請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37018完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 林永松 | |
| dc.contributor.author | Ming-Yang Huang | en |
| dc.contributor.author | 黃明陽 | zh_TW |
| dc.date.accessioned | 2021-06-13T15:17:57Z | - |
| dc.date.available | 2011-08-17 | |
| dc.date.copyright | 2011-08-17 | |
| dc.date.issued | 2011 | |
| dc.date.submitted | 2011-08-11 | |
| dc.identifier.citation | [1] Symantec Corporation, “2010 State of Enterprise Security Report,” Symantec, February 2010, http://www.symantec.com/index.jsp.
[2] IBM Internet Security Systems X-Force research and development team, “IBM X-Force 2010 Mid-Year Trend and Risk Report,” IBM, August 2010, https://www-935.ibm.com/services/us/iss/xforce/trendreports/. [3] S. Peters, “2009 CSI Computer Crime and Security Survey,” Computer Security Institute, December 2009, http://gocsi.com/. [4] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, November 1997 (Revised: May 1999). [5] V.R. Westmark, “A Definition for Information System Survivability,” Proceedings of the 37th IEEE Hawaii International Conference on System Sciences, Track 9, Volume 9, January 2004. [6] C. Fung, Y.L. Chen, X. Wang, J. Lee, R. Tarquini, M. Anderson , R. Linger, “Survivability Analysis of Distributed Systems Using Attack Tree Methodology,” Proceedings of the IEEE Military Communications Conference, Volume 1, pp. 583-589, October 2005. [7] “ATIS Telecom Glossary 2007,” Alliance for Telecommunications Industry Solutions, http://www.atis.org/glossary/definition/aspx?id=1039. [8] S. Balasubramaniam, D. Botvich, W. Donnelly, and N. Agoulmine, “A Multi-Layered approach towards achieving Survivability in Autonomic Network,” Proceedings of the 2007 IEEE International Conference on Telecommunications and Malaysia International Conference on Communications, pp. 360-365, May 2007. [9] Z. Ma and A.W. Krings, “Survival Analysis Approach to Reliability, Survivability and Prognostics and Health Management (PHM),” Proceedings of the 2008 IEEE Aerospace Conference, pp. 1-20, March 2008. [10] M. Garg and J.C. Smith, “Models and algorithms for the design of survivable multicommodity flow networks with general failure scenarios,” Omega, Volume 36, Issue 6, pp. 1057-1071, December 2008. [11] M.N. Lima, A.L. Santos, and G. Pujolle, “A Survey of Survivability in Mobile Ad Hoc Networks,” IEEE Communications Surveys and Tutorials, Volume 11, Issue 1, pp. 66-77, First Quarter 2009. [12] P.E. Heegaard and K.S. Trivedi, “Network survivability modeling,” Computer Networks, Volume 53, Issue 8, pp. 1215-1234, June 2009. [13] Z. Ma, “Towards a Unified Definition for Reliability, Survivability and Resilience (I): the Conceptual Framework Inspired by the Handicap Principle and Ecological Stability,” Proceedings of the 2010 IEEE Aerospace Conference, pp. 1-12, March 2010. [14] F. Xing and W. Wang, “On the Survivability of Wireless Ad Hoc Networks with Node Misbehaviors and Failures,” IEEE Transactions on Dependable and Secure Computing, Volume 7, Issue 3, July 2010. [15] S. Skaperdas, “Contest success functions” Economic Theory, Volume 7, Issue 2, pp. 283-290, February 1996. [16] G. Levitin and K. Hausken, “False targets efficiency in defense strategy,” European Journal of Operational Research, Volume 194, Issue 1, pp. 155-162, April 2009. [17] K. Hausken and G. Levitin, “Protection vs. false targets in series systems,” Reliability Engineering and System