簡易檢索 / 詳目顯示
| 研究生: |
陳婉宜 Wan-yi Chen |
|---|---|
| 論文名稱: |
基於D-S證據理論之階層式網路安全情境察覺系統 Hierarchical Network Security Situation Awareness System Based on D-S Evidence Theory |
| 指導教授: |
陳奕明
Yi-ming Chen |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
管理學院 - 資訊管理學系 Department of Information Management |
| 畢業學年度: | 96 |
| 語文別: | 中文 |
| 論文頁數: | 46 |
| 中文關鍵詞: | D-S證據理論 、情境察覺 、網路安全 、階層式風險評估 |
| 外文關鍵詞: | Network Security, Hierarchical Risk Assessment, Situation Awareness, D-S Evidence Theory |
| 相關次數: | 點閱:17 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
情境察覺(Situation Awareness, SA)簡單來說就是知道現在發生什麼事並能知道如何回應,其由最初之飛航安全領域被引申用於其他動態、複雜且需要人力介入之領域中,如資訊安全領域,所以近年來網路安全情境察覺(Network Security Situation Awareness)之研究議題也逐漸受到重視。然而目前提出的網路安全情境察覺模型,仍無法提供足夠量化的安全情境或風險評估數據來幫助管理者依據當下網路狀態即時做出對的決策。因此在本論文中我們提出了階層式網路安全情境察覺系統(HNSSAS),目的則是為了協助網管人員迅速找出網路中最弱環節,並給予合適的對策。我們首先使用D-S證據理論(D-S Evidence Theory)融合各異質網路感應器所回報警訊(Alert)之信賴值(Belief),接著結合服務(Service)、主機(Host)本身的重要性參數,以及網路拓樸(Network Topology),由下而上、先局部後整體去評估每個階層的安全情境。本論文最後以模擬案例的方式進行系統推演,實驗結果除了提供宏觀的系統安全情況,還提供了三種不同層次直觀的安全情境評估數值,有助於管理者適切地調整系統安全策略,而提高網路整體安全性能。
Situation Awareness is simply “knowing what is going on so you can figure out what to do”. The term was first used by U.S. Air Force (USAF) fighter aircrew and was considered to be essential for those who are responsible for being in control of complex, dynamic systems and high-risk situations. In recent years, Network Security Situation Awareness is a hot research in the domain of information security. However, present-day cyberspace situation awareness model is unable to provide useful security situation or risk estimation for administrators, or to help administrators to make right and timely decisions based on current state of the network security. A Hierarchical Network Security Situation Awareness System in this paper helps administrator to find out the Achilles'' heel fast and deal with by suitable way. First using D-S Evidence Theory to fuse alert believes from multi-sensors. According to the network topology and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The simulation results show that this model can provide the intuitive security threat status in three hierarchies, so that system administrators are freed from tedious analysis tasks to have overall security status of the entire system. It is possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security.
[1] CERT/CC Statistics 1988-2006, Hhttp://www.cert.org/stats/H, Accessed on March 16, 2007.
[2] Cuppens, F. and Miège, A., “Alert correlation in a cooperative intrusion detection framework,” IEEE Symp. on Security and Privacy. Oakland, Dec. 2002.
[3] 台灣賽門鐵克:管理企業內的資安事端(Security Incidents)。2008年6月取自HTUhttp://www.symantec.com/region/tw/enterprise/article/security_incidents.html#what_if_notUTH。
[4] Bass, T., “Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems,” Invited Paper 1999 IRIS National Symposium on Sensor and Data Fusion, pp.24-27, May 1999.
[5] 凌羣電腦蔡坤家,SYSCOM SIM(Security Information Management),HTUhttp://download.microsoft.com/download/5/3/7/5372d49c-fbee-4cb4-84b0-03a7b93b262f/6-2004MgmtDay_Syscom-SIM.pptUTH,Accessed on Jan 10, 2007.
[6] Bass, T. and Robichaux, R., “Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations,” Proceedings of IEEE Military Communications Conference, vol.1, pp.64-70, 2001.
[7] Hu Wei, Li Jianhua and Shi Jianjun, “A Novel Approach to Cyberspace Security Situation Based on the Vulnerabilities Analysis,” Proceedings of the 6th World Congress on Intelligent Control and Automation, June 2006.
[8] Zhang Yong, Tan Xiaobin and Xi Hongsheng, “A Novel Approach to Network Security Situation Awareness Based on Multi-perspective Analysis,” IEEE 2007 International Conference on Computational Intelligence and Security, 2007.
