考慮智慧型攻擊者權限提升及經驗累積下網路強韌性之最大化

Huan-Ting Chen; 陳奐廷

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37124

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松
dc.contributor.author	Huan-Ting Chen	en
dc.contributor.author	陳奐廷	zh_TW
dc.date.accessioned	2021-06-13T15:19:38Z	-
dc.date.available	2018-07-22
dc.date.copyright	2008-08-05
dc.date.issued	2008
dc.date.submitted	2008-07-22
dc.identifier.citation	[1] R. Richardson, “2007 CSI/FBI Computer Crime and Security Survey”, Computer Security Institute, 2007, http://GoCSI.com. [2] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T.A. Longstaff, and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, Software Engineering Institute, Carnegie Mellon University, November 1997 (Revised: May 1999). [3] P. Tarvainen, “Survey of the Survivability of IT Systems,” The 9th Nordic Workshop on Secure IT-systems, November 2004. [4] J.C. Knight and K.J. Sullivan, “On the Definition of Survivability,” Technical Report CS-TR-33-00, Department of Computer Science, University of Virginia, December 2000. [5] Y. Liu and K.S. Trivedi, “A General Framework for Network Survivability Quantification,” Proceedings of the 12th GI/ITG Conference on Measuring, Modeling and Evaluation of Computer and Communication Systems, September 2004. [6] J.C. Knight, E.A. Strunk, and K.J. Sullivan, “Towards a Rigorous Definition of Information System Survivability,” Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX 2003), Volume 1, pp.78-89, April 2003. [7] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T.A. Longstaff, and N.R. Mead, “An Approach to Survivable Systems,” Technical Report CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University, 1999. [8] http://technet.microsoft.com/en-us/windowsserver/default.aspx [9] M.N. Azaiez, V.M. Bier, “Optimal Resource Allocation for Security in Reliability systems” European Journal of Operational Research, 181 pp. 773-786, 2007. [10] Z. Yongzheng and Y. Xiaochun, “A New Vulnerability Taxonomy Based on Privilege Escalation,” Proceedings of the 6th International Conference on Enterprise Information Systems, 2004. [11] M.A. McQueen, W.F. Boyer, M.A. Flynn, G..A. Beitel, “Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System” Proceeding of IEEE Internation Conference on System Sciences, 2006. [12] O.M. Alhazmi, Y.K. Malaiya, “Quantitative Vulnerability Assessment of Systems Software” Proceeding of IEEE Reliability and Maintainability Symposium, pp. 615-620, Jan 2005. [13] B. Brykczynski, R.A. Small, “Reducing Internet-Based Intrusions: Effective Security Path Management,” IEEE Software, Volume 20, No. 1, pp. 50-57, January 2003. [14] S. Bistarelli, F. Fioravanti, P. Peretti, “Defense Tree for Economic Evaluation of Security Investments,” Proceedings of the First International Conference on Availability, Reliability and Security (ARES’06), 2006. [15] C. Iheagwara “The effect of intrusion detection management methods on the return on investment,” Computers & Security, Volume 24, Number 3, pp. 231-228, 2004. [16] F. Harmantzis and M. Malek, “Security Risk Analysis and Evaluation,” Proceedings of IEEE International Conference on Communications ,Volume 4, pp. 1897-1901, June 2004. [17] V.R. Westmark, “A Definition for Information System Survivability,” Proceedings of the 37th IEEE Hawaii International Conference on System Sciences, Volume 9, p. 90303.1, 2004. [18] S.C. Liew and K.W. Lu, “A Framework for Network Survivability Characterization,” IEEE Journal on Selected Areas in Communications, Volume 12, Number. 1, pp. 52-58, January 1994 (ICC, 1992). [19] E.Jonsson and T. Olovsson, “A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior”, IEEE Transactions of Software Engineering, Volume 23, Number 4, pp. 235-245, April 1997. [20] J. McDermott, “Attack-Potential-Based Survivability Modeling for High-Consequence System,” Proceedings of the Third IEEE International Workshop on Information Assurance (IWIA’05). [21] S. McClure, J. Scambray, G. Kurtz, Hacking Exposed Network Security Secrets and Solutions, ISBN:9780072260816. [22] X. Song, M. Stinson, R. Lee, P. Albee, “An Approach to Analyzing the Windows and Linux Security Models” Proceeding of the 5th IEEE/ACIS International Conference on Computer and Information Science and 1st IEEE/ACIS International Workshop on Component-Based Software Architecture and Resuse (ICIS-COMSAR’06), pp. 56-62, 2006. [23] S. Kirkpatrick, C.D. Gelatt, Jr., M.P. Vecchi, “Optimization by Simulated Annealing”, Science, Volume 220, Number 4598, pp. 671-680, May 1983.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/37124	-