Safety, Volume 94, Issue 5, pp. 973-981, May 2009. [18] L.M. Vaquero, L.R. Merino, J. Caceres, and M. Lindner, “A Break in the Clouds: Towards a Cloud Definition,” ACM SIGCOMM Computer Communication Review, Volume 39, Issue 1, January 2009. [19] R. Buyya, C.S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future Generation Computer Systems, Volume 25, Issue 6, pp. 599-616, June 2009. [20] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A View of Cloud Computing,” Communications of the ACM, Volume 53, Issue 4, pp. 50-58, April 2010. [21] L. Wang, G. Laszewski, A. Younge, X. He, M. Kunze, J. Tao, and C. Fu, “Cloud Computing: a Perspective Study,” New Generation Computing, Volume 28, Issue 2 pp. 137-146, April 2010. [22] F. Lombardi and R.D. Pietro, “Secure virtualization for cloud computing,” Journal of Network and Computer Applications, June 2010. [23] J. Archer, A. Boehme, D. Cullinane, P. Kurtz, N. Puhlmann, and J. Reavis, “Top Threats to Cloud Computing V1.0,” Cloud Security Alliance, March 2010, http://www.cloudsecurityalliance.org/topthreats. [24] M. Sink, “The Use of Honeypots and packet Sniffers for Intrusion Detection”, Indiana University of Pennsylvania, April 2001. Available on line: http://www.lib.iup.edu/comscisec/SANSpapers/msink.htm. [25] L. Spitzner, “Honeypot: Tracking Hackers,” Addison-Wesley, ISBN 0-321-10895-7, 2002. [26] H. Debar, F. Pouget, and M. Dacier, “White Paper: “Honeypot, Honeynet, Honeytoken: Terminological issues”,” Institut Eurécom Research Report RR-03-081, September 2003. [27] C.K. Dimitriadis, “Improving Mobile Core Network Security with Honeynets,” IEEE Security and Privacy, Volume 5, Issue 4, pp. 40-47, July 2007. [28] S. Xing, H. Xue, and G. Li, “Honeypot Protection Detection Response Recovery Model for Information Security Management Policy,” Asian Social Science, Volume 6, Issue 12, December 2010. [29] C. Stoll, “Stalking the Wily Hacker,” Communications of the ACM, Volume 31, Issue 5, pp. 484-500, May 1988. [30] C. Stoll, “The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage,” Doubleday, ISBN 0-385-24946-2, 1989. [31] B. Cheswick, “An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied,” USENIX Conference, USENIX, pp. 163-174, 1992. [32] C. Seifert, I. Welch, and P. Komisarczuk, “Taxonomy of Honeypots,” Technical Report CS-TR-06/12, June 2006. [33] M.H. y López and C.F.L. Reséndez, “Honeypots: Basic Concepts, Classification and Educational Use as Resources in Information Security Education and Courses,” Proceedings of the Informing Science and IT Education Conference, 2008. [34] Y. Huang, D. Arsenault, and A. Sood, “Closing Cluster Attack Windows Through Server Redundancy and Rotations,” Proceedings of the 6th IEEE International Symposium on Cluster Computing and the Grid Workshops, May 2006. [35] Y. Huang, D. Arsenault, and A. Sood, “Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security,” Journal of Networks, Volume 1, Issue 5, pp. 21-30, October 2006. [36] M. Smith, C. Schridde, and B. Freisleben, “Securing Stateful Grid Servers through Virtual Server Rotation”, Proceedings of the 17th International Symposium on High Performance Distributed Computing, June 2008. [37] T. Roeder and F.B. Schneider, “Proactive Obfuscation,” ACM Transactions on Computer Systems, Volume 28, Issue 2, Article 4, July 2010. [38] F. Cohen, “Managing Network Security: Attack and Defence Strategies,” Network Security, Volume 1999, Issue 