Skip navigation

DSpace

機構典藏 DSpace 系統致力於保存各式數位資料(如:文字、圖片、PDF)並使其易於取用。

點此認識 DSpace
DSpace logo
English
中文
  • 瀏覽論文
    • 校院系所
    • 出版年
    • 作者
    • 標題
    • 關鍵字
    • 指導教授
  • 搜尋 TDR
  • 授權 Q&A
    • 我的頁面
    • 接受 E-mail 通知
    • 編輯個人資料
  1. NTU Theses and Dissertations Repository
  2. 管理學院
  3. 資訊管理學系
請用此 Handle URI 來引用此文件: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/100123
完整後設資料紀錄
DC 欄位值語言
dc.contributor.advisor孫雅麗zh_TW
dc.contributor.advisorYea-Li Sunen
dc.contributor.author施瑋翔zh_TW
dc.contributor.authorWei-Hsiang Shihen
dc.date.accessioned2025-09-24T16:34:16Z-
dc.date.available2025-09-25-
dc.date.copyright2025-09-24-
dc.date.issued2025-
dc.date.submitted2025-08-13-
dc.identifier.citationSeongsu Park. (2023, October 27). A Cascade of Compromise: Unveiling Lazarus’ New Campaign. Securelist. https://securelist.com/unveiling-lazarus-new-campaign/110888/
Kyaw Pyiyt Htet, Dragos Threat Intelligence. (2017, May 31). Lazarus Group. MITRE ATT&CK. https://attack.mitre.org/groups/G0032/
Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. WayBackMachine. https://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf
Kyoung-ju Kwak. (2021, Sep 29). Andariel. MITRE ATT&CK. https://attack.mitre.org/groups/G0138/
Valerii Marchuk, Cybersecurity Help s.r.o.. (2018, Apr 18). APT37. MITRE ATT&CK. https://attack.mitre.org/groups/G0067/
APT38. (2019, Jan 29). MITRE ATT&CK. https://attack.mitre.org/groups/G0082/
Taewoo Lee, KISA; Dongwook Kim, KISA. (2019, Aug 26). Kimsuky. MITRE ATT&CK. https://attack.mitre.org/groups/G0094/
Targeted Attack Life Cycle. (n.d.). Google Cloud. https://cloud.google.com/security/resources/insights/targeted-attack-lifecycle?hl=zh-TW
Jeff Sakowicz, Microsoft Identity Developer Platform Services (IDPM Services); Saisha Agrawal, Microsoft Threat Intelligent Center (MSTIC). (2018, Apr 18). Drive-by Compromise. MITRE ATT&CK. https://attack.mitre.org/techniques/T1189/
Mathieu Tartare, ESET; Tahseen Bin Taj. (2020, Oct 15). Boot or Logon Autostart Execution: Print Processors. MITRE ATT&CK. https://attack.mitre.org/techniques/T1547/012/
Hijack Execution Flow: DLL Side-Loading. (2023, Mar 30). MITRE ATT&CK. https://attack.mitre.org/techniques/T1574/002/
Filip Kafka, ESET. (2020, Feb 05). Obfuscated Files or Information: Software Packing. MITRE ATT&CK. https://attack.mitre.org/techniques/T1027/002/
Jiraput Thamsongkrah; Joas Antonio dos Santos, @C0d3Cr4zy, Inmetrics; João Paulo de A. Filho, @Hug1nN__; Lior Ribak, SentinelOne; Rex Guo, @Xiaofei_REX, Confluera; Shlomi Salem, SentinelOne. (2021, Oct 05). Reflective Code Loading. MITRE ATT&CK. https://attack.mitre.org/techniques/T1620/
Defense Evasion. (2018, Oct 17). MITRE ATT&CK. https://attack.mitre.org/tactics/TA0005/
Matthew Demaske, Adaptforward; Red Canary. (2017, Dec 14). Deobfuscate/Decode Files or Information. MITRE ATT&CK. https://attack.mitre.org/techniques/T1140/
Martin Jirkal, ESET. (2020, Feb 05). Obfuscated Files or Information: Binary Padding. MITRE ATT&CK. https://attack.mitre.org/techniques/T1027/001/
TruKno. (2020, Mar 15). Application Layer Protocol: Web Protocols. MITRE ATT&CK. https://attack.mitre.org/techniques/T1071/001/
