跳到主要內容

臺灣博碩士論文加值系統

(3.235.185.78) 您好!臺灣時間:2021/07/29 23:11
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:高燕芬
研究生(外文):Yen-Fen Kao
論文名稱:應用雲端環境下資源重分配之特性以最小化服務被攻克率
論文名稱(外文):Minimization of Service Compromise Probability Using Resource Reallocation Strategies in a Cloud Computing Environment
指導教授:林永松林永松引用關係
口試委員:孔令傑鍾順平呂俊賢莊東穎
口試日期:2015-07-31
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊管理學研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2015
畢業學年度:103
語文別:中文
論文頁數:69
中文關鍵詞:資源重新分配數學規劃法網路存活度雲端運算蒙地卡羅法最佳化
外文關鍵詞:Resource ReallocationMathematical ProgrammingNetwork SurvivabilityCloud ComputingMonte Carlo SimulationOptimization
相關次數:
  • 被引用被引用:0
  • 點閱點閱:87
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
在過去的幾年裡,我們已經看到了IT投資的大幅增長,於是出現雲端計算這個新的名詞。目前已經有許多的企業與組織採用雲端運算。然而,仍然有一些技術障礙,可能會阻止雲端計算成為一個真正的無處不在的服務。尤其是對於顧客在基礎設施的安全性上有嚴格或複雜的要求。對一些著名的企業的新的網路攻擊以及雲端上網路攻擊會更多的預測,都使得雲端運算面臨了可能會減緩其發展的威脅。網絡攻擊的數量現在已經非常多,也具有很大的複雜性,許多組織都遇到了要確定哪些新的威脅和漏洞帶來的風險最大的問題,以及資源應如何分配,以確保要首先處理最可能的破壞性攻擊。
但另一方面,防禦機制的發展也相當多元,所以有相當多的防禦措施可供防禦者選擇以保護服務不受外在威脅。資源重新分配是用於分配大規模任務的可用資源的方法。該方法考慮了在虛擬化的環境中的網絡狀態。我們可以運用雲端資源可重新分配的這個特形,也就是當service預測到高危險,會將VM關掉,並將該VM的資源加到其他VM,以加強防禦能力。
因此我們希望能夠提供一個方法,讓雲端服務的提供商能夠有效的佈建資安防禦措施來增加網路的存活度,加以抵抗外在環境的威脅。在本研究中,將會著重在資源重新分配的防禦機制去抵抗攻擊。研究問題會使用Monte Carlo simulation 來模擬結果。最後找出防禦者最好的防禦策略配置方式。


In the last few years, we have seen a dramatic growth in IT investments, and a new term has come on the surface which is cloud computing. Cloud Computing has been highly adopted by many enterprises and organizations. However, there are still a number of technical barriers that may prevent cloud computing from becoming a truly ubiquitous service. Especially where the customer has strict or complex requirements over the security of an infrastructure. The latest cyber-attacks on high profile firms (Amazon, Google and Sony’s PlayStation) and the predictions of more cyberattacks on cloud infrastructure are threatening to slow the take-off of cloud computing. The numbers of cyber-attacks are now extremely large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt first.
In contrast, the network defense mechanism is diverse development, so there have more defense alternative for defender to protect the network from external threats. The resource reallocation is the method to allocate the large-scale task to the available resource. The method considers a network state on the virtualization environments. When the service predicted high risk level, a VM will be switch off and withdraw the VM resources to strengthen defense capabilities.
Hence, we help the service provider to allocate their defense resource, in order to find the most efficient way against external attacks. In this thesis, we focus on resource reallocation to increasing the network survivability. And we use Monte Carlo to simulate the model of the network attack-defense scenario. Finally, the ultimate goal is to figure out the optimal defense strategy.


