- 學位論文
網路攻擊鏈系統安全強化數位靶場
System Security Hardening Cyber Range based on Cyber Kill Chain
本文將於2025/07/28開放下載。若您希望在開放下載時收到通知,可將文章加入收藏。
摘要
隨著網路科技的發達與資訊傳遞技術的日新月異,政府與民間單位都利用網際網路來提供大眾便利且快速的資訊服務,而犯罪組織也搭著這股風潮,針對特定目標精心策畫持續性的網路攻擊,並利用人性的弱點與系統的漏洞,來獲取他們想要的利益。面對日益嚴峻的網路威脅,縱然企業擁有眾多的資安防護設備,但若是管理人員沒有系統安全的概念,也無法有效阻止進階持續性威脅(Advanced Persistent Threat, APT)的攻擊。 國內外有許多滲透測試的專案、資訊安全攻防演練的靶場與CTF奪旗競賽的平台,讓使用者可以透過實務的方式來提升資安的知識。但上述的演練環境,只能釋出部分的功能來提供點對點的測試,無法符合現實生活中資安事件所發生的情境。 本論文以實驗室所建置的APT網路攻擊鏈數位靶場(Cyber Kill Chain Range, kRange)與網路攻擊鏈安全性資訊與事件管理數位靶場(Security Information and Event Management Range, sRange)兩個平台為基礎,研發出網路攻擊鏈系統安全強化數位靶場(hRange),讓使用者能從網路攻擊鏈各個階段與步驟,找到攻擊者入侵的軌跡與系統設定的問題,並從中學習如何修補系統存在的漏洞,以達到系統安全強化的目的。
並列摘要
With the rapid development of network technology and information transmission technology, governments and enterprises use the Internet to provide convenient and fast information services. In addition, criminal organizations have also taken advantage of this trend to plan network attacks for specific goals and use human weaknesses and system vulnerabilities to obtain the benefits they want. In the severe cyber threats, even if enterprises have numerous security protection equipment, if managers do not have the concept of system security, they cannot effectively prevent the attacks of Advanced Persistent Threat (APT). There are currently many penetration testing projects, information security attack and defense ranges and CTF competition platforms that allow users to improve their security knowledge through practical methods. However, the above-mentioned exercise environment can only release some functions to provide peer-to-peer test, which cannot meet the situation of security incidents in real life. This paper is based on the two platforms of the APT cyber kill chain range (kRange) and the security information and event management range (sRange) built in the laboratory. Based on the two platforms, we develop the system security enhanced range for cyber kill chain (hRange), which allows users to find the invasion tracks of the attackers and the problems of system setting, and learn how to patch the system exploits to achieve the purpose of system security enhancement.
參考文獻
[1] Artur Rot (2017) “Advanced Persistent Threats Attacks in Cyberspace.Threats, Vulnerabilities, Methods of Protection” Position papers of the Federated Conference on Computer Science and Information Systems, pp. 113–117 DOI: 10.15439/2017F488
[2] CERT-UK and ContextIS (2015) “Demystifying the Exploit Kit,” Posted in CERT-UK Best Practices on December 14.
[3] Fraser Howard (2015) “A Closer Look at the Angler Exploit Kit” July 21,2015. Retrieved from https://news.sophos.com/en-us/2015/07/21/a-closer-look-at-the-angler-exploit-kit/.
[4] 姬子嚴.「全自動化瀏覽器弱點漏洞利用與網站重導向感染攻擊鏈Exploit Kit實驗環境模擬 Exploit Kit Kill Chain Lab: Automatic website redirect and browser vulnerability exploit」健行科技大學.碩士論文.民國一百零七年。
[5] Paul van Kessel, Ken Allan (2014) “Get ahead of cybercrime EY’s Global Information Security Survey 2014”. Retrieved from https://www.ey.com/Publication/vwLUAssets/EY-global-information-security-survey-2014/$FILE/EY-global-information-security-survey-2014.pdf.