Data Encoding: Non-Standard Encoding. (2020, Mar 14). MITRE ATT&CK. https://attack.mitre.org/techniques/T1132/002/
Austin Clark, @c2defense; Maril Vernon @shewhohacks; Praetorian. (2017, May 31). System Information Discovery. MITRE ATT&CK. https://attack.mitre.org/techniques/T1082/
William Cain. (2017, May 31). Exfiltration Over C2 Channel. MITRE ATT&CK. https://attack.mitre.org/techniques/T1041/
Exploitation for Client Execution. (2018, Apr 18). MITRE ATT&CK. https://attack.mitre.org/techniques/T1203/
Encrypted Channel: Symmetric Cryptography. (2020, Mar 16). MITRE ATT&CK. https://attack.mitre.org/techniques/T1573/001/
Austin Clark, @c2defense. (2017, May 31). Process Discovery. MITRE ATT&CK. https://attack.mitre.org/techniques/T1057/
Austin Clark, @c2defense. (2017, May 31). File and Directory Discovery. MITRE ATT&CK. https://attack.mitre.org/techniques/T1083/
Screen Capture. (2017, May 31). MITRE ATT&CK. https://attack.mitre.org/techniques/T1113/
Ed Williams, Trustwave, SpiderLabs; Edward Millington; Michael Forret, Quorum Cyber; Olaf Hartong, Falcon Force. (2020, Feb 11). OS Credential Dumping: LSASS Memory. MITRE ATT&CK. https://attack.mitre.org/techniques/T1003/001/
CVE-2017-0144 Detail. (2017, June 13). National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/cve-2017-0144
Arda Büyükkaya (2023, June 2). Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure. EclecticIQ. https://blog.eclecticiq.com/chinese-threat-actor-used-modified-cobalt-strike-variant-to-attack-taiwanese-critical-infrastructure
Discover what drives us. (n.d.). EclecticIQ. https://www.eclecticiq.com/about
CVE-2021-44228 Detail. (2021, October 12). National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Internet Archive Wayback Machine. https://web.archive.org/web/20210708035426/https://www.cobaltstrike.com/downloads/csmanual43.pdf
zan8in. (n.d.). afrog. GitHub. https://github.com/zan8in/afrog
projectdiscovery. (n.d.). nuclei. GitHub. https://github.com/projectdiscovery/nuclei
shadow1ng. (n.d.). fscan. GitHub. https://github.com/shadow1ng/fscan
moonD4rk. (n.d.). HackBrowserData. GitHub. https://github.com/moonD4rk/HackBrowserData
AlessandroZ. (n.d.). LaZagne. GitHub. https://github.com/AlessandroZ/LaZagne
fatedier. (n.d.). frp. GitHub. https://github.com/fatedier/frp
shmilylty. (n.d.). OneForAll. GitHub. https://github.com/shmilylty/OneForAll
Active Scanning: Vulnerability Scanning (2020, Oct 2). MITRE ATT&CK. https://attack.mitre.org/techniques/T1595/002/
Praetoria; Yossi Weizman, Azure Defender Research Team. (2018, Apr 18). Exploit Public-Facing Application. MITRE ATT&CK. https://attack.mitre.org/techniques/T1190/
TryGOTry. (n.d.). CobaltStrike_Cat_4.5. GitHub. https://github.com/TryGOTry/CobaltStrike_Cat_4.5
T00ls 管理团队。(2020, Mar 24)。T00ls总规则 V2.1。T00ls。 https://www.t00ls.com/articles-55555.html
Diego Sappa, Securonix. (2020, Oct 2). Active Scanning: Scanning IP Blocks. MITRE ATT&CK. https://attack.mitre.org/techniques/T1595/001/
Austin Clark, @c2defense. (2017, May 31). System Network Configuration Discovery. MITRE ATT&CK. https://attack.mitre.org/techniques/T1016/
Barry Shteiman, Exabeam; RedHuntLabs, @redhuntlabs; Ryan Benson, Exabeam; Sylvain Gil, Exabeam. (2020, Feb 12). Credentials from Password Stores: Credentials from Web Browsers. MITRE ATT&CK. https://attack.mitre.org/techniques/T1555/003/
