請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63013
標題: | 於虛擬化環境下透過誘捕系統因應惡意合作攻擊以最大化網路存活度之研究 Maximization of Network Survivability through Deception Mechanisms under Malicious Collaborative Attacks in Virtualization Environment |
作者: | Yu-Pu Wu 吳育溥 |
指導教授: | 林永松 |
關鍵字: | 協同攻擊,網路存活度,最佳化,數學規劃,蒙地卡羅法,虛擬化,誘捕系統,服務品質,不完全資訊, Collaborative Attack,Network Survivability,Optimization,Mathematical Programming,Monte Carlo Method,Virtualization,Honeypots,Quality of Service,Incomplete Information, |
出版年 : | 2012 |
學位: | 碩士 |
摘要: | 虛擬化在資訊領域扮演了舉足輕重的角色,尤其在企業發展的層面上更為顯 著,其可免除地理上與硬體設備上的侷限,提供合法使用者更有彈性地運用計算 資源和存儲空間,進而省下可觀的費用且盡可能最大化系統使用率。然而,虛擬 化技術也帶來了資訊安全上高複雜度的兩難問題,在最近新竄起的合作攻擊模式 的威脅下尤為明顯。身為一個提供服務的防禦者,應盡其所能地保護該服務網路 免於多樣化惡意攻擊,以持續供合法使用者高品質之服務,同時間,由指揮官所 率領之一群攻擊者也會藉調整攻擊策略最小化服務之存活性。因此,如何最大化 該遭受惡意攻擊的服務網路之存活度是一個相當值得探討的議題。
由於現實世界中的攻擊者對於目標網路僅具部分資訊,甚至對於防禦方所使 用的防禦機制了解有限,這使得防禦者透過誘捕系統結合動態拓樸重組的機制, 可誤導攻擊方,進而浪費攻擊方的時間與預算。除此之外,我們這裡採用了合作 攻擊使他變得更加貼近現實層面,即使這使得整個問題變得更加複雜。 此外,防禦者也必須思量「在給定一個時間區段的情況下,如何去最小化被 攻擊者所極大化的服務被攻克率。」亦即服務之存活與否仰賴於其品質是否維持 在一定的水準之上。 在這份論文之中,我們將攻防情境轉化成一個數學規劃問題,用以描述攻防 雙方之間的策略資源佈置,並且提出一套以鬆弛觀念與蒙地卡羅法為基礎的解題 方法。 Virtualization plays an important role in the information technology, especially in the enterprise application. Adopting this technology, legitimate users can utilize computing power and storage resources more flexibly without the geography and hardware limitations. Furthermore, it could save a large amount of budget and raise the utilization to the system. Nevertheless, virtualization also brings great problem with high complexity of information security, especially under the threat of collaborative attack, a new attack trend in recent years. As a service provider, the operator has to protect the service from various malicious attacks to serve numerous legitimate users. Meanwhile, the attackers subordinate to a commander would adjust their attack strategy to maximize the probabilities of achieving their goal. Hence, it is an extremely notable issue that how to maximize the survivability of the network under malicious attacks. Since most attackers only have “incomplete information” regarding the target system and less knowledge about defense mechanisms, the defender can distract commander and waste their budget and time by deception techniques and dynamic topology reconfiguration. Furthermore, the collaborative attack scenario is adopted to make it realistic, although it raises the complexity of this problem. Moreover, the defender has to minimize the maximized service compromise probability in a given time period, and guarantee the minimal level of Quality of Service simultaneously. In this thesis, we model the attack-defense scenario as a mathematical programming model that describes the defense and attack configuration and strategies, and propose a solution approach which combines the mathematical programming and simulation. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63013 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf 目前未授權公開取用 | 4.42 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。