林永松臺灣大學:資訊管理學研究所王猷順Wang, Yu-ShunYu-ShunWang2010-05-052018-06-292010-05-052018-06-292009U0001-1408200922440800http://ntur.lib.ntu.edu.tw//handle/246246/179985由於攻擊者的手法與策略日新月異，對於防禦者而言，網路系統時常被不同類型的攻擊者同時攻擊，因此，如何衡量系統在此種情境下的存活度是防禦者的首要任務。除此之外，從攻擊者的角度而言，其對於欲攻擊的目標通常僅具部分資訊，即「不完美知識」。有鑒於此，發展出了一種欺騙攻擊者與消耗其資源的防禦機制，稱為誘捕系統。該系統除了具備上述的重要功能之外，還可用於學習攻擊者技巧並記錄其所使用之系統漏洞，以降低核心節點被攻克的機率，增進整體系統的存活度。本論文中，我們將一個攻防情境轉化成數學規劃問題，用以描述系統被攻擊者攻克的機率，並且透過「評估流程」找出能讓該機率最小化之防禦資源配置模式。該法是利用一連串的評估以及策略強化逐步地提升解的品質，並在每一次的循環中，藉由現有的資訊推導出最適當的修正方向，持續的強化現有的配置方法，以期求得最佳解；此外，該法能夠用於解決具備不完美資訊特質的問題，透過適當的情境描述，加入隨機的變異性情況，使問題更貼近於真實情況，有效地提升對防禦者的正面效益。Since the attack level and tactics of network systems grow with each passing day. Network systems are usually simultaneously attacked by different types of attackers. Therefore, the most important issue for defenders is to evaluate the system survivability under this scenario. Besides, from the view point of attackers, they usually only have partial information of the targeted system. In other words, they only have “imperfect knowledge”. As a result, a mechanism which is capable to distract attackers and waste their budget is emerged. This defense technique, called honeypot, can not only assist defender to learn attack strategy and record system vulnerabilities attackers used but also allows defender to understand system vulnerabilities. Therefore, whole system compromised probability is reduced. In other words, survivability is raised.n this thesis, we model the attack defense scenario as a mathematical programming problem that describes attackers’ success probability. The optimal defense resource allocation is discovered by evaluation process. This approach applies a serious of evaluations and policy enhancements gradually improve the quality of solution. For each round, we derive the most appropriate direction to amend and continually enhance the allocation scheme to achieve optimal solution. Besides, this approach can be applied to solve problems with imperfect knowledge property. Through appropriate scenario description and randomness involved, the problem can be closer to realistic, thus enhance the positive benefits effectively for the defenders.謝誌 Iamp;#63809;文摘要 IIHESIS ABSTRACT IIIable of Contents Vist of Tables VIIist of Figures VIIIhapter 1 Introduction 1.1 Background 1.2 Motivation 5.3 Literature Survey 11.3.1 Survivability 11.3.2 Analytical Mechanisms toward Security Problems 15.3.2.1 Worst Case Analysis 15.3.2.2 Average Case Analysis 18.4 Proposed Approach 22.5 Thesis Organization 23hapter 2 Problem Formulation 24.1 Problem Description 24.2 Problem Formulation 26.3 Attacker Classification and a Possible Scenario 28.3.1 Attacker Classification 29.3.2 A Possible Scenario 35hapter 3 Solution Approach 44.1 Evaluation Process 44.2 Policy Enhancement 49.3 Initial Allocation Scheme 59hapter 4 Computational Experiments 63.1 Experiment Environment 63.2 Experiment Result 65.3 Scenario Analysis 83hapter 5 Conclusion and Future Work 93.1 Conclusion 93.2 Future Work 94eferences: 98application/pdf2022843 bytesapplication/pdfen-US網路攻防網路存活度最佳化資源配置數學規劃誘捕系統不完美知識Network Attack and DefenseNetwork SurvivabilityOptimization, Resource AllocationMathematical ProgrammingHoneypotsImperfect Knowledgehttp://ntur.lib.ntu.edu.tw/bitstream/246246/179985/1/ntu-98-R96725025-1.pdf