LaZagne (2019, Jan 30). MITRE ATT&CK. https://attack.mitre.org/software/S0349/
Akshat Pradhan, Qualys; Matthew Demaske, Adaptforward; Mayuresh Dani, Qualys; Pedro Harrison; Wietze Beukema, @wietze; Wirapong Petshagun. (2020, Jan 17). Create or Modify System Process: Windows Service. MITRE ATT&CK. https://attack.mitre.org/techniques/T1543/003/
Proxy: Internal Proxy (2020, Mar 14). MITRE ATT&CK. https://attack.mitre.org/techniques/T1090/001/
Command and Scripting Interpreter. (2017, May 31). MITRE ATT&CK. https://attack.mitre.org/techniques/T1059/
Alfredo Oliveira, Trend Micro; David Fiser, @anu4is, Trend Micro; Ed Williams, Trustwave, SpiderLabs; Magno Logan, @magnologan, Trend Micro; Mohamed Kmal; Yossi Weizman, Azure Defender Research Team. (2017, May 31). Brute Force. MITRE ATT&CK. https://attack.mitre.org/techniques/T1110/
advanced persistent threat. (n.d.). National Institute of Standards and Technology. https://csrc.nist.gov/glossary/term/advanced_persistent_threat
Daniyal Naeem, BT Security; Matt Brenton, Zurich Insurance Group; Katie Nickels, Red Canary; Joe Gumke, U.S. Bank; Liran Ravich, CardinalOps. (2017, May 31). APT29. MITRE ATT&CK. https://attack.mitre.org/groups/G0016/
SolarWinds Compromise. (2023, Mar 24). MITRE ATT&CK. https://attack.mitre.org/campaigns/C0024/
markruss, foxmsft, MarioHewardt, pzhlkj6612, lukekim, hecongy, analyze-v, VSC-Service-Account, markrussinovich. (2024, Jun 20). Process Monitor v4.01. Microsoft Learn. https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
markruss, foxmsft, bluPhy, janlinhart-BC, MarioHewardt, lukekim, asteinbr, analyze-v, markrussinovich, VSC-Service-Account. (2024, Jul 23). Sysmon v15.15. Microsoft Learn. https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
Fang, R., Bindu, R., Gupta, A., Zhan, Q., & Kang, D. (2024). LLM agents can autonomously hack websites. arXiv preprint arXiv:2402.06664.
Xu, J., Stokes, J. W., McDonald, G., Bai, X., Marshall, D., Wang, S., ... & Li, Z. (2024). Autoattacker: A large language model guided system to implement automatic cyber-attacks. arXiv preprint arXiv:2403.01038.
Enterprise Tactics. (n.d.). MITRE ATT&CK. https://attack.mitre.org/tactics/enterprise/
Enterprise Techniques. (n.d.). MITRE ATT&CK. https://attack.mitre.org/techniques/enterprise/
elegantmoose. (n.d.). caldera. GitHub. https://github.com/mitre/caldera?tab=readme-ov-file
Welcome to Atomic Red Team. (n.d.). red canary. https://www.atomicredteam.io/
Wang, Z. (2022). A systematic literature review on cyber threat hunting. arXiv preprint arXiv:2212.05310.
Chen, L., Jiang, R., Lin, C., & Li, A. (2022, July). A survey on threat hunting: Approaches and applications. In 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC) (pp. 340-344). IEEE.
Lukova-Chuikoa, N., Fesenkoa, A., Papirnaa, H., & Gnatyukb, S. (2021). Threat hunting as a method of protection against cyber threats. In CEUR Workshop Proceedings (pp. 103-113).
Chen, C. K., Lin, S. C., Huang, S. C., Chu, Y. T., Lei, C. L., & Huang, C. Y. (2022). Building machine learning-based threat hunting system from scratch. Digital Threats: Research and Practice (DTRAP), 3(3), 1-21.
