跳到主要內容

臺灣博碩士論文加值系統

(44.210.83.132) 您好!臺灣時間:2024/05/25 18:48
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:蔡育銘
研究生(外文):Yu-Ming Tsai
論文名稱:金融公司的財務資訊洩漏偵測之研究
論文名稱(外文):A Study on Detecting Financial Information Leakage for Bank Corporation
指導教授:連志誠連志誠引用關係
指導教授(外文):Chih-Cheng Lien
學位類別:碩士
校院名稱:東吳大學
系所名稱:資訊管理學系
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2012
畢業學年度:100
語文別:中文
論文頁數:54
中文關鍵詞:Wireshark貝氏定理資訊洩漏金融資訊
外文關鍵詞:WiresharkBayes&aposruledata leakagefinancial information
相關次數:
  • 被引用被引用:1
  • 點閱點閱:291
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著電腦和網際網路的快速發展,近幾年來資訊安全相關議題已成為各企業組織與政府機關重視的課題。公司中重要資訊在網際網路間相互傳送,財務資訊洩漏的可能性也相對增加,雖然有很多技術用於監測資訊洩漏,但目前相關研究相當少用在金融公司來做資訊監測。本研究利用Wireshark來收集相關資訊和封包為目標,將收集到的資訊和封包來檢測資訊洩漏。收集到的資訊和封包經過分析,了解封包裡的主機位置、傳輸時間和內容,並用貝氏定理計算相關有可能疑似洩漏資訊的封包。此種方法提供了一個更實際方法來檢測洩漏資訊的嫌疑人。
Some specific event patterns are crucial in detecting potential relationships among suspects in data leakages for the network. Even though lots of techniques have been applied to detect data leakage of organizations, however, few of them are dedicated to financial institutions. While the financial institutions have paid much money to recovery the situation suffered by financial data leakage, we apply a novel techniques to detect data leakage, and Using Wireshark to collect data leakage. Our approach collects events of spatio-temporal-content identity and computes the possibility of suspicion about packets with Bayes'rule. This method provides a more practical way to identify the suspicion with qualitative information.
誌謝 i
中文摘要 ii
英文摘要 iii
目錄 iv
表目錄 vi
圖目錄 vii
1. 緒論 1
2. 文獻探討 3
2.1 何謂資訊安全 4
2.2 資料外洩調查報告 7
2.3 資料外洩案例探討 14
2.4 封包擷取及分析軟體 15
2.5 貝氏定理 18
3. 研究方法 20
4. 實證結果 24
4.1 手動搜尋方法 24
4.2 自動搜尋方法 27
4.3 小結 31
5. 結論及未來研究 32
參考文獻 33
附錄A}封包分析程式 36
[1] 朱延智,企業危機管理第二版,五南圖書出版股份有限公司,2002。
[2] 李炯三,資訊安全介紹與實例探討(上) ,教育部電子計算中心簡訊,1998。
[3] 連志誠、蔡育銘、劉韋辰,一個使用封包擷取搜尋洩漏個人資訊嫌疑人之方法,2012年第15屆資訊管理學術暨警政資訊實務研討會,2012。
[4] 連志誠、蔡育銘、劉韋辰,雲端虛擬化環境進行搜尋洩漏財務資訊嫌疑人之探討,2011年聯合國際研討會 (Cyber2011),2011。
[5] 連志誠、劉昌武、蔡育銘、陳怡安,推導醫療資訊系統架構之資料交換安全, 文化大學資訊安全技術創新應用研討會,2010。
[6] 乾隆來,迦納來的小交易員毀了瑞銀百年信譽,今周刊,vol. 771,pp. 74-78,September 2011。
[7] 陳曉莉,花旗銀行網站被駭20萬名信用卡客戶資料外洩,iThome online,June 2011,http://www.ithome.com.tw/itadm/article.php?c=68094。
[8] 黃亮宇,資訊安全規畫與管理,松崗圖書,1992。
[9] 黃毓群,法國興業銀行交易員舞弊案案情初步分析,華控月刊,vol. 65,pp. 1-8,2008。
[10] 經濟部標準檢驗局,CNS 17799資訊技術-資訊安全管理之作業要點,經濟部標準檢驗局 Std.,2002。
[11] 經濟部標準檢驗局,CNS 27002:資訊技術-安全技術-資訊安全管理之作業規範標準,經濟部標準檢驗局 Std., 2007。
[12] W. Baker, M. Goudie, A. Hutton, C. D. Hylender, J. Niemantsverdriet, C. Novak, D. Ostertag, C. Porter, M. Rosen, B. Sartin, and P. Tippet, “2010 data breach investigations report,” Verizon Inc., Tech. Rep., 2010.
[13] G. A. Barnard and T. Bayes, “Studies in the history of probability and statistics: Ix. thomas bayes's essay towards solving a problem in the doctrine of chances,” Biometrika, vol. 45, no. 3/4, pp. 293-315, 1958, http://www.jstor.org/stable/2333180.
