- 學位論文
考慮攻防雙重角色與協同攻擊情況下之資源分配策略
Resource Allocation Strategies under Attack-Defense Dual-Role and Collaborative Attacks
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
過去探討資訊安全時多以個人或組織企業為主體,然現階段國與國之間的資訊戰議題日益受到重視,資訊安全的範圍延伸至國防安全。當以國家為主體在探討資源分配之策略時,除了防禦資源需做完備之佈建外,亦需分配資源至攻擊上。在傳統國與國之歷史戰爭中有所謂先發制人之攻擊策略,與對方相對應之報復攻擊;此外,一國之資訊專家在國家發動資訊戰時可以召集起來各司其職,不同於一般網路攻擊中通常僅有一位攻擊者的狀況。因此,引用上述概念至研究之情境中,本研究欲以國家為主體,考慮一國具攻防雙重角色並採取多位攻擊者之協同攻擊模式,透過有效地將資源分配至防禦與攻擊上,達成國防安全之目標。 如何有效的評估網路存活度,是一個重要且值得探討的議題。在本篇論文中,我們採用平均網路分割度 (Average Degree of Disconnectivity, Average DOD) 作為衡量網路存活度的指標。平均DOD指標結合機率的概念與DOD指標,用以評估網路破壞程度,其值越大表示其網路破壞的程度越高。在我們的情境裡,考慮兩位玩家,他們皆具攻擊與防禦之雙角色能力,且雙方一開始皆不知其網路弱點資訊,是在被對方攻打後才更新其網路弱點資訊並修補弱點。 我們模擬一個多階段網路攻防情境問題,並建立最佳化資源配置之數學模型且以平均DOD的指標評量其各自之網路在攻防情境下的網路存活度。每階段雙玩家皆可在更新對方網路資訊後分配攻擊資源於彼方網路中的節點進行協同攻擊,同時透過主動防禦與被動防禦策略佈建防禦資源;且每回合皆可重新分配防禦資源、修復已被攻克的節點。在求解過程中,採用了「梯度法」及「數學分析」技巧協助搜尋攻防雙方的最佳化資源分配決策。
並列摘要
In the past, individuals and enterprises are usually the main subjects in the area of information security. Now the issue about information warfare between nation-sates is getting much attention. When discussing the resource allocation based on the subject of a nation-state, except for the allocation of defense resources, the resources allocated on attack should also be concerned. Historically, preventive strike and the corresponding retaliation from another nation-state are common in the war between two nation-states. In addition, there would be various information experts launching an attack together for a nation-state, which is called collaborative attacks that different from the situation of only one attacker in an ordinary cyber attack. Therefore, we consider two players that could attack and defend simultaneously and adopt the concept of collaborative attacks in our research model. How to efficiently evaluate the network survivability is an important issue and worthy of discussion. In this thesis, the Average Degree of Disconnectivity (Average DOD) metric is adopted to measure the network survivability. The Average DOD combines the concept of probability with DOD metric to evaluate the damage degree of the network. The larger the Average DOD value, the higher the damage degree of the network. In our scenario, there are two players who have the dual-roles as an attacker and a defender; furthermore, both of them do not know the vulnerability information about their networks. However, the counterpart knows some. Therefore, after being attacked, they would update their vulnerabilities information and patch the vulnerabilities. We develop a multi-round network attack-defense scenario, and establish a mathematical model to optimize resource allocation and then predict their own network survivability by the Average DOD. In each round, the players could allocate their attack resources on the nodes of their own network and on another player’s network after updating related information about another player’s. Furthermore, they could reallocate existing defense resources and repair compromised nodes. To solve the problem, the “gradient method” and “game theory” would be adopted to find the optimal resource allocation strategies for both players.
參考文獻
[13] R.J. Ellison, D.A. Fisher, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, November 1997.
[5] R.A. Clarke, “Cyber War,” HarperCollins, 2010,
[4] Symantec, “2011 State of Security Survey,” Symantec Corporation, 2011.
[12] V.R. Westmark, “A Definition for Information System Survivability,” System Sciences, Proceedings of the 37th Annual Hawaii International Conference on, January 2004.
[14] W. Jiang, B.X. Fang, H.l. Zhang, and Z.H. Tian, “A Game Theoretic Method for Decision and Analysis of the Optimal Active Defense Strategy,” International Conference on Computational Intelligence and Security, 2007.
延伸閱讀
- Chen, Q. T. (2011). 考量惡意攻擊情況下多階段防禦資源分配以最大化網路存活度之修復與資源重分配策略 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2011.01515
- Chi, J. H. (2014). 考量攻防雙方採用協同合作在多回合情境下最佳化資源配置策略之研究 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2014.02272
- Liou, F. M. (2018). 從資源配置到績效之雙元能力途徑上的策略選擇. 交大管理學報, 38(2), 1-22. https://www.airitilibrary.com/Article/Detail?DocID=10287310-201812-201901300014-201901300014-1-22
- Lee, C. L. (2013). 考量惡意攻擊與天然災害下確保服務持續性之有效資源配置策略 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2013.01258
- Huang, Y. S. (2007). Deadlock Prevention for Sequence Resource Allocation Systems. Journal of Information Science and Engineering, 23(1), 215-231. https://doi.org/10.6688/JISE.2007.23.1.12