Barr-Smith, F., Ugarte-Pedrero, X., Graziano, M., Spolaor, R., & Martinovic, I. (2021, May). Survivalism: Systematic analysis of windows malware living-off-the-land. In 2021 IEEE Symposium on Security and Privacy (SP) (pp. 1557-1574). IEEE.
mbechler. (n.d.). marshalsec. GitHub. https://github.com/mbechler/marshalsec
Chapter 15. Nmap Reference Guide. (n.d.). NMAP.ORG. https://nmap.org/book/man.html
SpecterOps. (n.d.). BloodHound-Legacy. GitHub. https://github.com/SpecterOps/BloodHound-Legacy?tab=readme-ov-file
Michiel Lemmens. (2021, Jun 21). BloodHound – Sniffing Out the Path Through Windows Domains. SANS. https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
CVE-2012-1283 Detail. (2012, May 11). National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/cve-2012-1823
CVE-2024-4577 Detail. (2024, Jun 09). National Institute of Standards and Technology. https://nvd.nist.gov/vuln/detail/cve-2024-4577
Casey Smith; Stefan Kanthak. (2020, Jan 30). Abuse Elevation Control Mechanism: Bypass User Account Control. MITRE ATT&CK. https://attack.mitre.org/techniques/T1548/002/
Alain Homewood; Jeremy Hedges; Joe Wise; John Page (aka hyp3rlinx), ApparitionSec; Mark Wee; Selena Larson, @selenalarson; Shailesh Tiwary (Indian Army); The DFIR Report. (2017, May 31). Ingress Tool Transfer. MITRE ATT&CK. https://attack.mitre.org/techniques/T1105/
Bartosz Jerzman; David Lu, Tripwire; Travis Smith, Tripwire. (2017, May 31). Modify Registry. MITRE ATT&CK. https://attack.mitre.org/techniques/T1112/
Austin Clark, @c2defense; Hubert Mank. (2019, Oct 04). System Shutdown/Reboot. MITRE ATT&CK. https://attack.mitre.org/techniques/T1529/
ParrotSec. (n.d.). mimikatz. GitHub. https://github.com/ParrotSec/mimikatz/tree/master?tab=readme-ov-file
Gather Victim Network Information. (2020, Oct 02). MITRE ATT&CK. https://attack.mitre.org/techniques/T1590/
Network Service Discovery. (2017, May 31). MITRE ATT&CK. https://attack.mitre.org/techniques/T1046/
Harshal Tupsamudre, Qualys; Miriam Wiesner, @miriamxyra, Microsoft Security. (2020, Mar 12). Permission Groups Discovery: Local Groups. MITRE ATT&CK. https://attack.mitre.org/techniques/T1069/001/
Daniel Stepanic, Elastic; Miriam Wiesner, @miriamxyra, Microsoft Security. (2020, Feb 21). Account Discovery: Local Account. MITRE ATT&CK. https://attack.mitre.org/techniques/T1087/001/
Austin Clark, @c2defense; Daniel Stepanic, Elastic; RedHuntLabs, @redhuntlabs. (2017, May 31). Remote System Discovery. MITRE ATT&CK. https://attack.mitre.org/techniques/T1018/
Jungsoo An, Wayne Lee and Vanja Svajcer. (2024, Feb 08). New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization. Cisco Talos. https://blog.talosintelligence.com/new-zardoor-backdoor/
Austin Clark, @c2defense. (2017, May 31). System Owner/User Discovery. MITRE ATT&CK. https://attack.mitre.org/techniques/T1033/
Austin Clark, @c2defense; Praetorian. (2017, May 31). System Network Connections Discovery. MITRE ATT&CK. https://attack.mitre.org/techniques/T1049/
ExtraHop; Miriam Wiesner, @miriamxyra, Microsoft Security. (2020, Feb 21). Account Discovery: Domain Account. MITRE ATT&CK. https://attack.mitre.org/techniques/T1087/002/
Kurt Baker. (2025, Jan 16). Cyber Espionage Explained. CrowdStrike. https://www.crowdstrike.com/en-us/cybersecurity-101/threat-intelligence/cyber-espionage/
Alfredo Abarca; William Cain. (2017, May 31). Exfiltration Over Alternative Protocol. MITRE ATT&CK. https://attack.mitre.org/techniques/T1048/
@ionstorm; Olaf Hartong, Falcon Force; Tristan Madani. (2017, May 31). Windows Management Instrumentation. MITRE ATT&CK. https://attack.mitre.org/techniques/T1047/
