於虛擬化環境下透過誘捕系統因應惡意合作攻擊以最大化網路存活度之研究

Yu-Pu Wu; 吳育溥

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63013

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松
dc.contributor.author	Yu-Pu Wu	en
dc.contributor.author	吳育溥	zh_TW
dc.date.accessioned	2021-06-16T16:18:47Z	-
dc.date.available	2014-02-16
dc.date.copyright	2013-02-16
dc.date.issued	2012
dc.date.submitted	2013-02-04
dc.identifier.citation	References [1] S.D. Galup, R. Dattero, J.J. Quan, and S. Conger, “An Overview of IT Service Management,” Communications of the ACM, Volume 52, Issue 5, May 2009. [2] IBM Internet Security Systems X-Force research and development team, “IBM X-Force 2011 Mid-Year Trend and Risk Report,” IBM, September 2011, https://www-935.ibm.com/services/us/iss/xforce/trendreports/. [3] R. Richardson, “2010 CSI Computer Crime and Security Survey,” Computer Security Institute, December 2010, http://gocsi.com/. [4] D. Kvedar, M. Nettis, and S.P. Fulton, “The Use of Formal Social Engineering Techniques to Identify Weaknesses during a Computer Vulnerability Competition,” Journal of Computer Sciences in Colleges, Volume 26, Issue 2, December 2010. [5] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, November 1997 (Revised: May 1999). [6] V.R. Westmark, “A Definition for Information System Survivability,” Proceedings of the 37th IEEE Hawaii International Conference on System Sciences, Track 9, Volume 9January 2004. [7] C. Fung, Y.L. Chen, X. Wang, J. Lee, R. Tarquini, M. Anderson , and R. Linger, “Survivability Analysis of Distributed Systems Using Attack Tree Methodology,” Proceedings of the IEEE Military Communications Conference, Volume 1, pp. 583-589, October 2005. [8] “ATIS Telecom Glossary 2007,” Alliance for Telecommunications Industry Solutions, http://www.atis.org/glossary/definition/aspx?id=1039. [9] S. Balasubramaniam, D. Botvich, W. Donnelly, and N. Agoulmine, “A Multi-Layered Approach towards Achieving Survivability in Autonomic Network,” Proceedings of the 2007 IEEE International Conference on Telecommunications and Malaysia International Conference on Communications, pp. 360-365, May 2007. [10] Z. Ma and A.W. Krings, “Survival Analysis Approach to Reliability, Survivability and Prognostics and Health Management (PHM),”Proceedings of the 2008 IEEE Aerospace Conference, pp. 1-20, March 2008. [11] M. Garg and J.C. Smith, “Models and algorithms for the design of survivable multicommodity flow networks with general failure scenarios,” Omega, Volume 36, Issue 6, pp. 1057-1071, December 2008. [12] M.N. Lima, A.L. Santos, and G. Pujolle, “A Survey of Survivability in Mobile Ad Hoc Networks,” IEEE Communications Surveys and Tutorials, Volume 11, Issue 1, pp. 66-77, First Quarter 2009. [13] P.E. Heegaard and K.S. Trivedi, “Network survivability modeling,” Computer Networks, Volume 53, Issue 8, pp. 1215-1234, June 2009. [14] Z. Ma, “Towards a Unified Definition for Reliability, Survivability and Resilience (I): the Conceptual Framework Inspired by the Handicap Principle and Ecological Stability,” Proceedings of the 2010 IEEE Aerospace Conference, pp. 1-12, March 2010. [15] F. Xing and W. Wang, “On the Survivability of Wireless Ad Hoc Networks with Node Misbehaviors and Failures,” IEEE Transactions on Dependable and Secure Computing, Volume 7, Issue 3, July 2010. [16] F. Cohen, “Managing Network Security: Attack and Defence Strategies,” Network Security, Volume 1999, Issue 7, pp. 7-11, July 1999. [17] S. Skaperdas, “Contest success functions” Economic Theory, Volume 7, Issue 2, pp. 283-290, February 1996. [18] G.Levitin and K. Hausken, “False targets efficiency in defense strategy,” European Journal of Operational Research, Volume 194, Issue 1, pp. 155-162, April 2009. [19]K. Hausken and G. Levitin, “Protection vs. false targets in series systems,”Reliability Engineering and System Safety, Volume 94, Issue 5, pp. 973-981, May 2009. [20] G. Levitin and K. Hausken, “Preventive strike vs. false targets and protection in defense strategy,” Reliability Engineering & System Safety, Volume 96, Issue 8, pp. 912-924, August 2011. [21] D.A. Fisher, H.F. Lipson, N.R. Mead, R.C. Linger, R.J. Ellison, and T. Longstaff, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, November 1997. [22] H.F. Lipson, N.R. Mead, and R.C. Linger, “Requirements Definition for Survivable Network Systems,” Proceedings of the 3rd International Conference on Requirements Engineering, pp. 14-23, April 1998. [23] P. Ammann, P. Liu, and S. Jajodia, “A Fault Tolerance Approach to Survivability,” Proceedings of Computer Security, Dependability and Assurance: From Needs to Solutions, pp. 204-212, July 1998. [24] N.R. Mead, “Panel: Issues in Software Engineering for Survivable Systems,” ACM Proceedings of the 21st International Conference on Software Engineering, pp. 592-593, May 1999. [25] D.