請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63781
標題: | 考量惡意合作攻擊下最小化服務被攻克率之有效網路建置與防禦策略 Effective Network Planning and Defending Strategies to Minimize Service Compromise Probabilities under Malicious Collaborative Attacks |
作者: | Chi-Hsiang Chan 詹棨翔 |
指導教授: | 林永松 |
關鍵字: | 協同攻擊,網路存活度,數學規劃法,模擬,雲端運算,虛擬化,資源配置, Collaborative Attack,Network Survivability,Mathematical Programming,Simulation,Cloud Computing,Virtualization,Resource Allocation, |
出版年 : | 2012 |
學位: | 碩士 |
摘要: | 雲端運算使用了虛擬化和網路技術。這個最近熱門的議題,讓使用者和組織可以去除地理上的限制在任何時間、地點存取所需的應用服務。這個方便的技術帶來了許多的利益但也造成了資訊安全上的複雜度提高。
在本論文中,我們利用數學模型描述一個網路攻防情境,並且配合模擬和數學規劃法解決雙層問題。由於攻防策略的多變性造成情境具高複雜度且不可預期,因此透過模擬評估平均的網路存活度,接著使用了模試圖最佳化攻擊方的策略,攻擊方將試著最大化服務被攻克率而防禦方則希望最小化被攻擊者最大化之服務被攻克率。 在我們考量的攻防情境中,攻擊方會採用協同攻擊策略,此種策略可帶給攻擊方更多的優勢。另一方面,防禦者在考量有限的資源預算和合法使用者的服務品質下,決定適合的策略以保護服務,防禦策略包含佈置即時防禦機制,如:動態網路拓樸調整、區域防禦以及雲端安全服務,另外也利用了虛擬化技術建置網路拓樸。 Recently, Cloud computing which base on virtualization and network technology becomes a popular issue. Through the novel model it provides, users and organizations can decrease the cost on resources and access the applications without geographic limit. The convenient technologies bring a lot of profits but also raise the complexity of information security. In this thesis, we model the network attack and defense scenario as a mathematical formulation and solve the bi-level problem through simulation and mathematical programming. Because of the complexity and non-deterministic characteristic of both attack and defense strategies, we adopt simulation to evaluate the average network survivability. Furthermore, several methods are used to help us discover the optimal strategies. The attack commander tries to maximize the service compromise probabilities and the defender has to minimize the maximized probabilities. As for the attack and defense scenario, collaborative attack is considered. This kind of attack is advantageous to the commanders. On the other hand, the defender must decide the appropriate strategies under budget and predefined quality of service constraints, which including deploying various reactive defense mechanisms such as dynamic topology reconfiguration, local defense function, and cloud security service to protect the system. The Virtualization technology is also considered as a strategy for constructing the topology. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63781 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf 目前未授權公開取用 | 1.79 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。