Stevewhims, Saisang, dksimpson, QuinnRadich, msatranjr. (2024, Jul 15). Task Scheduler for developers. Microsoft Learn. https://learn.microsoft.com/en-us/windows/win32/taskschd/task-scheduler-start-page
Casey Smith; Gareth Phillips, Seek Ltd.; James_inthe_box, Me; Ricardo Dias. (2020, Jan 23). System Binary Proxy Execution: Rundll32. MITRE ATT&CK. https://attack.mitre.org/techniques/T1218/011/
Walker Johnson. (2020, Jan 31). Indicator Removal: File Deletion. MITRE ATT&CK. https://attack.mitre.org/techniques/T1070/004/
Eduardo Chavarro Ovalle. (2020, Mar 14). Proxy: Multi-hop Proxy. MITRE ATT&CK. https://attack.mitre.org/techniques/T1090/003/
Andrew Northern, @ex_raritas; Bryan Campbell, @bry_campbell; Selena Larson, @selenalarson; Sittikorn Sangrattanapitak; Zachary Abzug, @ZackDoesML. (2019, Nov 27). Scheduled Task/Job: Scheduled Task. MITRE ATT&CK. https://attack.mitre.org/techniques/T1053/005/
Command and Scripting Interpreter: Windows Command Shell. (2020, Mar 09). MITRE ATT&CK. https://attack.mitre.org/techniques/T1059/003/
Remote Services: SMB/Windows Admin Shares. (2020, Feb 11). MITRE ATT&CK. https://attack.mitre.org/techniques/T1021/002/
Mark Wee, Mayan Arora aka Mayan Mohan. (2020, Feb 20). Archive Collected Data: Archive via Utility. MITRE ATT&CK. https://attack.mitre.org/techniques/T1560/001/
Cedric Pernet, Jaromir Horejsi. (2024, Feb 26). Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections. Trend Micro. https://www.trendmicro.com/en_us/research/24/b/earth-lusca-uses-geopolitical-lure-to-target-taiwan.html
TruKno. (2020, Mar 11). User Execution: Malicious File. MITRE ATT&CK. https://attack.mitre.org/techniques/T1204/002/
Skelsec. (n.d.). pypykatz. GitHub. https://github.com/skelsec/pypykatz
National Vulnerability Database. (2022, Sep 20). National Institute of Standards and Technology. https://nvd.nist.gov/		-
dc.identifier.urihttp://tdr.lib.ntu.edu.tw/jspui/handle/123456789/100123-
dc.description.abstract隨著資訊技術的快速發展與資安威脅的日益複雜化,進階持續性威脅(Advanced Persistent Threats, APTs)已成為企業與政府組織面臨的重要挑戰。APT 攻擊活動往往具備階段性、長時間潛伏與規避偵測等特性,攻擊者會依據目標特性設計複雜的攻擊流程,實施如初步入侵、橫向移動、憑證竊取及資料外洩等行動。本研究旨在協助防禦方理解與模擬現實中的 APT 攻擊行為,透過三個真實攻擊案例之重建,包括 Lazarus Attack Campaign、Taiwan Critical Infrastructure Attack 與 Islamic Organization Espionage Campaign,完整重塑其攻擊生命週期,並依據 MITRE ATT&CK 架構對各階段攻擊行為進行分析,完成不同攻擊階段戰略(Tactics)與戰術(Techniques)的對應。
本研究首先根據公開之資安威脅情資報告(Cyber Threat Intelligence, CTI)進行攻擊生命週期(Mandiant Attack Life Cycle)重建,補足報告中缺漏之技術細節,並實作、補充攻擊腳本(Abilities)貢獻至 CALDERA 平台,擴充並多樣化紅隊武器庫。接著,本研究記錄模擬執行完整的攻擊活動過程中產生之系統事件日誌,擴充 TTP(Tactics, Techniques, and Procedures)知識庫,為未來以深度學習為基礎之威脅偵測模型提供更豐富的訓練資料。
進一步地,本研究亦探索大型語言模型代理(LLM Agent)在自主式模擬攻擊之應用,嘗試證明並發揮大型語言模型代理規劃與推論的能力。研究中設計並實作不同的工具(武器庫),使大型語言模型代理具備自主式攻擊的能力,可利用現有的工具,獨自完成 APT 攻擊活動中多階段攻擊目標。透過結合實際攻擊重建與大型語言模型代理的自主式攻擊,本研究提供防禦方更多紅隊演練的攻擊技巧並提升紅隊演練自動化的程度,期望有助於防禦方提升對 APT 威脅的認知與應對能力。		zh_TW
dc.description.abstractWith the rapid advancement of information technology and the increasing complexity of cybersecurity threats, Advanced Persistent Threats (APTs) have become a critical challenge faced by enterprises and government organizations. APT campaigns are often characterized by their staged execution, long-term persistence, and evasion of detection. Threat actors design intricate, multi-phase operations tailored to their targets, including initial compromise, lateral movement, credential theft, and data exfiltration. This study aims to support defenders in understanding and simulating real-world APT behaviors through the reconstruction of three documented attack campaigns: Lazarus Attack Campaign, Taiwan Critical Infrastructure Attack, and Islamic Organization Espionage Campaign. Each campaign's attack life cycle is reconstructed and analyzed using the MITRE ATT&CK framework to classify tactics and techniques used in each attack phase.