-P. Hsing, H. Kim, L. Kant, and T.-H. Wu, “Modeling and Simulation Study of Survivability Mechanisms in WDM-based High-speed Networks,” Global Telecommunications Conference 1999 (GLOBECOM‘99), Volume 1B, pp. 1028-1034, December 1999. [26] C.A. Ugarte, G.T. Wong, M.A. Hiltunen, and R.D. Schlichting, “Survivability through Customization and Adaptability: The Cactus Approach,” Proceedings of DARPA Information Survivability Conference and Exposition 2000 (DISCEX’00), Volume 1, pp. 294-307, January 2000. [27] J. Wing, R. Linger, S. Jha, and T. Longstaff, “Survivability Analysis of Network Specifications,” Proceedings of International Conference on Dependable Systems and Networks 2000 (DSN’00), pp. 613-622, June 2000. [28] S.D. Moitra and S.L. Konda, “A Simulation Model for Managing Survivability of Networked Information Systems,” Technical Report CMU/SEI-2000-TR-020, December 2000. [29] A. Chiu, A. Elwalid, D. Awduche, I. Widjaja, and X. Xiao, “Overview and Principles of Internet Traffic Engineering,” RFC3272, May 2002. [30] C.-F. Su and G.H. Sasaki, “The Interface between IP and WDM and Its Effect on the Cost of Survivability,” IEEE Communications Magazine, pp. 74-79, January 2003. [31] F.A. Al-Zahrani, “Survivability Performance Evaluation of Slotted Multi-fiber Optical Packet Switching Networks With and Without Wavelength Conversion,” 2nd Information and Communication Technologies (ICTTA'06), Volume 2,pp. 2242-2247, April 2006. [32] ATIS Telecom Glossary 2007, http://www.atis.org/glossary/definition.aspx?id=1039 (original: “Federal Standard 1037C”, August 1996). [33] S. Xu, “Collaboratvie Attack vs. Collaborative Defense,” COLLABORATVIE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2009, Volume 10, Part 2,217-228 [34] S. Braynov and M. Jadliwala “Representation and Analysis of Coordinated Attasks,” FMSE ’03 Proceedings of the 2003 ACM workshop on Formal methods in security engineering, October 2003. [35] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A View of Cloud Computing,” Communications of the ACM, Volume 53, Issue 4, pp. 50-58, April 2010. [36] L. Wang, G. Laszewski, A. Younge, X. He, M. Kunze, J. Tao, and C. Fu, “Cloud Computing: a Perspective Study,” New Generation Computing, Volume 28, Issue 2 pp. 137-146, April 2010. [37] L.M. Vaquero, L.R. Merino, J. Caceres, and M. Lindner, “A Break in the Clouds: Towards a Cloud Definition,” ACM SIGCOMM Computer Communication Review, Volume 39, Issue 1, January 2009. [38] F. Lombardi and R.D. Pietro, “Secure virtualization for cloud computing,” Journal of Network and Computer Applications, June 2010. [39] J. Archer, A. Boehme, D. Cullinane, P. Kurtz, N. Puhlmann, and J. Reavis, “Top Threats to Cloud Computing V1.0,” Cloud Security Alliance, March 2010, http://www.cloudsecurityalliance.org/topthreats. [40] C. Stoll, “Stalking the Wily Hacker,” Communications of the ACM, Volume 31, Issue 5, pp. 484-500, May 1988. [41] C. Stoll, “The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage,” Doubleday, ISBN 0-385-24946-2, 1989. [42] B. Cheswick, “An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied,” USENIX Conference, USENIX, pp. 163-174, 1992. [43] H. Debar, F. Pouget, and M. Dacier, “White Paper: “Honeypot, Honeynet, Honeytoken: Terminological issues”,” Institut Eurecom Research Report RR-03-081, September 2003. [44] C. Seifert, I. Welch, and P. Komisarczuk, “Taxonomy of Honeypots,” Technical Report CS-TR-06/12, June 2006. [45] M.H. y Lopez and C.F.L. Resendez, “Honeypots: Basic Concepts, Classification and Educational Use as Resources in Information Security Education and Courses,” Proceedings of the Informing Science and IT Education Conference, 2008. [46] C.K. Dimitriadis, “Improving Mobile Core Network Security with Honeynets,” IEEE Security and Privacy, Volume 5, Issue 4, pp. 40-47, July 2007. [47] S. Roy, C. Ellis, S. Shiva, D. Dasgupta, V. Shandilya, and Q. Wu, “A Survey of Game Theory as Applied to Network Security,” Proceedings of the 43rdHawaii International Conference on System Sciences, pp. 1-10, January 2010. [48] F.Y.S. Lin, Y.S. Wang, and P.H. Tsang, “Efficient Defense Strategies to Minimize Attackers’Success Probabilities in Honeynet,”proceedings of the6thInternational Conference on Information Assurance and Security,August 2010. [49] Y. Huang, D. Arsenault, and A. Sood, “Closing Cluster Attack Windows Through Server Redundancy and Rotations,”Proceedings of the 6thIEEE International Symposium on Cluster Computing and the Grid Workshops, May 2006. [50] Y. Huang, D. Arsenault, and A. Sood, “Incorruptible Self-Cleansing Intrusion Tolerance and Its Application to DNS Security,” Journal of Networks, Volume 1, Issue 5, pp. 21-30, October 2006. [51] D. Kvedar, M. Nettis, and S.P. Fulton, “The Use of Formal Social Engineering Techniques to Identify Weaknesses during a Computer Vulnerability Competition,” Journal of Computer Sciences in Colleges, Volume 26, Issue 2, December 2010. [52] S. Nagaraja and R. Anderson, “Dynamic Topologies for Robust Scale-Free Networks,” Bio-Inspired Computing and Communication, Volume 5151, pp. 411-426, 2008. [53] J. Blitzstein and P. Diaconis, “A Sequential Importance Sampling Algorithm for Generating Random Graphs with Prescribed Degrees,” Internet Mathematics, Volume 6, pp. 489-522, March 2011.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63013	-
