security engineering, October 2003. [22] Eugene H. Spafford, 'The Internet worm Program: An Analysis', Purdue Technical Report CSD-TR-823, Pages 1-29, 1988 [23] C.C. Zou, W. Gong and D. Towsley, 'Code Red Worm Propagation Modeling and Analysis', 9th ACM Symposium on Computer and Communication Security, Pages 138-147, 2002. [24] Darrell M. Kienzle and Mattheew C. Elder, 'Recent Worms: A Survey and Trends', Proceeding of the 2003 ACM workshop on Rapid malcode, October 2003. [25] S. Qing and W. Wen, 'A survey and trends on Internet worms', Computers & Security, Volume 24, Issue 4, Pages 334-346, June 2005. [26] P. Li, M. Salour and X. Su, 'A Survey of Internet worm Detection and Containment', IEEE Communications Surveys & Tutorials, Volume 10, Issue 1, Pages 20-35, 2008 [27] C. Wong, C. Wang, D. Song, S. Bielski and G.R. Granger, 'Dynamic Quarantine of Internet worms', Proceedings of the 2004 International Conference on Dependable Systems and Networks, 2004. [28] G. Zhang and M. Parashar, 'Cooperative detection and protection against network attacks using decentralized information sharing', Cluster Computing, Volume 13, Number 1, Pages 67-86, 2010 [29] Tullock, Gordon (1967). 'The Welfare Costs of Tariffs, Monopolies, and Theft'. Western Economic Journal 5 (3): 224–232 [30] S. Skaperdas, 'Contest success functions,' Economic Theory, vol. 7, pp. 283-290, 1996. [31] K. Hausken and G. Levitin, 'Protection vs. false targets in series systems,' Reliability Engineering & System Safety, vol. 94, pp. 973-981, 2009. [32] G. Levitin and K. Hausken, 'False targets efficiency in defense strategy,' European Journal of Operational Research, vol. 194, pp. 155-162, 2009. [33] Jack Hirshleifer, 'Conflict and rent-seeking success function: Ratio v.s. Difference model of relative success' Public Choice 63: 101-112, 1989. [34] D. J. Leversage and E. J. Byres. 'Estimating a System's Mean-Time-to-Compromise', IEEE Security & Privacy, Volume 6, Number 1, Pages 52-60, January/February 2008. [35] S. Staniford, V. Paxsony and N. Weaver, 'How to Own the Internet in Your Spare Time', Proceedings of the 11th USENIX Security Symposium, 2002. [36] W. Yu, N. Zhang, X. Fu and W. Zhao, 'Self-Disciplinary Worms and Countermeasures: Modeling and Analysis', IEEE Transactions on Parallel and Distributed Systems, 2010 [37] Fandel, G., et al., “Measuring synergy effects of a Public Social Private Partnership (PSPP) project”, International Journal of Production Economics, 2012 (http://dx.doi.org/10.1016/j.ijpe.2012.03.010) [38] R. Moskovitch, Y. Elovici and L. Rokach, 'Detection of unknown computer worms based on behavioral classification of the host', Computational Statistics & Data Analysis, Volume 52, Issue 9, Pages 4544-4566, May 2008. [39] Y. Xie, V. Sekar, D.A. Maltz, M.K. Reiter and H. Zhang, 'Worm Origin Identification Using Random Moonwalks', 2005 IEEE Symposium on Security and Privacy, May 2005. [40] Y. Xie, V. Sekar, M.K. Reiter and H. Zhang, 'Forensic Analysis for Epidemic Attacks in Federated Networks', Proceedings of the 2006 14th IEEE International Conference on Network Protocols, November2006. [41] Y. Huang, D. Arsenault and A. Sood, 'Closing Clusteer Attack Windows Through Server Redundancy and Rotations', Proceedings of the 6th IEEE International Symposium on Cluster Computing and the Grid, 2006. [42] Y. Huang, D. Arsenault and A. Sood, 'Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security', Journal of Networks, Volume 1, Number 5, Pages 21-30, October 2006. [43] J. Blitzstein and P. Diaconis, “A Sequential Importance Sampling Algorithm for Generating Random Graphs with Prescribed Degrees”, Internet Mathematics, Volume 6, Issue 4, 2011. [44] S. Nagaraja and R. Anderson, “Dynamic Topologies for Robust Scale-Free Networks”, Lecture Notes in Computer Science, Volume 5151, Page 411-426, 2008.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63007	-
dc.description.abstract	隨著科技的日益進步與網路的普及，拓展了網際網路的連結性與擴展性。這使得網際網路在企業組織提供服務或進行電子商務等活動時扮演更重要的角色。然而，這些在網路上所提供的服務，也逐漸成為網路駭客的攻擊目標。攻擊者為阻斷企業組織之正常服務或是竊取機密資訊，不斷地發掘網路中的弱點，而攻擊手法與策略也日益精進。除了獨立發動的攻擊行動外，攻擊者也可以彼此聯手合作，以達到資訊流通、分工化、產生綜效等優勢，強化攻擊成效。近年來的調查資料顯示，合作攻擊將會成為未來網路攻擊的新趨勢。另外，有許多攻擊者利用傳染病式攻擊能夠迅速感染網路大量節點的特性，得到更多的網路拓樸資訊，做出更縝密的謀略。而防禦者也可藉由佈署偵測節點偵測未知傳染病攻擊的方式以保護網路，並透過各種即時性防禦機制抑制傳染病式攻擊的擴散速度。在本論文中，我們考量合作攻擊，將網路攻防情境轉化為一個雙層的數學規劃問題，描述防禦者該如何優化其網路存活度。由於攻防的過程極為複雜且具高度隨機性，故以蒙地卡羅法模擬出各式各樣的攻防情境，除對攻擊者與防禦者在不同網路拓樸、不同環境之下做資源分析外，並收集在攻防過程中的資訊，做為讓防禦者資源配置最佳化的參考，以期讓防禦者最小化被攻擊者最大化的系統攻克機率。本論文結合了數學規劃法的精確性，以及蒙地卡羅法具處理變異性與不完美資訊的優點，進而優化防禦者面對攻擊時採行的防禦策略及資源的配置方式。	zh_TW