The study first reconstructs Mandiant Target Attack Life Cycle based on publicly available Cyber Threat Intelligence (CTI) reports, filling in technical gaps and implementing corresponding attack scripts (Abilities) to contribute to the CALDERA red teaming platform, thereby enhancing and diversifying its arsenal. Next, the study records system event logs generated during the execution of complete attack simulations to expand the TTP (Tactics, Techniques, and Procedures) knowledge base, providing more diverse training data for deep learning-based threat detection models.
Furthermore, this research explores the application of Large Language Model (LLM) Agents in autonomous attack simulation, demonstrating their planning and reasoning capabilities. By designing and implementing a variety of tools, the study enables LLM Agents to autonomously conduct multi-stage APT style attacks using existing tools. Through the combination of real-world attack reconstruction and autonomous LLM Agent driven attacks, this study provides red teams with enriched offensive techniques and improves the automation of red team exercises. Ultimately, it aims to enhance defenders’ situational awareness and response capabilities against APT threats.		en
dc.description.provenanceSubmitted by admin ntu (admin@lib.ntu.edu.tw) on 2025-09-24T16:34:16Z
No. of bitstreams: 0		en
dc.description.provenanceMade available in DSpace on 2025-09-24T16:34:16Z (GMT). No. of bitstreams: 0en
dc.description.tableofcontentsAcknowledgement i
摘要 ii
Abstract iii
目次 v
圖次 ix
表次 xi
Chapter 1 研究介紹 1
1.1 研究動機與介紹 1
1.2 研究目標 5
Chapter 2 研究背景與文獻探討 6
2.1 研究背景 6
2.1.1 Mandiant Targeted Attack Life Cycle 6
2.1.2 MITRE ATT&CK Framework 7
2.1.3 Red Teaming Platform 8
2.1.3.1 CALDERA 8
2.1.3.2 Atomic Red Team 8
2.2 文獻探討 8
2.2.1 Living-Off-The-Land (LotL) 8
2.2.2 LLM Agent 9
Chapter 3 Lazarus Attack Campaign: a Cascade of Compromise 11
3.1 Reconstruct Attack Life Cycle from CTI Report 12
3.1.1 第一階段 13
3.1.2 第二階段 14
3.1.3 第三階段 16
3.1.4 第四階段 20
3.1.5 第五階段 20
3.1.6 第六階段 23
3.2 辨識 CTI Report 缺漏的攻擊行為 23
3.3 選擇的模擬(實作)方法 24
3.3.1 第一階段 24
3.3.2 第二階段 27
3.3.3 第三階段 29
3.3.4 第四階段 31
3.3.5 第五階段 32
3.3.6 第六階段 36
Chapter 4 Taiwan Critical Infrastructure Attack 41
4.1 Reconstruct Attack Life Cycle from CTI Report 41
4.1.1 第一階段 43
4.1.2 第二階段 44
4.1.3 第三階段 44
4.1.4 第四階段 45
4.1.5 第五階段 46