dc.description.abstract	虛擬化在資訊領域扮演了舉足輕重的角色,尤其在企業發展的層面上更為顯著,其可免除地理上與硬體設備上的侷限,提供合法使用者更有彈性地運用計算資源和存儲空間,進而省下可觀的費用且盡可能最大化系統使用率。然而,虛擬化技術也帶來了資訊安全上高複雜度的兩難問題,在最近新竄起的合作攻擊模式的威脅下尤為明顯。身為一個提供服務的防禦者,應盡其所能地保護該服務網路免於多樣化惡意攻擊,以持續供合法使用者高品質之服務,同時間,由指揮官所率領之一群攻擊者也會藉調整攻擊策略最小化服務之存活性。因此,如何最大化該遭受惡意攻擊的服務網路之存活度是一個相當值得探討的議題。由於現實世界中的攻擊者對於目標網路僅具部分資訊,甚至對於防禦方所使用的防禦機制了解有限,這使得防禦者透過誘捕系統結合動態拓樸重組的機制, 可誤導攻擊方,進而浪費攻擊方的時間與預算。除此之外,我們這裡採用了合作攻擊使他變得更加貼近現實層面,即使這使得整個問題變得更加複雜。此外,防禦者也必須思量「在給定一個時間區段的情況下,如何去最小化被攻擊者所極大化的服務被攻克率。」亦即服務之存活與否仰賴於其品質是否維持在一定的水準之上。在這份論文之中,我們將攻防情境轉化成一個數學規劃問題,用以描述攻防雙方之間的策略資源佈置,並且提出一套以鬆弛觀念與蒙地卡羅法為基礎的解題方法。	zh_TW
dc.description.abstract	Virtualization plays an important role in the information technology, especially in the enterprise application. Adopting this technology, legitimate users can utilize computing power and storage resources more flexibly without the geography and hardware limitations. Furthermore, it could save a large amount of budget and raise the utilization to the system. Nevertheless, virtualization also brings great problem with high complexity of information security, especially under the threat of collaborative attack, a new attack trend in recent years. As a service provider, the operator has to protect the service from various malicious attacks to serve numerous legitimate users. Meanwhile, the attackers subordinate to a commander would adjust their attack strategy to maximize the probabilities of achieving their goal. Hence, it is an extremely notable issue that how to maximize the survivability of the network under malicious attacks. Since most attackers only have “incomplete information” regarding the target system and less knowledge about defense mechanisms, the defender can distract commander and waste their budget and time by deception techniques and dynamic topology reconfiguration. Furthermore, the collaborative attack scenario is adopted to make it realistic, although it raises the complexity of this problem. Moreover, the defender has to minimize the maximized service compromise probability in a given time period, and guarantee the minimal level of Quality of Service simultaneously. In this thesis, we model the attack-defense scenario as a mathematical programming model that describes the defense and attack configuration and strategies, and propose a solution approach which combines the mathematical programming and simulation.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T16:18:47Z (GMT). No. of bitstreams: 1 ntu-101-R99725012-1.pdf: 4521952 bytes, checksum: 67cce2764841a7e22c188fb857378149 (MD5) Previous issue date: 2012	en
dc.description.tableofcontents	Table of Contents 謝誌 ................................................................................. I Thesis Abstract ................................................................................. II 論文摘要 ................................................................................. IV Table of Contents .................................................................................VI List of Tables ................................................................................. VIII List of Figures ................................................................................. IX Chapter 1 Introduction ................................................................................. 1 1.1 Background .................................................................................1 1.2 Motivation ................................................................................. 9 1.3 Literature Survey .................................................................................12 1.3.1 Survivability ................................................................................. 12 1.3.2 Collaborative Attack .................................................................................17 1.3.3 Virtualization ................................................................................. 18 1.3.4 Deception Based Mechanism ................................................................................. 