透過您的圖書館登入
IP:3.88.60.5
  • 學位論文

考慮隨機錯誤與惡意攻擊下資訊洩漏程度最小化之近似最佳化防禦資源分配與資訊切割配置策略

Near Optimal Defense Resource Allocation and Information Dividing-and-Allocation Strategies to Minimize Information Leakage Considering both Random Errors and Malicious Attacks

指導教授 : 林永松

摘要


隨著資訊科技的進步以及儲存設備價格的遞減,不管是個人、企業體、或是政府單位皆大量使用電子化的方式儲存資訊。再者,伴隨著網路使用率的提升以及電子商務的出現,經由網路竊取資訊的犯罪行為也迅速的增加。像是釣魚行為或是安裝木馬程式於受害者的電腦以竊取資訊等的犯罪,對個人或企業體皆造成重大的傷害。因此,如何發展防禦策略以保護儲存在網路上的資訊,已經變成很重要的議題。 在這篇論文中,我們將攻防情境轉化成一個最小-最大化的雙層數學規劃問題。在內層的問題中,攻擊者想在有限的攻擊能量下藉由竊取資訊對網路造成最大的傷害;另一方面,在外層的問題中,防禦者想在有限的防禦預算下利用秘密分享的概念,最佳化防禦資源配置策略以及資訊切割與分配策略來最小化傷害。除此之外,防禦者也必須考慮到合法使用者對存取資訊的服務品質要求。為了解決這個問題,我們採用了拉格蘭日鬆弛法以及次梯度法。我們假設防禦策略已知下,先解決內層攻擊者的選徑問題,再根據內層解完後的結果藉由以次梯度法為基礎的演算法來調整防禦策略。

並列摘要


Information technology has been increasingly progressing, and the storage cost has been reducing. Thus, individuals, enterprises and government organizations are likely to store secret data through electronic way. Moreover, along with the rise of the use of network and the prevalence of e-commerce, the crime of information theft through network has grown in high-speed. Cyber crimes, like phishing or installing Trojan horse in victims’ computers to steal information, will cause serious damage to individuals or enterprises. From the above reasons, to protect secret information stored on networks becomes an essential issue. In this thesis, we formulate the attack-defense scenario as a min-max mathematical programming problem, which is a two-level mathematical problem. In the inner problem, the attacker wants to maximize the total damage by stealing information under limited attack power. In the outer problem, the defender wants to minimize the total damage by defense resource allocation and information-dividing under limited budget. In addition, the defender also has to consider QoS requirements of authorized users. In order to solve the considered problem, we use the Lagrangean Relaxation method and the subgradient method [14][15]. We solve the inner problem under a given defense strategy first, and then propose a subgrandient-based heuristic to adjust the defender’s strategy according to attacker’s attack strategy.

參考文獻


[11] C.S. Laih, L. Harn, and C.C. Chang, “Contemporary Cryptography and Its Applications”, PP 231-245, 1995.
[5] J.C. Knight, E.A. Strunk, and K.J. Sullivan, “Towards a Rigorous Definition of Information System Survivability,” Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX 2003), Volume 1, pp. 78-89, April 2003.
[6] V.R. Westmark, “A Definition for Information System Survivability,” Proceedings of the 37th IEEE Hawaii International Conference on System Sciences, Vol. 9, 2004.
[12] Andrew S. Tanenbaum, “Computer Networks”, 3rd Edition, 1997.
[13] “INFORMATION SECURITY TAIWAN”, pp. 22-23, No.47, November 2007.

延伸閱讀