跳到主要內容

臺灣博碩士論文加值系統

(44.200.169.3) 您好!臺灣時間:2022/12/04 20:49
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:王盛裕
研究生(外文):Sheng-Yu Wang
論文名稱:整合環境資訊與入侵警報之風險評估
論文名稱(外文):Risk Assessment Based on Environmental Information and Intrusion Alert
指導教授:田筱榮田筱榮引用關係
指導教授(外文):Hsiao-Rong Tyan
學位類別:碩士
校院名稱:中原大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:中文
論文頁數:65
中文關鍵詞:計算機安全性風險管理入侵警報風險評價
外文關鍵詞:computer securityintrusion alarmsrisk evaluationrisk management
相關次數:
  • 被引用被引用:3
  • 點閱點閱:143
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
在資訊爆發的時代,電腦及網路設備已成為組織中的一項重要資產;而隨著與日俱增的電腦攻擊事件的增加,如何發展適當的評估方法將這些行為突顯出來以幫助管理者做資訊安全上的策略,已成為一項重要的議題。
在過去, 風險評價只基於電腦本身的特性,而不能動態地在連續改變的網路環境裡反映出其應有的風險值。在本篇論文中,我們主張風險評估系統所考量的因素可分為內在因素及外在因素,其中內在因素為被評估機器在組織中的重要性指數及安全性指數,外在因素為網路攻擊行為資訊,包含了攻擊行為本身的攻擊目標、攻擊類別、攻擊等級及攻擊的時間點。在定義好內在及外在因素所包含的資訊有哪些後,我們分析該兩種因素的性質並依其性質自行設計我們的風險評估數學模組。透過我們的風險評估系統,可以突顯的網路攻擊行為模式有:1.攻擊類別與主機所提供的服務相關時,透過我們的系統可在單位時間內突顯出來、2.優先權越高的警報透過我們的系統可被突顯出來、3.若攻擊行為愈密集,更顯示出其正處於危險的狀態,透過我們的系統可在單位時間內突顯出來。而由實驗的結果知,動態的風險評估可以適當地反映機器的危險狀態。
In the era of computing, computers and computer networks have become one of the most critical assets of most organizations.
As the number of computer attacks increases everyday, it is important to develop a method to evaluate whether a certain service hosting computer is in critical state such that information security staff may be alerted to follow up the condition. In the past, risk evaluation was only based on the characteristics of a computer, which is not able to reflect the dynamics in the continually changing network environment. In this study, we proposed to evaluate the risk of a computer according to both the intrinsic and static characteristics of the host itself as well as the extrinsic and dynamic characteristics of the attacks aiming at the host. The former includes the vulnerableness and the importance of the host, and the latter consists of the relevance, the seriousness and the continuativeness of the attacks. We devised a set of procedures to quantify the originally qualitative characteristics, some of which are based on industrial practices. We further designed a formula to integrate all quantified characteristics into a risk index. As shown in the experimental result, the dynamically changing index is able to reveal the risk state of a host.
目次
摘要...............................................................ii
Abstract..........................................................iii
誌謝..............................................................iv
圖目錄............................................................vii
表目錄...........................................................viii

第一章、緒 論.......................................................1
1.1 背景..........................................................1
1.2 動機..........................................................1
1.3 目的..........................................................2
1.4 論文架構......................................................3
第二章、相關文獻....................................................4
2.1 依主機存在的弱點來評估主機的安全性............................4
2.2 以資產的觀點評估主機的安全性..................................5
2.3 以入侵偵測的結果突顯主機的安全性..............................7
2.4 評估方法的討論................................................9
第三章、分析風險評估之必要因素及取樣與評估式之設計.................11
3.1 內在因素之決定與取樣.........................................11
3.1.1 使用OCTAVE 評估法取得環境資訊····························11
3.1.2 歸納風險評估內在因素與內在因素取樣······················13
3.2 外在因素之決定與取樣.........................................18
3.2.1 入侵偵測系統的警報日誌···································18
3.2.2 歸納風險評估之外在因素與外在因素之取樣···················20
3.3 內在/外在因素之對應及性質分析................................22
3.4 風險評估式之設計.............................................23
3.4.1 風險評估式之架構·········································24
3.4.2 設計可突顯攻擊行為及類別之評估式·························24
3.4.3 設計可突顯連續性之評估式·································27
第四章、系統架構與實作.............................................31
4.1 風險評估系統架構.............................................31
4.2 風險評估因素之取樣實作.......................................32
4.2.1 重要性指數之取樣實作·····································32
4.2.2 危險性指標之取樣實作·····································33
第五章、實驗結果與探討.............................................35
5.1 實驗的環境與實驗步驟.........................................35
5.2 實驗結果與數據討論...........................................37
第六章、結論與未來方向.............................................41
參考文獻...........................................................42
附錄A:OCTAVE 評估法威脅來源的種類................................1
附錄B:商業組織之主機性質........................................5
附錄C:商業組織風險評估結果.....................................11

