由於網際網路的連結性與擴展性,使得企業組織更加依賴透過網際網路提供服務或進行電子商務等活動。而攻擊者也透過了不斷發掘的電腦弱點及日益進步的攻擊手法與策略,更有智慧的對企業組織進行攻擊以達到服務阻斷或竊取機密資訊的目標。其中,有許多攻擊者應用傳染病型態之攻擊能夠迅速感染網路大量節點的特性,並透過所獲得的網路拓樸資訊以規劃出更縝密的謀略。為了應付此種特殊攻擊,防禦者可在其保護的網路上部署偵測節點達到協同偵測未知傳染病攻擊並產生對應的特徵碼,除此之外,也可在攻擊者進行攻擊時啟動多種即時性防禦機制以抑制傳染病攻擊的擴散。 在本論文中我們將其攻防情境轉化為一個數學規劃問題,以描述攻擊者成功的機率。首先以蒙地卡羅法模擬出各式各樣的攻擊者與對應的攻擊策略,並應用數學規劃中鬆弛的解題概念,將防禦資源相關的限制式予以鬆弛,所產生的乘數將搭配模擬過程中所紀錄的資訊作為資源重分配的依據,以期獲得讓攻擊者成功率最小化之防禦資源配置。本論文結合了數學規劃法的精確性以及蒙地卡羅法可以處理變異性及不完美資訊的優點進而優化防禦者面對攻擊時採行的策略及資源的配置方式。
Due to the Internet’s scalability and connectivity, enterprises and organizations increasingly rely upon the Internet to provide services and to engage in electronic commerce. On the other hand, attackers intelligently attack enterprises and organizations though continuous vulnerability exploitation and advanced attack strategies to achieve the goals of service interruption and/or theft of confidential information. Recently, many attackers apply the characteristics of fast propagation and infection of epidemic attacks to plan more deliberate strategies by using obtained network topology information. In order to deal with those special attacks, defenders may deploy detection nodes to achieve cooperatively detect unknown epidemic attacks and to generate/distribute signatures. In addition, defenders can activate several defense mechanisms to restrain propagation of epidemic attacks. In this thesis, we model the attack-defense scenario as a mathematical programming problem where the attackers’ success probability is minimized. We first apply the Monte Carlo method to simulate a variety of attackers and corresponding strategies, and then apply the concept of relaxation-based method in mathematical programming. Through relaxing the budget related constraints and further generating corresponding multipliers, we can use them as directions of resource reallocation. In the above process, alternatively or alternatingly, we may also collect essential information accumulated during the course of simulations combined with the aforementioned multipliers as a more efficient method to enhancement the evaluation, which are then adopted to form a feasible direction in search for effective solutions. In summary, in our research we take advantages of mathematical programming, which is precise, combine it with the Monte Carlo method, which is capable of handling complicated attackers’ strategies and behaviors under the condition of incomplete information, and adjust the defense strategies and resource allocation policies against malicious and epidemic attacks.