7, pp. 7-11, July 1999. [39] D. Kvedar, M. Nettis, and S.P. Fulton, “The Use of Formal Social Engineering Techniques to Identify Weaknesses during a Computer Vulnerability Competition,” Journal of Computer Sciences in Colleges, Volume 26, Issue 2, December 2010. [40] S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu, “A Survey of Game Theory as Applied to Network Security,” Proceedings of the 43rd Hawaii International Conference on System Sciences, pp. 1-10, January 2010. [41] F.Y.S. Lin, Y.S. Wang, and P.H. Tsang, “Efficient Defense Strategies to Minimize Attackers’ Success Probabilities in Honeynet,” proceedings of the 6th International Conference on Information Assurance and Security, August 2010. [42] S.D. Galup, R. Dattero, J.J. Quan, and S. Conger, “An Overview of IT Service Management,” Communications of the ACM, Volume 52, Issue 5, May 2009. [43] M.L. Fisher, “An Applications Oriented Guide to Lagrangian Relaxation,” Interfaces, Vol. 15, No.2, pp. 10-21, April 1985. [44] M.H. Kalos and P.A. Whitlock, “Monte Carlo Methods,” John Wiley & Sons Inc, ISBN 978-3-527-40760-6, November 2008. [45] G. Levitin and K. Hausken, “Preventive strike vs. false targets and protection in defense strategy,” Reliability Engineering & System Safety, Volume 96, Issue 8, pp. 912-924, August 2011. [46] M.L. Fisher, “The Lagrangian Relaxation Method for Solving Integer Programming Problems,” Management Science, Volume 27, Number 1, pp. 1-18, January 1981. [47] S. Nagaraja and R. Anderson, “Dynamic Topologies for Robust Scale-Free Networks,” Bio-Inspired Computing and Communication, Volume 5151, pp. 411-426, 2008. [48] J. Blitzstein and P. Diaconis, “A Sequential Importance Sampling Algorithm for Generating Random Graphs with Prescribed Degrees,” Internet Mathematics, Volume 6, pp. 489-522, March 2011. | |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37018 | - |
| dc.description.abstract | 虛擬化在企業發展過程中扮演重要的角色。透過該技術,使用者可不受現有的硬體架構和地域限制,彈性的進行運算與儲存資源,但同時也使得虛擬化環境的資訊安全議題更加複雜。身為服務提供者兼防禦者,在服務廣大的合法使用者之餘,也須面臨各式各樣的攻擊者與日新月異的攻擊手法,因此如何在惡意攻擊下最大化系統存活度成為一個極度重要的議題。除採取適當的資源配置策略外,因現實世界中攻擊者大多對於欲攻擊的目標僅擁有「不完全資訊」,並未完全掌握防禦者所使用的防禦機制,故攻防過程中防禦者可透過誘捕系統和動態拓樸調整達到欺騙攻擊者與消耗其資源的目的。在維持一定服務品質水準的前提下降低核心節點被攻克的機率,提升整體網路系統的存活度。
在本論文中,我們將攻防情境轉化成一個數學規劃問題,用以描述網路系統被攻擊者攻克的機率,並提出一套以鬆弛觀念與蒙地卡羅法為基礎的解題方法,結合數學規劃法與模擬,處理更貼近真實情況的問題。在模擬的過程中,藉由每次評估所獲得的相關資訊,逐步調整並推導出最適當的修正方向。最終得出能使網路系統被攻克機率最小化之防禦資源配置與相對應的防禦策略。 | zh_TW |
| dc.description.abstract | Virtualization plays an important role in the enterprise development. Through this technology, users can access computing power and storage resource flexibly without the limitation of hardware framework and geography. However, it also raises the complexity of information security in the virtualization environment. As a service provider, we serve numerous legitimate users and strive against the variety of attackers with the diversity of attack tactics simultaneously. Therefore, how to maximize the survivability of network system under malicious attack becomes an extremely notable subject. Since most attackers only have “incomplete information” of the targeted system in the real world and only have a little knowledge about defense mechanisms, the defender can distract attackers and waste their budget by deception techniques and dynamic topology reconfiguration. Moreover, the defender should decrease the compromised probability of core nodes and maintain the specific Quality of Service level at the same time.
