考量攻擊綜效下雲端網路存活度最大化之研究

Wei-Wen Hsiao; 蕭維文

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55943

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松
dc.contributor.author	Wei-Wen Hsiao	en
dc.contributor.author	蕭維文	zh_TW
dc.date.accessioned	2021-06-16T05:11:19Z	-
dc.date.available	2019-08-25
dc.date.copyright	2014-08-25
dc.date.issued	2014
dc.date.submitted	2014-08-18
dc.identifier.citation	[1] N. Waly, R. Tassabehji and M. Kamala, “Improving Organisational Information Security Management: The Impact of Training and Awareness,” High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems (HPCC-ICESS), 2012 IEEE 14th International Conference on, pp. 1270-1275, 2012. [2] Symantec, “2012 State of Security Survey,” 2012, http://www.symantec.com/about/news/theme.jsp?themeid=state-of-information. [3] IBM Internet Security Systems X-Force research and development team, “IBM X-Force 2012 Annual Trend and Risk Report,” IBM, March 2013, http://www.ibm.com/ibm/files/I218646H25649F77/Risk_Report.pdf. [4] R. Richardson, “2010 CSI Computer Crime and Security Survey,” Computer Security Institute, December 2010, http://gocsi.com/. [5] P. Mell and T. Grance, “The NIST Definition of Cloud Computing,” National Institute of Standard and Technology, September 2011, http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf. [6] AccelOps, “Cloud Security Survey 2013,” AccelOps, 2013, http://www.accelops.com/pdf/Cloud%20Security%20Survey%20Report.pdf. [7] X. Wu and D. Wang, “On-Demand VPC Topology Construction for Virtual Perimeter Defense in Public Clouds,” Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference, pp. 427-435, 2012. [8] P.E. Heegaard and K.S. Trivedi, “Network survivability modeling,” Computer Networks, 53.8: 1215-1234, 2009. [9] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, November 1997 (Revised: May 1999). [10] H.F. Lipson, N.R. Mead, and R.C. Linger, “Requirements Definition for Survivable Network Systems,” Proceedings of the 3rd International Conference on Requirements Engineering, pp. 14-23, April 1998. [11] J.C. Knight, K. Sullivan, S. Geist, and X. Du, “Information Survivability Control Systems,” ACM Proceedings of the 21st International Conference on Software Engineering, pp. 184-192, May 1999. [12] N.R. Mead, “Panel: Issues in Software Engineering for Survivable Systems,” ACM Proceedings of the 21st International Conference on Software Engineering, pp. 592-593, May 1999. [13] C. Wang, J.C. Knight, K.J. Sullivan and M.C. Elder, “Survivability Architectures: Issues and Approaches,” Proceedings of DARPA Information Survivability Conference and Exposition 2000 (DISCEX’00), Volume 2, pp. 157-171, January 2000. [14] A. Chiu, A. Elwalid, D. Awduche, I. Widjaja and X. Xiao, “Overview and Principles of Internet Traffic Engineering,” RFC3272, May 2002. [15] V.R. Westmark, “A Definition for Information System Survivability,” Proceedings of the 37th IEEE Hawaii International Conference on System Sciences, pp. 10-20, January 2004. [16] B.R. Haverkort and L. Cloth, “Model Checking for Survivability!,” 2nd International Conference on the Quantitative Evaluation of Systems, pp. 145-154, September 2005. [17] F.A. Al-Zahrani, “Survivability Performance Evaluation of Slotted Multi-fiber Optical Packet Switching Networks With and Without Wavelength Conversion,” 2nd Information and Communication Technologies (ICTTA'06), Volume 2, pp. 2242-2247, April 2006. [18] D. Botvich, N. Agoulmine, S. Balasubramaniam, and W. Donnelly, “A Multi-layered Approach Towards Achieving Survivability in Autonomic Network,” IEEE International Conference on Telecommunications and Malaysia International Conference on Communications 2007 (ICT-MICC‘07), pp. 360-365, May 2007. [19] A.H. Wang, S. Yan, and P. Liu, “A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems,” Availability, Reliability, and Security, 2010.ARES’10 International Conference on, pp.104-111, 2010. [20] S. Xu, “Collaborative Attack vs. Collaborative Defense,” COLLABORATVIE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Volume 10, Part 2,217-228, 2009. [21] S. Braynov and M. Jadliwala “Representation and Analysis of Coordinated Attasks,” FMSE ’03 Proceedings of the 2003 ACM workshop on Formal methods in security engineering, October 2003. [22] J. Brodkin, “Cloud computing hype spurs confusion, Gartner says,” COMPUTERWORLD, Sep. 2008, http://www.computerworld.com/s/article/9115904/Cloud_computing_hype_spurs_confusion_Gartner_says. [23] B. Sotomayor, R.S. Montero, I.M. Llorente