Please use this identifier to cite or link to this item:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/29195
Title: | 在智慧型與惡意型攻擊下存活時間最大化 Maximization of Network Survival Time upon Intelligent and Malicious Attacks |
Authors: | Chun-Wei Chen 陳俊維 |
Advisor: | 林永松(Yeong-Sung Lin) |
Keyword: | 防禦資源配置策略,資訊安全,網路攻防,存活時間,拉格蘭日鬆弛法,最佳化, Defense Resource Allocation Strategy,Information Security,Network Attack and Defense,Survival Time,Lagrangean Relaxation Method,Optimization, |
Publication Year : | 2007 |
Degree: | 碩士 |
Abstract: | 沒有一套資訊系統是完全安全的。有經驗的攻擊者能夠在各式各樣的攻擊方式中選擇一個最適當的,包括利用員工的濫用、系統的弱點、字典攻擊,甚至是暴力攻擊來侵入並毀壞系統。因此對於網路管理者而言,擬定有效的防禦策略使得網路中重要的系統或主機在遭受攻擊時能夠將存活時間拉長,藉此讓管理者有更長的時間來回應惡意的網路攻擊。
在這篇論文中,我們考慮在智慧型與惡意型攻擊下目標節點存活時間最大化的問題,而攻擊者攻克網路中節點的時間是該節點分配到的防禦資源之函數。這個問題可以被表示為一個最小最大化的雙層整數規劃問題,其中,內層的最大化問題表示攻擊者在固定的時間與防禦資源配置策略下,決定到達目標節點最佳的攻擊路徑以達到最大的成功機率;外層的最小化問題表示網路管理者藉由調整防禦資源配置策略使得攻擊者成功的機率最小化。我們也將問題加以延伸,考慮攻擊者從攻擊的過程中獲得經驗累積所造成的影響。我們假設每攻克一個節點就會獲得一個折扣係數,而這個係數會影響之後攻擊者攻克網路中節點的時間與防禦資源之函數。此論文利用拉格蘭日鬆弛法與次梯度法這兩種基本方式來發展演算法,並利用電腦實驗來衡量這個演算法的效率與效果。 No information system in a network is absolutely secure. Sophisticated attackers may adopt various types of hacking techniques, such as staff abuses, system vulnerabilities, dictionary attacks, or brute force attacks, to penetrate and damage the system. Therefore, it is essential that effective defense strategies be devised by network administrators to maximize the survival time of critical/core components in networks upon attacks so as to achieve the longest response time. In this thesis, the problem of maximization of the core node survival time upon intelligent and malicious attacks is considered. The time for an attacker to compromise a node in the network is considered as a random variable, of which the associated CDF is assumed to be a function of the allocated defense resource. The problem is formulated as a mini-max integer programming problem, where the inner (maximization) problem is for the attacker to determine an optimal attack path to the core node so as to maximize his/her success probability under a given time constraint and a given defense resource allocation policy, while the outer (minimization) problem is for the network administrator to adjust his/her defense resource allocation policies so as to minimize the success probability of the attacker. The basic approach to the algorithm development is Lagrangean relaxation and the subgradient method. The efficiency and effectiveness of the proposed algorithms will be evaluated by computational experiments. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/29195 |
Fulltext Rights: | 有償授權 |
Appears in Collections: | 資訊管理學系 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
ntu-96-1.pdf Restricted Access | 1.96 MB | Adobe PDF |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.