22 1.4 Proposed Approach ................................................................................. 24 1.5 Thesis Organization ................................................................................. 25 Chapter 2 Problem Formulation ................................................................................. 27 2.1 Problem Description ................................................................................. 27 2.1.1 Virtualization Environment ................................................................................. 27 2.1.2 Commander Perspective ................................................................................. 27 2.1.3 Defender Perspective ................................................................................. 30 2.2 Attack-defense Scenarios ................................................................................. 32 2.3 Mathematical Formulation ................................................................................. 48 Chapter 3 Solution Approach ................................................................................. 61 3.1 Mathematical Programming ................................................................................. 61 3.2 Monte Carlo Simulation ................................................................................. 62 3.3 Enhancement Procedure Based on Information Collected during Monte Carlo Simulation ................................................................................. 62 3.3.1 Evaluation Process ................................................................................. 63 3.3.2 Policy Enhancement ................................................................................. 66 3.4 Initial Allocation Scheme ................................................................................. 69 3.4.1 Topology Generation ................................................................................. 69 3.4.2 Proactive Defense Resource Allocation ................................................................................. 69 3.4.3 Reactive Defense Resource Allocation ................................................................................. 70 3.5 Defender Enhancement Rules ................................................................................. 71 3.5.1 Topology Reconfiguration ................................................................................. 71 3.5.2 Proactive Defense Resource Enhancement ................................................................................. 72 3.5.3 Reactive Defense Resource Enhancement ................................................................................. 72 Chapter 4 Computational Experiments ................................................................................. 75 4.1 Experiment Environment ................................................................................. 75 4.2 Simulation Result ................................................................................. 78 Chapter 5 Conclusion and Future Work ................................................................................. 85 5.1 Conclusion ................................................................................. 85 5.2 Future Work ................................................................................. 86 References ................................................................................. 87
dc.language.iso	en
dc.subject	服務品質	zh_TW
dc.subject	網路存活度	zh_TW
dc.subject	協同攻擊	zh_TW
dc.subject	不完全資訊	zh_TW
dc.subject	最佳化	zh_TW
dc.subject	數學規劃	zh_TW
dc.subject	蒙地卡羅法	zh_TW
dc.subject	虛擬化	zh_TW
dc.subject	誘捕系統	zh_TW
dc.subject	Honeypots	en
dc.subject	Network Survivability	en
dc.subject	Optimization	en
dc.subject	Mathematical Programming	en
dc.subject	Monte Carlo Method	en
dc.subject	Virtualization	en
dc.subject	Collaborative Attack	en
dc.subject	Quality of Service	en
dc.subject	Incomplete Information	en
dc.title	於虛擬化環境下透過誘捕系統因應惡意合作攻擊以最大化網路存活度之研究	zh_TW
dc.title	Maximization of Network Survivability through Deception Mechanisms under Malicious Collaborative Attacks in Virtualization Environment	en
dc.type	Thesis
dc.date.schoolyear	101-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	呂俊賢,莊東穎,傅新彬,鍾順平
dc.subject.keyword	協同攻擊,網路存活度,最佳化,數學規劃,蒙地卡羅法,虛擬化,誘捕系統,服務品質,不完全資訊,	zh_TW
dc.subject.keyword	Collaborative Attack,Network Survivability,Optimization,Mathematical Programming,Monte Carlo Method,Virtualization,Honeypots,Quality of Service,Incomplete Information,	en
dc.relation.page	91
dc.rights.note	有償授權
dc.date.accepted	2013-02-04
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-101-1.pdf 未授權公開取用	4.42 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。