and I. Foster, “An Open Source Solution for Virtual Infrastructure Management in Private and Hybrid Clouds,” NIST special publication, 2011. [24] IBM Global Education, “Virtualization in Education,” IBM, October, 2007. [25] C. Clark, K. Fraser, S. Hand, J.G. Hansen, E. Jul, C. Limpach, I. Pratt, A. Warfield, “Live migration of virtual machines,” Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation Volume 2. USENIX Association, p. 273-286, 2005. [26] A. Verma, U. Sharma, R. Jain and K. Dasgupta, “Compass: Optimizing the Migration Cost vs. Application Performance Tradeoff,” Network and Service Management, IEEE Transactions on, 5.2: 118-131, 2008. [27] T. Wood, P. Shenoy, A. Venkataramani and M. Yousif, “Black-box and Gray-box Strategies for Virtual Machine Migration,” NSDI, Vol. 7, 2007. [28] T. Wood, K. K. Ramakrishnan, P. Shenoy and J. Van der Merwe, “CloudNet: A Platform for Optimized WAN Migration of Virtual Machines,” Technical Report, HP, 2010. [29] X. Chen, H. Wan, S. Wang and X. Long, “Seamless Virtual Machine Live Migration on Network Security Enhanced Hypervisor,” Broadband Network & Multimedia Technology, 2009. IC-BNMT'09. 2nd IEEE International Conference, 2009. [30] L. YamunaDevi, P. Aruna and N. Priya, “Security in Virtual Machine Live Migration for KVM,” Process Automation, Control and Computing (PACC), 2011 International Conference, 2011. [31] G. Fan, H. Yu, L. Chen and D. Liu, “A Game Theoretic Method to Model and Evaluate Attack-Defense Strategy in Cloud Computing,” Services Computing (SCC), 2013 IEEE International Conference, 2013. [32] K. Ioanna and K. Sokratis, “A Game-Based Intrusion Detection Mechanism to Confront Internal Attackers,” Computers & Security, 29.8: 859-874, 2010. [33] M. M. Eman and S. A. Hatem, “Enhanced Data Security Model for Cloud Computing,” Informatics and Systems (INFOS), 2012 8th International Conference, 2012. [34] Sh. Ajoudanian and M.R. Ahmadi, “A Novel Data Security model for Cloud Computing,” International Journal of Engineering and Technology, 2012. [35] G. Fandel et al., “Measuring synergy effects of a Public Social Private Partnership (PSPP) project,” International Journal of Production Economics, 2012. [36] R. Cohen, L. Katzir and D. Raz, “An efficient approximation for the generalized assignment problem,” Information Processing Letters, 100(4), pp. 162-166, 2012. [37] G. B. Dantzig, “Discrete-variable extremum problems,” Operations research, 5(2), pp. 266-288, 1957 [38] F. k. Hwang, D. S. Richards and P. Winter, “The Steiner tree problem,” Elsevier, 1992. [39] L. Kou, G. Markowsky and L. Berman, “A fast algorithm for Steiner trees,” Acta informatica, 15(2), pp. 141-145, 1981 [40] S. H. Hwang, “Contest Success Functions: Theory and Evidence,” Economics Department Working Paper Series, Paper 11, 2009. [41] K. Hausken and G. Levitin, “Protection vs. false targets in series systems,” Reliability Engineering & System Safety, vol. 94, pp. 973-981, 2009. [42] K. Hausken and G. Levitin, “Efficiency of even separation of parallel elements with variable contest intensity,” Risk Anal 28(5):1477-1486, 2008. [43] S. Skaperdas, “Contest success functions,” Economic Theory, vol. 7, pp. 283-290, 1996. [44] D. S. Burdick, T. H. Naylor and W. E. Sasser, “Computer simulation experiment with economic system: the problem of experimental design,” Journal of the American statistical Association 62.320: 1315-1337, 1967.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55943	-
dc.description.abstract	現今許多組織與企業透過網路科技提供使用者各種服務，因此網路已然成為日常生活中所不可或缺的元素，透過網路，我們可以和朋友溝通、購物…等，但若企業未妥善保管顧客資料或是持續對於漏洞進行修補，則會讓企業帶來許多困擾甚至失去顧客的信心。從企業的角度，他們所面對的攻擊者與駭客越來越強大，技術也越來越精進，例如：攻擊者可以發動協同攻擊，此種攻擊方式會聚集一群攻擊者以合作的方式攻擊同一個目標節點，這類型的攻擊可產生綜效，因此較傳統的攻擊更具破壞力，且成功率更高。在本篇論文中，我們提出了一個與現實世界相當的綜效模型，並且可以看到並非人越多就一定有越好的攻擊效果。除了攻擊方式不斷演進外，資訊基礎建設也同樣在進步，雲端運算是近幾年最受關注的議題之一，除具多元化的特色外，企業也可用此種技術提供使用者多樣化且彈性的服務，與更強大的運算能力。我們會將本篇論文的網路都模擬在雲端的環境上。為了要讓企業提供的服務不中斷，在本篇論文中，我們採用了Local defense 和Migration兩種防禦機制。前者是當虛擬機器監視器察覺到所管控的虛擬機器被攻擊者攻擊時，他會對所有自己所管理的虛擬機器增加防禦力，利用此方法可以有效的防堵攻擊者的攻擊。而Migration則是可以動態的將虛擬機器從一台實體伺服器搬移到另外一台實體伺服器中，以提高網路存活度。論文中可以發現，Migration相對於Local defense 有較好的防禦效果。本篇論文的目標在於幫助企業找到一個有效的方法對抗多樣的外部威脅，除了傳統的防火牆、IDS與IPS…等防禦措施外，也會利用上述所提到的兩種防禦策略來增加網路的存活度。此外，在有限的資源下，幫助企業或是防禦方找到最佳的防禦策略與資源分配方式來防禦攻擊者的入侵。本研究最後會使用數學規劃合併Monte Carlo Simulation來解決此複雜與充滿隨機性的問題，讓防禦者用最有效的資源分配方式增加網路存活度。	zh_TW
