透過您的圖書館登入
IP:216.73.216.237
  • 期刊

網路威脅分析與防禦評估

Network Threat Analysis and Defense Evaluation

摘要


許多網路威脅分析(threat analysis)方法已提出,但經常假設威脅之攻擊情境與系統脆弱點為已知。但因變種病毒的流行,許多已知威脅之攻擊屬性改變,例如下載惡意程式名稱可由攻擊者定義、隨網址改變連線之網域名稱伺服器及隨機改變連線的埠號,故防衛者常無法偵測及估算威脅之衝擊,造成資安評估所建議之防禦方案結果無法確認是否合適。因此,本研究結合網路誘捕系統(honeypot)Dionaea進行蒐集特定病毒與行為分析,透過已知共通弱點報告(CVE)進行交叉比對,確認病毒是否已變種,再運與利用情節頻繁法則(frequent episode)估算出感染惡意程式機率。最後,透過繪製攻擊樹(attack tree)以模擬威脅分析案例,估算系統脆弱點所造成的威脅與產生的衝擊;由本研究發現所研提方法可有效分析威脅所造成的衝擊,及決定適合的防禦方案。

並列摘要


Some network threat analysis approaches regularly assume both the attack scenario and the corresponding impact are known. However, some malware got updated with new features along with its variant appearing leads to the alternation of attack sequences, for example, random filename of download malware; retrieve a domain name based on IP address and random port generation. As a result, defender cannot effectively detect and estimate their impact that affect the correctness of safeguards put in place. Accordingly, the present study proposes a new method for analysis of malware signature problem aggregating Dionaea honeypot system for investigating its malevolent behavior. In the proposed approach, signature reports are sent to compare with CVE(Common Vulnerability and Expose) for a specific virus, ensure that whether the variant got updated with information or not. The probability of virus affection is enhanced by means of frequent episode. Finally, a series of case studies for threat analysis are performed to investigate the attack actions required to successfully estimate the threats from system vulnerabilities thru attack trees. Overall, the results confirm that the proposed method provides an effective means of analyzing the impact losses and selecting suitable safeguards for defenders from malware threats.

被引用紀錄


劉佳琪(2012)。一個以沙盒為基礎的自動化惡意程式分析之方法〔碩士論文,崑山科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0025-2307201217490000

延伸閱讀