隨著網路科技的發達與資訊傳遞技術的日新月異,不論是政府或是民間單位皆已選擇透過網際網路來提供大眾便利且更快速的資訊服務,而今年更是因為疫情的關係,電腦遠端的使用率大幅上升,犯罪組織也趁著這股風潮,針對特定目標精心策畫持續性的網路攻擊,從癱瘓系統及破壞的行為至現今的利用勒索病毒將檔案加密,來獲取他們想要的利益。面對日益嚴峻的網路威脅,縱然企業擁有眾多的資安防護設備,但若是管理人員沒有相對應的資訊安全概念,也無法有效阻止進階持續性威脅(Advanced Persistent Threat, APT)的攻擊。 國內外有許多資訊安全攻防演練的靶場與CTF奪旗競賽的平台,讓使用者可以透過實務的方式來提升資安的知識。但上述的演練環境,只能針對部分的功能來提供點對點的測試,無法符合現實生活中資安事件所發生的情境。 本論文以實驗室所建置的APT網路攻擊鏈數位靶場(Cyber Kill Chain Range, kRange)與網路攻擊鏈安全性資訊與事件管理數位靶場(Security Information and Event Management Range, sRange)兩個平台的理念為基礎,研發出勒索軟體攻擊鏈模擬環境,讓使用者能透過勒索軟體攻擊鏈各個階段,瞭解攻擊者入侵的行為軌跡與日誌分析關鍵,並從中學習駭客新型態的攻擊思維,藉此達到培養資訊安全人員目的。
With the development of Internet technology and the rapid development of information transmission technology, both the government and private organizations have chosen to provide convenient and faster information services to the public through the Internet. This year, because of the epidemic, computers are far away. The utilization rate of the client has risen sharply, and criminal organizations have also taken advantage of this trend to carefully plan continuous cyber attacks against specific targets. Important interests. In the face of increasingly severe cyber threats, even though companies have numerous information security protection equipment, if managers do not have a corresponding information security concept, they cannot effectively prevent Advanced Persistent Threat (APT) attacks. There are many shooting ranges for information security offensive and defensive exercises and CTF capture the flag competition platforms at home and abroad, allowing users to improve their knowledge of information security through practical methods. However, the above-mentioned exercise environment can only provide point-to-point testing for some functions, and cannot meet the real-life situation of information security incidents. This paper uses the APT cyber attack chain digital range (Cyber Kill Chain Range, kRange) built in the laboratory and the cyber attack chain security information and event management range (Security Information and Event Management Range, sRange) two platforms. Based on the concept of the ransomware attack chain, a simulation environment for the ransomware attack chain has been developed, allowing users to understand the behavior trajectory of the attacker’s intrusion and the key to log analysis through the various stages of the ransomware attack chain, and learn the new attack thinking of hackers from it. To achieve the purpose of training information security personnel