[14] N. L. Beebe and V. S. Rao, “Improving organizational information security strategy via meso-level application of situational crime prevention to the risk management process,” Communications of the Association for Information Systems, vol. 26, no. 1, pp. 329-358, 2010.
[15] S. Benninga, Financial Modeling, 3rd ed. Massachusetts Institute of Technology,
2008.
[16] D. L. Carter and A. J. Katz, “Computer crime and security: the perceptions and experiences of corporate security directors,” Security Journal, vol. 7, pp. 101-108, 1996.
[17] D.-Y. Chiu, T.-T. Chung, and C.-S. Wang, “Attacking and defending perspective of e-crime behavior and psychology: A systemic dynamic simulation approach,” in In-novative Computing, Information and Control (ICICIC), 2009 Fourth International Conference on, 2009, pp. 1035-1039.
[18] L. Cunhua, H. Yun, and Z. Zhaoman, “An event ontology construction approach to web crime mining,” in Fuzzy Systems and Knowledge Discovery (FSKD), 2010 Seventh International Conference on, vol. 5, 2010, pp. 2441-2445.
[19] J. DArcy, A. Hovav, and D. Galletta, “User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach,” Information Systems Research, vol. 20, pp. 79-98, mar 2009.
[20] C. Easttom and D. J. Taylor, Computer Crime, Investigation, and the Law. Course Technology, 2011.
[21] A. R.-W. Fung, K.-J. Farrn, and A. C. Lin, “Paper: a study on the certification of the information security management systems,” Computer Standards Interfaces, vol. 25, no. 5, pp. 447-461, 2003, http://linkinghub.elsevier.com/retrieve/ pii/S092054890300014X.
[22] IBM, “Ibm data security support programs,” IBM, Tech. Rep., 1984.
[23] I. T. R. Center, “Itrc breach report 2008 final,” Identity Theft Resource Center, Tech. Rep., 2009.
[24] ISO, Information technology-Security techniques-Code of Practice for Information Security Management, International Organization for Standardization, 2005.
[25] K. Jeong, J. Park, M. Kim, and B. Noh, “A security coordination model for an inter-organizational information incidents response supporting forensic process,” in Net-worked Computing and Advanced Information Management, 2008. NCM '08. Fourth International Conference on, vol. 2, 2008, pp. 143-148.
[26] Chih-Cheng Lien, Chi-Chuan Ho and Yu-Ming Tsai, “Applying Fuzzy Decision Tree to Infer Abnormal Accessing of Insurance Customer Data,” the 8th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD'11), 2011.
[27] Chih-Cheng Lien, Yu-Ming Tsai, and David Kao, “An Event-based Approach to Detect Financial Information Leakage of Corporations,” The 7th International Conference on Knowledge Community, 2011.
[28] Chih-Cheng Lien, Yu-Ming Tsai, Wei-Chen Liu and Chi-Chuan Ho, “A Method to Detect the Possibilities of Personal Information,” The 8th International Conference on Knowledge Community, 2012.
[29] G. Me and P. Spagnoletti, “Situational crime prevention and cyber-crime investi-gation: the online pedo-pornography case study,” in Computer as a Tool, 2005. EUROCON 2005. The International Conference on, vol. 2, 2005, pp. 1064-1067.
[30] A. Melek, “2010 Financial Services Global Security Study-The faceless threat,” Deloitte, Tech. Rep., 2010.
[31] A. Melek, “2006 Global security survey,” Deloitte, Tech. Rep., 2006.
[32] P. Institute, “First Annual Cost of Cyber Crime Study,” Ponemon Institute, Tech. Rep., 2010.
[33] P. Institute, “Fourth annual us cost of data breach study,” Ponemon Institute, Tech. Rep., 2009.
[34] H. v. H. S. H. v. S. Von Solms, R. and W. J. Caelli, “A framework for information ecurity evaluation,” Information and Management, vol. 26, pp. 143-153, 1994.
[35] G. Stoneburner, A. Goguen, and A. Feringa, “Risk management guide for information technology systems,” the National Institute of Standards and Technology, July 2002,http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf.
[36] N. B. Sukhai, “Hacking and cybercrime,” in Proceedings of the 1st annual conference on Information security curriculum development, ser. InfoSecCD '04. New York, NY, USA: ACM, 2004, pp. 128-132,http://doi.acm.org/10.1145/1059524.1059553.
[37] S. C. Sun, “A Case Study of Computerized Information Circle of Criteria Governing the Internal Control with BS 7799 and COBIT, ” Department of Accounting, Chung Yuan Christian University, June 2003.
[38] S. Trilling, “Understanding clean pipe solutions,” Symantec Inc, August 2000, http://enterprisesecurity.symantec.com/article.cfm?articleid=192n&PID=nan&EID=0.
[39] R. Willison and M. Siponen, “Overcoming the insider: reducing employee computer crime through situational crime prevention,” Commun. ACM, vol. 52, pp. 133-137, September 2009, http://doi.acm.org/10.1145/1562164.1562198.
[40] Wireshark, “Introduction to wireshark,” 2011, http://www.wireshark.org/.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top