請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55974
標題: | 於雲端環境下考量誘捕系統抵禦協同攻擊以最大化網路存活度之研究 Maximization of Network Survivability with Honeypots against Collaborative Attacks in Cloud Environments |
作者: | I-Tang Chang 張怡棠 |
指導教授: | 林永松(Yeong-Sung Lin) |
關鍵字: | 協同攻擊,網路存活度,雲端運算,誘捕系統,最佳化,資源分配,數學規劃法,蒙地卡羅法, Collaborative Attack,Network Survivability,Cloud Computing,Honeypots,Optimization,Resource Allocation,Mathematical Programming,Monte Carlo Simulation, |
出版年 : | 2014 |
學位: | 碩士 |
摘要: | 近年來,由於許多資訊技術例如光纖網路、虛擬化技術與分散式運算等之快速發展,許多概念相繼被提出,雲端運算便是其中之一。因為雲端環境的特色,使用者可以依自己所需使用各式各樣不同且有彈性的服務,此特色省去了使用者在IT設備採購與維護的費用,同時吸引了許多企業選擇將其服務架構建置在雲端基礎建設之上。然而,仍然存在著一些惡意的駭客想要透過攻擊這些企業提供的服務來獲取非法的利益。除此之外,他們通常會集結成群發動所謂的協同攻擊。因此像是資料外洩以及網路服務中斷之類的資安事故層出不窮,同時也變成了服務提供商的夢靨。
所幸網路防禦的工具發展至今也相當的成熟,這也代表著防禦者有更多的防禦措施可供選擇以保護服務不受外在威脅,誘捕系統便是其中之一。顧名思義,誘捕系統是一種佈署在網路上的防禦機制,其創造一個誘餌來吸引、偵測、誘導、監控、捕捉攻擊者,它能夠作為真正提供服務的實體之替身,並不含任何重要資訊。特別在雲端環境之下,誘捕系統能夠被更加有效率且更動態的應用。 在本研究中,我們將會著重在幫助防禦方以最有效率的方式分配像是誘捕系統等防禦資源來抵抗外在的攻擊。研究問題會以數學模型呈現。此外由於我們問題中攻防策略內含有高度的不確定性,我們使用Monte Carlo simulation 來模擬出結果。最後我們會找出在攻方使用最佳策略下防禦者最好的防禦資源配置方式。 Due to the flourish development of information technologies such as fiber-network, virtualization technologies and distributed computing in recent years, lots of new concepts are proposed, and one of them is cloud computing. According to the features of the cloud environment, users can subscribe different kinds of flexible and scalable services on demand without IT infrastructure establishing expenses as well as maintenance expenses, which attracts many enterprises to build their IT environment through the cloud platform. However, there are always some malicious hackers trying to get illegal profits from compromising services provided by enterprises; moreover, they usually group together to launch such a wave of collaborative attack. Hence, such as data breach and service disruption incidents take place frequently and become the nightmare of the service provider. On the other hand, the development of network defense tools also gets fully-fledged nowadays, which represents that the defender have more defense alternatives to protect the network from external threats. The honeypot is a representative one. As the name suggests, the honeypot is a defense mechanism used to create a decoy to attract, detect, deflect, monitor, and trap attackers, which can serve as a body stunt of the real service without important information. Especially in the cloud environment, honeypots can be leveraged more dynamically and efficiently. In this thesis, we focus on helping the defender to allocate defense resource such as honeypots in the most efficient way against external attacks. Our scenario is depicted by mathematical programming, and Monte Carlo simulation is applied to solve the problem because of the non-deterministic property of attack-defense strategies in our problem. The ultimate goal is to figure out the optimal defense strategy against the best attack strategy, which is also the defender’s worst case. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55974 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-103-1.pdf 目前未授權公開取用 | 5.94 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。