dc.description.abstract	網路的日益普及，帶來了日常生活上的便利，卻也伴隨而來更多的網路犯罪，因此網路安全及其強韌性之衡量已逐漸受到重視；對網路營運者而言，如何能有效的評估攻擊者行為及威脅也已日趨重要。在本篇論文中，我們提出一個兩階的數學規劃模型來描繪網路攻防情境以及攻擊者行為；其中內層問題，我們探討攻擊者欲利用最小攻擊成本來攻克網路上多個核心節點，而在其攻擊過程中，會不斷的累積攻擊經驗，使未來的攻擊成本有效的降低；此外，在攻擊者攻克某一節點後，亦可在此節點上進行權限提昇，如此攻擊者便可擁有足夠的權限來探測更多此節點上所擁有的資訊；在此，亦衡量這些資訊可能會對網路所造成的影響，亦即，攻擊者在攻克多個核心節點時，會同時讓這些資訊所造成的影響，達到一定程度的傷害；而在外層問題中，目標網路的管理者則能有效配置其有限防禦資源，使攻擊者需花費的攻擊成本最大化。為了求得此問題的最佳解，我們採用以模擬退火法為基礎的演算法來處理此問題，並設計出多種不同的初始解以及尋找鄰近解的方法，藉此獲得近似最佳解。	zh_TW
dc.description.abstract	Internet has become much more important and worldwide, but it gives cyber criminals opportunities to crash a network system and conduct other cyber-crimes. Therefore, the issues of network security and robustness have come into notice. It is necessary for a network operator to understand the attacker behavior in order to efficiently allocate his limited budget. In this thesis, we propose a two-level mathematical programming model to describe the network attack and defense scenario. In the inner problem, an attacker’s objective is to compromise multiple core nodes using the minimum total attack cost. During the attack actions, the attacker may gain some experience from previous attacks to further reduce the attack costs in the future. Moreover, he can also pay extra fee to escalate on a compromised node to get higher user privileges, so that he will have higher authority to access more information on the node. We also measure the impact incurred by such information leakage in our model. As a result, the attacker will try to compromise multiple core nodes and collect valuable information, so that the total impact incurred by information leakage will exceed a threshold. Meanwhile, in the outer problem, the network operator of the target network allocates limited defense resources appropriately to maximize the total attack cost of the attacker. We adopt some Simulated Annealing-based algorithms to solve the problem and develop some initial solutions and several kinds of methods for searching neighbor solutions.	en
dc.description.provenance	Made available in DSpace on 2021-06-13T15:19:38Z (GMT). No. of bitstreams: 1 ntu-97-R95725012-1.pdf: 971824 bytes, checksum: 4e088dcb3837f4769608622819d84f2d (MD5) Previous issue date: 2008	en
dc.description.tableofcontents	口試委員審定書 I 謝誌 II 論文摘要 III THESIS ABSTRACT IV Table of Contents VI List of Figures IX Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 4 1.3 Literature Survey 8 1.3.1 Risk Management 9 1.3.2 Network Survivability 12 1.3.3 Attacker Behavior and Privilege Escalation 14 1.4 Proposed Approach 16 1.5 Thesis Organization 17 Chapter 2 Problem Formulation of the DRA and AEE Models 18 2.1 Problem Description and Assumption of the DRA Model 19 2.2 Problem Formulation of the DRA Model 28 2.3 Problem Formulation of the AEE Model 33 Chapter 3 Solution Approach 37 3.1 Simulated Annealing Method 37 3.2 Solution Approach for the AEE Model 41 3.3 Solution Approach for the DRA Model 47 Chapter 4 Computation Experiments 50 4.1 Computation Experiments with the AEE Model 50 4.1.1 Simple Algorithms 50 4.1.2 Experiment Environment 52 4.1.3 Experiment Results 59 4.1.4 Discussion of Results 73 4.2 Computation Experiments with the DRA Model 78 4.2.1 Experiment Environment 78 4.2.2 Experiment Results 80 4.2.3 Discussion of Results 84 Chapter 5 Conclusion and Future Work 87 5.1 Conclusions 87 5.2 Future Work 89 References 91 簡歷 95
dc.language.iso	en
dc.subject	模擬退火法	zh_TW
dc.subject	最佳化	zh_TW
dc.subject	網路攻防	zh_TW
dc.subject	存活度	zh_TW
dc.subject	多核心節點	zh_TW
dc.subject	權限提升	zh_TW
dc.subject	累積經驗	zh_TW
dc.subject	Network Attack and Defense	en
dc.subject	Optimization	en
dc.subject	Simulated Annealing	en
dc.subject	Accumulated Experience	en
dc.subject	Escalation	en
dc.subject	Multiple Core Nodes	en
dc.subject	Survivability	en
dc.title	考慮智慧型攻擊者權限提升及經驗累積下網路強韌性之最大化	zh_TW
dc.title	Maximization of Network Robustness Considering the Effect of Escalation and Accumulated Experience of Intelligent Attackers	en
dc.type	Thesis
dc.date.schoolyear	96-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	孫雅麗,莊裕澤,趙啟超,呂俊賢
dc.subject.keyword	網路攻防,存活度,多核心節點,權限提升,累積經驗,模擬退火法,最佳化,	zh_TW
dc.subject.keyword	Network Attack and Defense,Survivability,Multiple Core Nodes,Escalation,Accumulated Experience,Simulated Annealing,Optimization,	en
dc.relation.page	93
dc.rights.note	有償授權
dc.date.accepted	2008-07-24
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-97-1.pdf 未授權公開取用	949.05 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。