- 學位論文
考量惡意合作攻擊下最小化服務被攻克率之有效網路建置與防禦策略
Effective Network Planning and Defending Strategies to Minimize Service Compromise Probabilities under Malicious Collaborative Attacks
摘要
雲端運算使用了虛擬化和網路技術。這個最近熱門的議題,讓使用者和組織可以去除地理上的限制在任何時間、地點存取所需的應用服務。這個方便的技術帶來了許多的利益但也造成了資訊安全上的複雜度提高。 在本論文中,我們利用數學模型描述一個網路攻防情境,並且配合模擬和數學規劃法解決雙層問題。由於攻防策略的多變性造成情境具高複雜度且不可預期,因此透過模擬評估平均的網路存活度,接著使用了模試圖最佳化攻擊方的策略,攻擊方將試著最大化服務被攻克率而防禦方則希望最小化被攻擊者最大化之服務被攻克率。 在我們考量的攻防情境中,攻擊方會採用協同攻擊策略,此種策略可帶給攻擊方更多的優勢。另一方面,防禦者在考量有限的資源預算和合法使用者的服務品質下,決定適合的策略以保護服務,防禦策略包含佈置即時防禦機制,如:動態網路拓樸調整、區域防禦以及雲端安全服務,另外也利用了虛擬化技術建置網路拓樸。
並列摘要
Recently, Cloud computing which base on virtualization and network technology becomes a popular issue. Through the novel model it provides, users and organizations can decrease the cost on resources and access the applications without geographic limit. The convenient technologies bring a lot of profits but also raise the complexity of information security. In this thesis, we model the network attack and defense scenario as a mathematical formulation and solve the bi-level problem through simulation and mathematical programming. Because of the complexity and non-deterministic characteristic of both attack and defense strategies, we adopt simulation to evaluate the average network survivability. Furthermore, several methods are used to help us discover the optimal strategies. The attack commander tries to maximize the service compromise probabilities and the defender has to minimize the maximized probabilities. As for the attack and defense scenario, collaborative attack is considered. This kind of attack is advantageous to the commanders. On the other hand, the defender must decide the appropriate strategies under budget and predefined quality of service constraints, which including deploying various reactive defense mechanisms such as dynamic topology reconfiguration, local defense function, and cloud security service to protect the system. The Virtualization technology is also considered as a strategy for constructing the topology.
參考文獻
延伸閱讀
- Chou, Y. H. (2014). 考量智慧攻擊與天然災害下透過機密共享與防禦資源分配以最大化網路存活度之研究 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2014.03141
- Lin, Y. L. (2006). 考慮單一核心節點攻擊下網路近似最佳化防護策略 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2006.03069
- Wang, H. J. W. (2011). 無線網狀網路中考量惡意與多重干擾器攻擊下最大化系統存活度之高效網路規劃與防禦策略 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2011.01500
- Wu, Y. P. (2012). Maximization of Network Survivability through Deception Mechanisms under Malicious Collaborative Attacks in Virtualization Environment [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2012.00093
- Hsieh, T. C. (2008). Near Optimal Network Planning and Defense Resource Allocation Strategies for Minimizing Quality-of-Service (QoS) Violations under Attacks [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2008.01932