dc.description.abstract	Technology progress and network infrastructure expands scalability and connectivity of the Internet. This phenomenon makes enterprises and organizations rely more on the Internet when providing services and engaging in electronic commerce. However, these services on the Internet gradually become the target of malicious attackers. To achieve the goals of service disruption or stealing confidential information, attackers continuously exploit network vulnerabilities and advance their attack strategies. In addition to independent attacks, the attackers could also cooperate with each other to achieve the advantages such as information sharing, specialization, and synergy. Some survey data also shows that collaborative attacks have become a new trend of cyber attacks in recent years. Furthermore, many attackers apply epidemic attacks to get more topology information of the network and evaluate more deliberate strategies. Meanwhile, to protect the network, the defenders may deploy detection nodes to detect unknown epidemic attacks. Furthermore, the defenders could also activate several defense mechanisms to restrain propagation of epidemic attacks. In this thesis, we take collaborative attack into consideration and model the network attack-defense scenario as a bi-level mathematical programming formulation which describes how the defender should optimize his network survivability. Since the processes of the attack are complicated and non-deterministic, we apply the Monte Carlo simulation method to simulate a variety of attack strategies. The information gathered in the evaluation process is used to make some direction of resource reallocation, whose purpose is to minimize maximized service compromise probability and obtain defend policies against malicious and epidemic attacks.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T16:18:31Z (GMT). No. of bitstreams: 1 ntu-101-R99725035-1.pdf: 3253837 bytes, checksum: 0c9e3bafc5eff7937f3086c047e05d6c (MD5) Previous issue date: 2012	en
dc.description.tableofcontents	謝誌 .................................................... I 論文摘要 ................................................ II THESIS ABSTRACT ....................................... III CONTENTS ............................................... V LIST OF TABLES ......................................... VI LIST OF FIGURES ........................................ VII Chapter 1 Introduction ................................. 1 1.1 Background ......................................... 1 1.2 Motivation ......................................... 8 1.3 Literature Survey .................................. 10 1.3.1 Survivability .................................... 10 1.3.2 Collaborative Attacks ............................ 13 1.3.3 Epidemic Attacks ................................. 14 1.3.4 Contest Success Function ......................... 30 1.3.5 Mean Time to Compromise a Node ................... 33 1.4 Thesis Organization ................................ 34 Chapter 2 Problem Formulation .......................... 37 2.1 Problem Description ................................ 37 2.1.1 Attacker Perspective ............................. 37 2.1.2 Defender Perspective ............................. 44 2.1.3 Possible Scenario ................................ 51 2.2 Problem Formulation ................................ 65 Chapter 3 Solution Approach ............................ 75 3.1 Monte Carlo Simulation ............................. 75 3.2 Evaluation process ................................. 76 3.3 Policy enhancement ................................. 78 3.3.1 The Enhance Rules ................................ 79 3.3.2 Enhance Process .................................. 82 3.4 Initial Configuration .............................. 84 Chapter 4 Computational Experiments .................... 85 4.1 Experiment Environment ............................. 85 4.2 Simulation Results ................................. 92 Chapter 5 Conclusion and Future Work .................. 101 REFERENCES ............................................ 105
dc.language.iso	en
dc.subject	蠕蟲	zh_TW
dc.subject	協同攻擊	zh_TW
dc.subject	網路存活度	zh_TW
dc.subject	最佳化	zh_TW
dc.subject	資源配置	zh_TW
dc.subject	數學規劃	zh_TW
dc.subject	蒙地卡羅法	zh_TW
dc.subject	傳染病攻擊	zh_TW
dc.subject	不完全資訊	zh_TW
dc.subject	Incomplete Information	en
dc.subject	Worm	en
dc.subject	Epidemic Attacks	en
dc.subject	Monte Carlo Method	en
dc.subject	Mathematical Programming	en
dc.subject	Resource Allocation	en
dc.subject	Optimization	en
dc.subject	Network Survivability	en
dc.subject	Network Attack and Defense	en
dc.subject	Collaborative Attack	en
dc.title	考量合作與傳染病式攻擊下確保服務持續性之有效防禦策略	zh_TW
dc.title	Effective Defense Strategies to Assure Service Continuity against Collaborative and Epidemic Attacks	en
dc.type	Thesis
dc.date.schoolyear	101-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	呂俊賢,莊東穎,傅新彬,鍾順平
dc.subject.keyword	協同攻擊,網路存活度,最佳化,資源配置,數學規劃,蒙地卡羅法,傳染病攻擊,蠕蟲,不完全資訊,	zh_TW
dc.subject.keyword	Collaborative Attack,Network Attack and Defense,Network Survivability,Optimization,Resource Allocation,Mathematical Programming,Monte Carlo Method,Epidemic Attacks,Worm,Incomplete Information,	en
dc.relation.page	111
dc.rights.note	有償授權
dc.date.accepted	2013-02-04
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-101-1.pdf 未授權公開取用	3.18 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。