In this thesis, we model the attack-defense scenario as a mathematical programming problem that describes attackers’ success probability and propose a solution approach which combines the mathematical programming and simulation. Based on the concept of relaxation and Monte Carlo simulation, the scale of solvable problem is extended. In the process of simulation, we can gradually improve the quality of solution and conclude the most appropriate revised direction via the information gathered from each evaluation. Finally, the experiment result comprising the defense resource allocation and corresponding defense strategies for the defender to minimize the compromised probability of network system. | en |
| dc.description.provenance | Made available in DSpace on 2021-06-13T15:17:57Z (GMT). No. of bitstreams: 1 ntu-100-R98725047-1.pdf: 2089866 bytes, checksum: 329a111ba428cf42746970ed0a36fae5 (MD5) Previous issue date: 2011 | en |
| dc.description.tableofcontents | 謝誌 I
論文摘要 II THESIS ABSTRACT III Table of Contents V List of Tables VII List of Figures VIII Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 11 1.3 Literature Survey 13 1.3.1 Survivability 13 1.3.2 Virtualization 18 1.3.3 Deception Based Mechanism 24 1.3.4 Dynamic Topology Reconfiguration 28 1.4 Proposed Approach 29 1.5 Thesis Organization 30 Chapter 2 Problem Formulation 31 2.1 Problem Description 31 2.1.1 Virtualization Environment 31 2.1.2 Defender Perspective 32 2.1.3 Attacker Perspective 33 2.2 Attack-defense Scenarios 42 2.3 Mathematical Formulation 56 Chapter 3 Solution Approach 67 3.1 Mathematical Programming 67 3.2 Monte Carlo Simulation 69 3.3 The Combination of Mathematical Programming and Monte Carlo Simulation 70 3.3.1 Evaluation Process 70 3.3.2 Policy Enhancement 74 3.4 Initial Allocation Scheme 84 3.4.1 Topology Generation 84 3.4.2 General Defense Resource Allocation 84 Chapter 4 Computational Experiments 86 4.1 Experiment Environment 86 4.2 Experiment Result 90 Chapter 5 Conclusion and Future Work 103 5.1 Conclusion 103 5.2 Future Work 105 References 106 | |
| dc.language.iso | en | |
| dc.subject | 攻防 | zh_TW |
| dc.subject | 網路 | zh_TW |
| dc.subject | 資源配置 | zh_TW |
| dc.subject | 數學規劃 | zh_TW |
| dc.subject | 拉格蘭日鬆弛法 | zh_TW |
| dc.subject | 模擬 | zh_TW |
| dc.subject | 虛擬化 | zh_TW |
| dc.subject | 誘捕系統 | zh_TW |
| dc.subject | 動態拓樸調整 | zh_TW |
| dc.subject | 服務品質 | zh_TW |
| dc.subject | 最佳化 | zh_TW |
| dc.subject | 不完全資訊 | zh_TW |
| dc.subject | 存活度 | zh_TW |
| dc.subject | 網路 | zh_TW |
| dc.subject | Resource Allocation | en |
| dc.subject | Network Attack and Defense | en |
| dc.subject | Network Survivability | en |
| dc.subject | Optimization | en |
| dc.subject | Mathematical Programming | en |
| dc.subject | Lagrangian Relaxation | en |
| dc.subject | Simulation | en |
| dc.subject | Virtualization | en |
| dc.subject | Honeypots | en |
| dc.subject | Dynamic Topology Reconfiguration | en |
| dc.subject | Quality of Service | en |
| dc.subject | Incomplete Information | en |
| dc.title | 於虛擬化環境下考量誘捕系統及動態拓樸調整以達到攻擊者成功機率最小化之有效網路建置與防禦策略 | zh_TW |
| dc.title | Effective Network Planning and Defending Strategies to Minimize Attackers’Success Probabilities by Deception and Dynamic Topology Reconfiguration in Virtualization Environment | en |
| dc.type | Thesis | |
| dc.date.schoolyear | 99-2 | |
| dc.description.degree | 碩士 | |
| dc.contributor.oralexamcommittee | 趙啟超,莊東穎,呂俊賢,林盈達 | |
| dc.subject.keyword | 網路,攻防,網路,存活度,最佳化,資源配置,數學規劃,拉格蘭日鬆弛法,模擬,虛擬化,誘捕系統,動態拓樸調整,服務品質,不完全資訊, | zh_TW |
| dc.subject.keyword | Network Attack and Defense,Network Survivability,Optimization,Resource Allocation,Mathematical Programming,Lagrangian Relaxation,Simulation,Virtualization,Honeypots,Dynamic Topology Reconfiguration,Quality of Service,Incomplete Information, | en |
| dc.relation.page | 112 | |
| dc.rights.note | 有償授權 | |
| dc.date.accepted | 2011-08-11 | |
| dc.contributor.author-college | 管理學院 | zh_TW |
| dc.contributor.author-dept | 資訊管理學研究所 | zh_TW |
| 顯示於系所單位: | 資訊管理學系 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| ntu-100-1.pdf 未授權公開取用 | 2.04 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。