指導教授：林永松臺灣大學：資訊管理學研究所張怡棠Chang, I-TangI-TangChang2014-11-292018-06-292014-11-292018-06-292014http://ntur.lib.ntu.edu.tw//handle/246246/263496近年來，由於許多資訊技術例如光纖網路、虛擬化技術與分散式運算等之快速發展，許多概念相繼被提出，雲端運算便是其中之一。因為雲端環境的特色，使用者可以依自己所需使用各式各樣不同且有彈性的服務，此特色省去了使用者在IT設備採購與維護的費用，同時吸引了許多企業選擇將其服務架構建置在雲端基礎建設之上。然而，仍然存在著一些惡意的駭客想要透過攻擊這些企業提供的服務來獲取非法的利益。除此之外，他們通常會集結成群發動所謂的協同攻擊。因此像是資料外洩以及網路服務中斷之類的資安事故層出不窮，同時也變成了服務提供商的夢靨。 所幸網路防禦的工具發展至今也相當的成熟，這也代表著防禦者有更多的防禦措施可供選擇以保護服務不受外在威脅，誘捕系統便是其中之一。顧名思義，誘捕系統是一種佈署在網路上的防禦機制，其創造一個誘餌來吸引、偵測、誘導、監控、捕捉攻擊者，它能夠作為真正提供服務的實體之替身，並不含任何重要資訊。特別在雲端環境之下，誘捕系統能夠被更加有效率且更動態的應用。 在本研究中，我們將會著重在幫助防禦方以最有效率的方式分配像是誘捕系統等防禦資源來抵抗外在的攻擊。研究問題會以數學模型呈現。此外由於我們問題中攻防策略內含有高度的不確定性，我們使用Monte Carlo simulation 來模擬出結果。最後我們會找出在攻方使用最佳策略下防禦者最好的防禦資源配置方式。Due to the flourish development of information technologies such as fiber-network, virtualization technologies and distributed computing in recent years, lots of new concepts are proposed, and one of them is cloud computing. According to the features of the cloud environment, users can subscribe different kinds of flexible and scalable services on demand without IT infrastructure establishing expenses as well as maintenance expenses, which attracts many enterprises to build their IT environment through the cloud platform. However, there are always some malicious hackers trying to get illegal profits from compromising services provided by enterprises; moreover, they usually group together to launch such a wave of collaborative attack. Hence, such as data breach and service disruption incidents take place frequently and become the nightmare of the service provider. On the other hand, the development of network defense tools also gets fully-fledged nowadays, which represents that the defender have more defense alternatives to protect the network from external threats. The honeypot is a representative one. As the name suggests, the honeypot is a defense mechanism used to create a decoy to attract, detect, deflect, monitor, and trap attackers, which can serve as a body stunt of the real service without important information. Especially in the cloud environment, honeypots can be leveraged more dynamically and efficiently. In this thesis, we focus on helping the defender to allocate defense resource such as honeypots in the most efficient way against external attacks. Our scenario is depicted by mathematical programming, and Monte Carlo simulation is applied to solve the problem because of the non-deterministic property of attack-defense strategies in our problem. The ultimate goal is to figure out the optimal defense strategy against the best attack strategy, which is also the defender’s worst case.Table of Contents 致謝 I Thesis Abstract II 論文摘要 IV List of Figures VIII List of Tables IX Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 5 1.3 Literature Survey 7 1.3.1 Survivability 7 1.3.2 Collaborative Attack 9 1.3.3 Topology Oriented Virtual Private Cloud 10 1.3.4 Honeypots 11 1.3.5 Cloud Warfare 13 1.4 Thesis Organization 14 Chapter 2 Problem Formulation 15 2.1 Problem Description 15 2.1.1 Honeypots 15 2.1.2 Attacker Perspective 16 2.1.3 Attack Algorithm 24 2.1.4 Attacker Optimization 28 2.1.5 Defender Perspective 33 2.2 Attack-Defense Scenarios 39 2.2.1 Contest Success Function 39 2.2.2 The View of the Network 41 2.3 Mathematical Formulation 50 Chapter 3 Solution Approach 57 3.1 Mathematical Programming 57 3.2 Monte Carlo Simulation 57 3.3 Problem Evaluation Process 58 3.4 Policy Enhancement 62 3.4.1 Commander Enhancement 62 3.4.2 Defender Enhancement 63 Chapter 4 Computational Experiment 69 4.1 Experiment environment 69 4.2 Simulation Result 71 4.2.1 Convergence Evaluation Times 71 4.2.2 Topology robustness 72 4.2.3 Attack strategy analysis 73 4.3 Enhancement results 76 Chapter 5 Conclusion and Future Work 79 Reference 816079107 bytesapplication/pdf論文公開時間：2014/08/25論文使用權限：同意有償授權(權利金給回饋學校)協同攻擊網路存活度雲端運算誘捕系統最佳化資源分配數學規劃法蒙地卡羅法thesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/263496/1/ntu-103-R01725047-1.pdf