圖目錄
圖2.1:以資產為觀點之風險評估管理模組..............................6
圖2.2:Snort 警報日誌樣本...........................................7
圖2.3:ACID 以網頁的方式來呈現Snort 警報............................8
圖2.4:ACID 以條狀的統計圖各個主機警報產生的情形....................8
圖3.1:Snort 警報日誌樣本..........................................19
圖3.2:Snort Alerts in MySQL ......................................21
圖3.3:(Ne)^pri ...................................................27
圖3.4:Mapping(Ne)^X ..............................................27
圖3.5:發生阻斷式攻擊之風險評估走勢圖.............................29
圖4.1:系統架構與運作流程.........................................31
圖5.1:實驗環境架構...............................................35
圖5.2:實驗步驟程序...............................................36
圖5.3:風險評估系統使用者介面.....................................36
圖5.4:未經調整的警報優先權所得到的風險値(Web) ....................38
圖5.5:經過調整的警報優先權所得到的風險値(Web) ....................38
圖5.6:未經調整的警報優先權所得到的風險値(DNS) ....................38
圖5.7:經過調整的警報優先權所得到的風險値(DNS) ....................38
圖5.8:未經調整的警報優先權所得到的風險値(FTP) ....................38
圖5.9:經過調整的警報優先權所得到的風險値(FTP) ....................38
圖5.10:未經調整的警報優先權所得到的風險値(PC) ....................38
圖5.11:經過調整的警報優先權所得到的風險値(PC) ....................38

表目錄
表2.1:方法比較···················································10
表3.1:歸納風險評估之內在必要因素·································14
表3.2:OCTAVE Method 威脅來源的種類 (詳見:附錄A)·················15
表3.3:OCTAVE Method 對於威脅的屬性分類····························15
表3.4:OCTAVE Method 對於威脅造成的後果之分類······················15
表3.5:OCTAVE 程序1 的結果·········································16
表3.6:歸納風險評估之外在因素·····································21
表3.7:風險評估內在及外在因素對應表·······························22
表4.1:Nessus 弱點稽核後的明細·····································34
表5.1:受評估機器資訊·············································37
表B.1:商業性質組織之主機資訊······································5
表B.2:商業組織Web Server 威脅來源Network access···················6
表B.3:商業組織Web Server 威脅來源System Problem···················6
表B.4:Web Server High、Medium、Low 個數····························6
表B.5:商業組織DNS Server 威脅來源Network access···················7
表B.6:商業組織DNS Server 威脅來源System Problem···················7
表B.7:DNS Server High、Medium、Low 個數····························7
表B.8:商業組織FTP Server 威脅來源Network access···················8
表B.9:商業組織FTP Server 威脅來源System Problem···················8
表B.10:FTP Server High、Medium、Low 個數···························8
表B.11:商業組織Personal PC 威脅來源Physical access················9
表B.12:商業組織Personal PC 威脅來源System Problem·················9
表B.13:Personal PC High、Medium、Low 個數··························9
表C.1:Web Server 之風險評估結果···································11
表C.2:DNS Server 之風險評估結果···································12
表C.3:FTP Server 之風險評估結果···································13
表C.4:Personal PC 之風險評估結果··································14
參考文獻
[1]Top 50 Security Tools, http://www.insecure.org/tools.html
[2]Nessus, http://www.nessus.org/
[3]Dorothy E. Denning, "Risk Assessment and Asset Valuation" Information warfare and security, pages 385-390. ACM Press, Addison-Wesley,1999.
[4] F. Farahmand, S.B. Navathe, Gunter P. Sharp and P.H. Enslow, "Managing Vulnerabilities of Information Systems to Security Incidents", ACM International Conference on Electronic Commerce, ICEC 2003, (Pittsburgh, Sept. 2003) pages 348–354. ACM Press, 2003.
[5]Snort, http://www.snort.org/
[6]吳孟徽, 整合環境風險之入侵警報量化評估, 中原大學資訊工
程研究所,碩士論文,中華民國94年7月。
[7]Analysis Console for Intrusion Databases,
http://acidlab.sourceforge.net/
[8]"The 2005 E-Crime Watch survey"
http://www.cert.org/archive/pdf/ecrimesummary05.pdf
[9]Christopher A. and Audrey D, "OCTAVE Threat Profiles,"
http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf
[10]藎壚,實用模糊數學,亞東書局印行,1989年
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top