dc.description.abstract	Many organizations rely on networks to provide various types of services for customers and users. Internet has become the basic necessity in our daily life. From the enterprises’ perspectives, since hackers and attackers are getting more and more powerful and skillful, this is a challenging problem. For instance, in nowadays, attackers could launch a collaborative attack, which is a powerful attack approach that enables a group of attackers gathering their attack power toward a single target. Further, the synergy effects of this particular type of attacks could cause more damage than traditional attack approaches. We proposed a synergy effect that described the collaborative attack that similar to real life. In this model, we also demonstrate that more people in the same group will not always bring better attack power. Not only attack approaches but also the computing infrastructure have been rapidly innovated. Cloud computing is a main trend and has caught much attentions. Our thesis will implement the network base on cloud environment. We provide two defense strategies—“Local defense mechanism” and “Migration mechanism.” In “Local defense mechanism”, when virtual machine monitor (VMM) detects a node being attacked but yet being compromised, it can increase defense resources for all the virtual machines (VMs) that belong to this VMM. As for, “Migration mechanism”, it enables VMs dynamically move from one server to another. In our thesis, we could find that “Migration mechanism” has a great defense capability than “Local defense mechanism.” Our goal is to help companies find an effective way to cope with varieties of threats. In addition to traditional defense strategies, such as firewall, IDS, and IPS, we incorporate local defense mechanism and virtual machine migration to enhance system survivability. Moreover, under limited budget, it is important for defenders or companies to seek the optimal way of allocating defense resources against attackers’ invasions. The problem is modeled as a bi-level mathematical formulation. Combining with the concept of Monte Carlo Simulation, a variety of feasible attack-defense scenarios are simulated to find effective defense strategies.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T05:11:19Z (GMT). No. of bitstreams: 1 ntu-103-R01725029-1.pdf: 7735339 bytes, checksum: 474d4d1064417c541cfb12febafc6288 (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	致謝 I Thesis Abstract II 論文摘要 IV Table of Contents VI List of Figures VIII List of Tables X Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 9 1.3 Literature Survey 12 1.3.1 Survivability 12 1.3.2 Collaborative Attack 15 1.3.3 Topology-Oriented Virtual Private Cloud (ToVPC) 16 1.3.4 Virtual Machine Migration 18 1.3.5 Cyber Warfare 21 1.4 Thesis Organization 23 Chapter 2 Problem Formulation 24 2.1 Problem Description 24 2.1.1 Migration Mechanism 24 2.1.2 Synergy Effect 25 2.1.3 Attacker Perspective 29 2.1.4 Attack Algorithm 32 2.1.5 Attacker Optimization 37 2.1.6 Defender Perspective 41 2.2 Attack-defense Scenario 45 2.2.1 Contest Success Function 45 2.2.2 Attack-defense Scenario 46 2.3 Mathematical Formulation 56 Chapter 3 Solution Approach 64 3.1 Mathematical Programming 64 3.2 Monte Carlo Simulation 65 3.3 Evaluation Process 67 3.4 Policy Enhancement 70 3.4.1 Commander Enhancement 70 3.4.2 Defender Enhancement 71 Chapter 4 Computational Experiment 80 4.1 Experiment Environment 80 4.2 Simulation Result 83 4.2.1 Convergence Evaluation Times 83 4.2.2 Topology Robustness 84 4.2.3 Attacker strategy analysis 85 4.3 Enhancement Result 89 4.3.1 Enhancement in proactive and reactive defense resource 89 4.3.2 Enhancement in Risk Level 92 Chapter 5 Conclusion and Future Work 95 5.1 Conclusion 95 5.2 Future Work 97 Reference 98
dc.language.iso	en
dc.title	考量攻擊綜效下雲端網路存活度最大化之研究	zh_TW
dc.title	Maximization of Cloud Network Survivability Considering Attack Synergy	en
dc.type	Thesis
dc.date.schoolyear	102-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	鍾順平,林盈達,呂俊賢
dc.subject.keyword	協同攻擊,網路存活度,攻擊綜效,虛擬機器搬移,資源分配,最佳化,數學歸納法,蒙地卡羅模擬法,	zh_TW
dc.subject.keyword	Collaborative Attack,Network Survivability,Attack Synergy Effect,Migration,Resource Allocation,Optimization,Mathematical Programming,Monte Carlo Simulation,	en
dc.relation.page	104
dc.rights.note	有償授權
dc.date.accepted	2014-08-19
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 目前未授權公開取用	7.55 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。