摘要
隨著進階針對性攻擊日益嚴重,現有的資安監控所蒐集資料的縱深與廣度不夠,無法偵測到針對式攻擊的潛在特徵,現有監控的來源(如:防火牆、入侵偵測系統及防毒軟體等)已不足以呈現攻擊特徵。為了能提升資安監控的效益,擴大收納日誌的資訊,並深入收納偵測事件類型,方能提供後續樣態分析更多的行為屬性參考,在此同時,需考量到監控的成本,包含:資料倉儲資源的需求、分析運算平台的需求以及跨網路資料傳輸需求等。現有資安監控與事件管理平台,缺乏橫向擴充的能力,因此關聯事件無法關聯時間超過天與週以上的事件,而異質事件的樣態與關聯規則亦缺乏有效探尋的方法。本研究試著從資安監控切入,說明資安分析即服務之監控平台(Security Analytics as a Service)架構,並著重於技術分析的三個核心模組:Self-Inspection Modules、Threat Recognition Modules與Prioritization, Predictions Decisions Modules。本研究透過政府資安G-SOC二線監控平台-收容各個不同來源SOC資料,作為分析的案例進行探討。
參考文獻
Driven Discovery of Temporal and Structural Information for Activity Recognition.IEEE Conference on Computer Vision and Pattern Recognition (CVPR).(IEEE Conference on Computer Vision and Pattern Recognition (CVPR)).
Dempster, A. P.,Laird, N. M.,Rubin, D. B.(1977).Maximum Likelihood from Incomplete Data via the EM Algorithm.Journal of the Royal Statistical Society. Series B (Methodological).39(1),1-38.
Dietterich, T. G.(2000).Ensemble Methods in Machine Learning.First International Workshop on Multiple Classifier Systems, Lecture Notes in Computer Science.(First International Workshop on Multiple Classifier Systems, Lecture Notes in Computer Science).:
Green, O.,Bader, D.A.(2013).Faster Betweenness Centrality Based on Data Structure Experimentation.13th International Conference on Computational Science (ICCS).(13th International Conference on Computational Science (ICCS)).
Green, O.,McColl, R.,Bader, D.A.(2012).A Fast Algorithm for Streaming Betweenness Centrality.ASE/IEEE International Conference on Social Computing (SocialCom).(ASE/IEEE International Conference on Social Computing (SocialCom)).