指導教授：林永松臺灣大學：資訊管理學研究所紀人華Chi, Jen-HuaJen-HuaChi2014-11-292018-06-292014-11-292018-06-292014http://ntur.lib.ntu.edu.tw//handle/246246/263507許多企業與組織利用網路管理內部私密資料以及與外部使用者聯繫，然而隨著使用者對網路依賴度的提升，資訊安全的問題也越演越烈，目前資訊安全領域的問題延伸觸角至企業中，其所能造成的損失也隨之增加。在這種情況下，如何以有限的資源，進行有效率的偵測攻擊者行為、預防攻擊事件甚至是阻擋攻擊者已經成為營運者必須正視的嚴峻問題，不僅防禦資源需要進行策略性的布建，亦須分配資源至網路節點上，並修復已經被攻克的節點以增強網路存活度。 　　目前統計較容易造成資料重大危害的攻擊方式為協同攻擊，但許多防禦者仍採用單一防禦的方式，為了因應攻擊者的策略變化．我們提出了協同防禦來加強防禦效果。然而，如何有效率的評估網路存活度是一個重要且值得探討的議題，我們採用平均網路分割度(Average Degree of Disconnectivity)作為衡量網路存活度的指標，並且將平均DOD指標結合機率的概念，用以評估網路的破壞程度，其值越大表示其網路破壞的程度越高。在我們的情境裡，考慮兩群玩家，他們會從中選出領導者來帶領防禦或是攻擊行為。 　　我們模擬一個多階段網路攻防問題，並建立最佳化資源配置策略之數學模型，且以平均DOD指標評量網路在攻防情境下的網路存活度，每一階段中，玩家皆可在更新網路弱點後再分配資源於網路中的節點以進行協同防禦或協同攻擊；此外，每回合皆可重新佈署資源於不同節點上以加強網路存活度或是修復已被攻克的節點。而在求解過程中我們使用了「窮舉法」以及「次梯度法」來協助搜尋雙方的最佳資源配置策略。　Many corporations and organizations conduct daily business through Internet. With the accumulating population using network, the problems of information security become a critical issue. Nowadays, the problems of network security have been extended from personal to organizational. Furthermore, the attack events bring more threat to business than before. Therefore, it is a significant problems to detect attack preference, prevent attack events and even deter the attackers in advance with limited resources for the corporations. The not only have to deploy the network with defense resources but also allocate resources to the attack event. Furthermore, the defender have to decide whether to repair the compromised nodes or not. 　　Currently, the most common type of attack is collaborative attack but most of the defender still defend lonely. Therefore, we propose hierarchical collaborative，defense model to increase the defense effect and strengthen the network survivability. However, how to evaluate network survivability efficiently is an important issue. In our research, the Average Degree of Disconnectivity is adopted to measure the network survivability. We further combine the concept of Average DOD with probability. This method is used to evaluate the damage degree of the network. The larger the Average DOD value is, the higher the damage degree of the network. In our scenario, we take two groups of players into account, both of them choose a leader to lead the defense actions or attack actions. In the beginning, the defender does not know where the vulnerabilities are in the network until they encounter attack events. After they face the attack events, the defender begin to repair the network nodes in the next round. We develop a multi-round network attack-defense scenario and establish a mathematical model to optimize resource allocation and then predict the defender’s network survivability through the Average DOD value. In each round, the players could allocate the resources on the nodes after they update the information about the opponent. Furthermore, they could reallocate the defense resources and repair the compromised nodes. To solve the problem, the method base on subgradient and the exhaustive search would be adopted to find the optimal resources allocation strategies for both groups of players.Contents 致謝 I 論文摘要 III Thesis Abstract V Chapter1 Introduction 1 1.1 Background 1 1.2 Motivation 7 1.3 Literature Review 11 1.3.1 Defender’s and Attacker’s Behaviors 11 1.3.1.1 Proactive Defense and Reactive Defense 11 1.3.1.2 Active Defense and Passive Defense 13 1.3.2 Collaborative defense 14 1.3.3 Network survivability 14 1.4 Thesis Organization 17 Chapter2 Problem Formulation 19 2.1 Degree of Disconnectivity 19 2.2 Contest Success Function 20 2.3 Average Degree of Disconnectivity 22 2.3.1 Illustration 22 2.4 Problem Description 26 2.4.1 Identity of Defender 28 2.4.1.1 Collaborative Defense 28 2.4.1.2 Defense Strategies 30 2.4.1.3 Resource Allocation and Node Repairing: Local Attack Events 31 2.4.2 Identity of Attacker 33 2.4.2.1 Collaborative Attacks 34 2.4.2.2 Attack Strategies 36 2.4.2.3 Rewards 36 2.4.2.4 Updating Information: Unknown Vulnerabilities and Defender’s private Information 37 2.4.3 The Attack-defense Interaction in Multiple Rounds 38 2.5 Problem Assumption 39 2.6 Mathematical Formulation 42 Chapter3 Solution Approach 45 3.1 The Solution Procedure 45 3.2 The Calculation Method of Average DOD Value 46 3.2.1 The Exhaustive Search Method 46 3.2.2 The Method Based on Subgradient 47 3.2.3 Finding the Optimal Allocation Strategy 48 3.2.4 The Calculation of Average DOD Value in Multi-Round 51 Chapter4 Computational Experiments 53 4.1 Experiment Environment 53 4.2 Maximization of Average DOD Value 54 Chapter5 Summary and Future Work 60 5.1 Summary 60 5.1.1 Resources Allocation Strategy for the Attacker 60 5.2 Future Work 60 5.2.1 The DOD value 61 5.2.2 The Scale Size of Both Players Strategies in each Round 61 5.2.3 The Contest Intensity 61 References 621072315 bytesapplication/pdf論文公開時間：2017/08/25論文使用權限：同意有償授權(權利金給回饋學校)資訊安全網路存活度資源配置協同攻擊協同防禦thesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/263507/1/ntu-103-R01725022-1.pdf