透過您的圖書館登入 IP:3.17.154.171
透過您的圖書館登入
IP:3.17.154.171
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

運用以攻擊樹為基礎的賽局模型實現軟體定義網路的安全性分析

Security Analysis Using Game Theory Based on Attack Tree in SDN

蔡雨憙(YU-SHI TSAI)
指導教授 : 鄭伯炤
國立中正大學/工學院/通訊工程學系/碩士(2016年)
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
未授權

摘要

近幾年,新興的網路架構SDN (Software-defined network)帶來許多的網路架構運作上的方便與突破,但卻也衍生了一些異於傳統網路架構的安全議題。因此許多提升SDN架構安全的相關的防禦措施與方法不斷地被提出,然而在眾多的防禦方法中,應當如何有效率的架設,才能讓SDN整體的防禦達到最高的效能,故本篇研究提出一個新穎的安全性分析方法(Security analysis),GTAT(Game Theory Based on Attack Tree)。GTAT志在提供最佳的防禦策略給防禦方,使SDN現有的防禦方法發揮到最大效益。GTAT利用攻擊樹描述SDN架構整體安全狀況,並且以攻擊樹詮釋SDN現存的威脅與相應的防禦方法,考量SDN整體架構的安全。並以攻擊樹為基礎,再利用賽局理論分析,進而提供最佳的防禦策略,讓SDN的安全防禦有效的建設。除此之外,GTAT為可擴充性的安全性分析方法,面對層出不窮的防禦措施以及攻擊方式,能不斷的更新與淘汰。

關鍵字

網路安全 風險 賽局理論 攻擊樹 軟體定義網路 安全性分析

並列摘要

In recent years, Software Defined Network (SDN) brings a lot of convenience and breakthrough for network infrastructure, but it also introduces some issues which we had not experienced before. Although many approaches have been proposed in the literature to enhance SDN security, most of them just solve the security problem partially. In this study, we propose a novel way, called Game Theory Based on Attack Tree (GTAT), to analyze SDN security as well as indicate the best security strategies to thwart advanced attacks. In GTAT, the attack tree technique is used to realize overall SDN threat vectors, and game model is used to find the best defense strategy for security managers. Our experimental results show that GTAT is capable of reducing system risks for a range of different security vectors.

並列關鍵字

Network security Risk Game Theory Attack tree Software-defined network Security analysis

參考文獻

[2] Markus Tasch, Rahamatullah Khondoker, Ronald Marx, Kpatcha M. Bayarou: Security Analysis of Security Applications for Software Defined Networks. AINTEC 2014: 23
[3] David Klingel, Rahamatullah Khondoker, Ronald Marx, Kpatcha M. Bayarou: Security Analysis of Software Defined Networking Architectures: PCE, 4D and SANE. AINTEC 2014: 15
[4] Xiannuan Liang, Yang Xiao : Game Theory for Network Security. IEEE Communications Surveys and Tutorials 15(1): 472-486 (2013)
[5] Diego Kreutz , Fernando M.V. Ramos , Paulo Verissimo: Towards secure and dependable software-defined networks. HotSDN 2013: 55-60
[6] Ping Wang , Wen-Hui Lin , Pu-Tsun Kuo , Hui-Tang Lin , Tzu Chia Wang : Threat risk analysis for cloud security based on Attack-Defense Trees. ICCM 2012: 106 - 111

延伸閱讀

未授權