4.1.6 第六階段 47
4.1.7 第七階段 48
4.2 辨識 CTI Report 缺漏的攻擊行為 49
4.3 選擇的模擬(實作)方法 50
4.3.1 第一階段 50
4.3.2 第二階段 52
4.3.3 第三階段 57
4.3.4 第四階段 61
4.3.5 第五階段 61
4.3.6 第六階段 62
Chapter 5 Islamic Organization Espionage Campaign 65
5.1 Reconstruct Attack Life Cycle from CTI Report 65
5.1.1 第一階段 67
5.1.2 第二階段 68
5.1.3 第三階段 68
5.1.4 第四階段 72
5.1.5 第五階段 75
5.1.6 第六階段 75
5.1.7 第七階段 78
5.2 辨識 CTI Report 缺漏的攻擊行為 78
5.3 選擇的模擬(實作)方法 79
5.3.1 第一階段 79
5.3.2 第二階段 82
5.3.3 第三階段 83
5.3.4 第四階段 83
5.3.5 第五階段 86
5.3.6 第六階段 86
Chapter 6 大型語言模型代理自主式攻擊 89
6.1 研究動機 89
6.2 大型語言模型代理的特徵 90
6.3 研究目標 91
6.4 系統架構 92
6.4.1 實驗環境設定 92
6.4.2 記錄與驗證 Attacker AI Agent 的行為 93
6.4.3 Attacker AI Agent 的框架與工具 94
6.5 實驗方法與結果 100
6.5.1 Experiment #1 100
6.5.2 Experiment #2.1 105
6.5.3 Experiment #2.2 107
6.6 討論 109
Chapter 7 結論 111
參考資料 112
附錄一:使用者提示詞 122
附錄二:Experiment #1 系統指令 124
附錄三:Experiment #2:系統指令 125		-
dc.language.isozh_TW-
dc.subject進階持續性威脅zh_TW
dc.subject攻擊生命週期zh_TW
dc.subject大型語言模型代理zh_TW
dc.subjectCALDERAzh_TW
dc.subjectMITRE ATT&CKzh_TW
dc.subject紅隊演練zh_TW
dc.subjectRed Team Simulationen
dc.subjectLarge Language Model Agenten
dc.subjectCALDERAen
dc.subjectMITRE ATT&CKen
dc.subjectAttack Life Cycleen
dc.subjectAdvanced Persistent Threatsen
dc.title進階持續性威脅網路攻擊之重建模擬實作與大型語言模型代理之自主式攻擊zh_TW
dc.titleAdvanced Persistence Threat (APT) Attack Campaign Reconstruction and LLM Agent Automated Attacken
dc.typeThesis-
dc.date.schoolyear113-2-
dc.description.degree碩士-
dc.contributor.oralexamcommittee陳孟彰;楊名全;黃意婷zh_TW
dc.contributor.oralexamcommitteeMeng-Chang Chen;Ming-Chuan Yang;Yi-Ting Huangen
dc.subject.keyword進階持續性威脅,攻擊生命週期,紅隊演練,MITRE ATT&CK,CALDERA,大型語言模型代理,zh_TW
dc.subject.keywordAdvanced Persistent Threats,Attack Life Cycle,Red Team Simulation,MITRE ATT&CK,CALDERA,Large Language Model Agent,en
dc.relation.page125-
dc.identifier.doi10.6342/NTU202503062-
dc.rights.note未授權-
dc.date.accepted2025-08-15-
dc.contributor.author-college管理學院-
dc.contributor.author-dept資訊管理學系-
dc.date.embargo-liftN/A-
顯示於系所單位:資訊管理學系

文件中的檔案:
檔案 大小格式 
ntu-113-2.pdf
  未授權公開取用 		3.35 MBAdobe PDF
顯示文件簡單紀錄


系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。

社群連結
聯絡資訊
10617臺北市大安區羅斯福路四段1號
No.1 Sec.4, Roosevelt Rd., Taipei, Taiwan, R.O.C. 106
Tel: (02)33662353
Email: ntuetds@ntu.edu.tw
意見箱
相關連結
館藏目錄
國內圖書館整合查詢 MetaCat
臺大學術典藏 NTU Scholars
臺大圖書館數位典藏館
本站聲明
© NTU Library All Rights Reserved