[9] Chen XZ, Zheng QH and Guan XH et al., “Quantitative hierarchical threat evaluation model for network security,” Journal of Software, Vol.17, No.4, pp.885-897, April 2006, http://www.jos.org.cn/1000-9825/17/885.htm, Accessed on Jun 2008.
[10] Lai Jibao, Wang Huiqiang, and Zhu Liang, “Study of Network Security Situation Awareness Model Based on Simple Additive Weight and Grey Theory,” 2006.
[11] Bass, T., “Intrusion Detection Systems and Multisensor Data Fusion,” Communications of the ACM, Vol. 43, No. 4, April 2000.
[12] Wang Huiqiang, Lai Jibao, and Ying Liang, “Network Security Situation Awareness Based on Heterogeneous Multi-Sensor Data Fusion and Neural Network,” Second International Multisymposium on Computer and Computational Sciences, 2007.
[13] 陳學毅,「匯率預測模型績效之研究—時間序列及灰色預測之模型應用」,東海大學,碩士論文,民國93年。
[14] Mei Haibin, Gong Jian and, Ding Yong et al., “Multi-feature correlation redundance elimination of intrusion event,” 東南大學學報(自然科學学版), 2005年03期, Accessed on http://scholar.ilib.cn/A-dndxxb200503010.html
[15] Hu Wei, Li Jianhua and Gao Qiang, “Intrusion Detection Engine Based on Dempster-Shafer''s Theory of Evidence,” Communications, Circuits and Systems Proceedings, IEEE 2006.
[16] Liu Mixi, Yu Dongmei and Zhang Qiuyu et al., “Network Security Situation Assessment Based on Data Fusion,” 2008 Workshop on Knowledge Discovery and Data Mining, 2008.
[17] Endsley, M., “Design and evaluation for situation awareness enhancement,” In Proceedings of the Human Factors Society 32nd Annual Meeting, Human Factors Society, pp. 97-101, 1988.
[18] Endsley, M., “Toward a theory of situation awareness in dynamic systems,” Human Factors, Vol. 37, No.1, pp.32-64, 2005.
[19] David L. Hall, McMullen & Sonya A. H., Mathematical Techniques in Multisensor Data Fusion, Artech House, Boston, 2004.
[20] Clement, V., Giraudon, G., Houzelle, S. and Sandakly, F., “Interpretation of Remotely Sensed Images in a Context of Multisensor Fusion Using a Multispecialist Architecture,” IEEE Transactions on Geoscience and Remote Sensing, VOL. 31, No. 4, JULY 1993.
[21] 游靖芬,「應用於網路安全情境察覺系統之警訊衝突解析模型」,國立中央大學,碩士論文,民國96年。
[22] Yu Dong and Frincke, D., “Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory,” 43rd ACM Southeast Conference, March 18-20, 2005.
[23] Sentz, K. and Ferson, S., “Combination of Evidence in Dempster-Shafer Theory,” SAND 2002-0835, Unlimited Release, April 2002.
[24] Tian Junfeng, Zhao Weidong and Du Ruizhong, D-S Evidence Theory and Its Data Fusion Application in Intrusion Detection, Springer Berlin, Heidelberg, 2006.
[25] Mei Haibin and Gong Jian, “Intrusion Alert Correlation Based On D-S Evidence Theory,” Communications and Networking in China, Second International Conference on IEEE, 2007.
[26] DoD Directive 3600.1, "Information Operations", December 1996, http://www.defenselink.mil/, Accessed on Jul 2008.
[27] Snort Intrusions, http://www.whitehats.com/info/, Accessed on Jul 2008.
[28] Snort Rules, http://www.snort.org/rules, Accessed on Jul 2008.
[29] Analysis Console for Intrusions Detection, http://www.cert.org/kb/acid, Accessed on Jul 2008.
[30] 李勁頤,陳奕明,「利用分散式入侵偵測與回應系統防治網蟲之入侵」,全國計算機會議2001(NCS 2001),F156 ~ F166 頁,民國90 年12 月。
[31] 賴俊豪,「以支援向量機技術偵測微軟作業系統中非授權使用之研究」,國立中央大學,碩士論文,民國96年。
[32] 施文富,「基於漸進式隱藏馬可夫模型與Windows系統呼叫之可調適性異常入侵偵測方法」,國立中央大學,碩士論文,民國96年。