致謝 i
Thesis Abstract ii
論文摘要 iv
List of Figures viii
List of Tables ix
Chapter 1 Introduction 1
1.1 Background 1
1.2 Motivation 6
1.3 Literature Survey 9
1.3.1 Survivability 9
1.3.2 Information Warfare in Cloud 11
1.4 Thesis Organization 13
Chapter 2 Problem Formulation 14
2.1 Problem Description 14
2.1.1 Attacker Perspective 14
2.1.2 Attacker Optimization 18
2.1.3 Defender Perspective 22
2.2 Attack-Defense Scenarios 29
2.2.1 Contest Success Function 29
2.2.2 The Sight of the Network 30
2.3 Mathematical Formulation 36
Chapter 3 Solution Approach 41
3.1 Mathematical Programming 41
3.2 Monte Carlo Simulation 42
3.3 Problem Evaluation Process 44
3.4 Policy Enhancement 47
3.4.1 Defender Enhancement 47
Chapter 4 Computational Experiment 52
4.1 Experiment environment 52
4.2 Simulation Result 54
4.2.1 Convergence Evaluation Times 54
4.2.2 Topology robustness 55
4.2.3 Attack strategy analysis 56
4.2.4 Defense strategy analysis 57
4.2.5 Enhancement results 60
Chapter 5 Conclusion and Future Work 63
Reference 65



[1] Symantec (2015). Internet Security Threat Report, 2015 Trends, Volume 20. California.
[2] IBM Internet Security Systems X-Force research and development team (2015, September). IBM X-Force Threat Intelligence Quarterly,1Q 2015. New York.
[3] Cisco (2014). Cisco 2014 Annual Security Report. San Jose.
[4] Yu, S., Doss, R., Zhou, W., and Guo, S. (2013, June). A general cloud firewall framework with dynamic resource allocation. In Communications (ICC), 2013 IEEE International Conference on, pp. 1941-1945.
[5] Xing, T., Huang, D., Xu, L., Chung, C. J., and Khatkar, P. (2013, March). SnortFlow: A OpenFlow-Based Intrusion Prevention System in Cloud Environment. In Research and Educational Experiment Workshop (GREE), 2013 Second GENI (pp. 89-92).
[6] Yang, L., Zhang, T., Song, J., Wang, J. S., and Chen, P. (2012, May). Defense of DDoS attack for cloud computing. In Computer Science and Automation Engineering (CSAE), 2012 IEEE International Conference on (Vol. 2, pp. 626-629).
[7] Kumar, N., and Sharma, S. (2013, July). Study of intrusion detection system for DDoS attacks in cloud computing. In Wireless and Optical Communications Networks (WOCN), 2013 Tenth International Conference on (pp. 1-5).
[8] Moitra, S. D., and Konda, S. L. (2000). A simulation model for managing survivability of networked information systems (No. CMU/SEI-2000-TR-021). CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.
[9] Shi, J., and Fonseka, J. P. (1995, November). Traffic-based survivability analysis of telecommunications networks. In Global Telecommunications Conference, 1995. GLOBECOM''95., IEEE (Vol. 2, pp. 936-940).
[10] Wilson, M. R. (1998). The quantitative impact of survivable network architectures on service availability. Communications Magazine, IEEE, 36(5), 122-126.
[11] J.E. Eegleston, J.K. Mackie-Mason, M.P. Wellman, S. Jamin, T.P. Kelly, and W.E. Walsh. (2000, January). Survivability through Market Based Adaptivity: the MARX Project. In Proceedings of DARPA Information Survivability Conference and Exposition 2000. Volume 2, pp. 145-156.
[12] Westmark, V. R. (2004, January). A definition for information system survivability. In System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on (pp. 10-pp).
[13] A. Snow, G. Weckman, and P. Rastogi. (2005, October). Assessing Dependability of Wireless Networks Using Neural Networks. In IEEE Military Communications Conference, 2005. Volume 5, pp. 2809-2815.
[14] Al-Zahrani, F. A. (2006, April). Survivability performance evaluation of slotted multi-fiber optical packet switching networks with and without wavelength conversion. In Information and Communication Technologies, 2006. ICTTA''06. 2nd (Vol. 2, pp. 2242-2247).
[15] Zhang, L. J., Wang, W., Guo, L., Yang, W., and Yang, Y. T. (2007, August). A survivability quantitative analysis model for network system based on attack graph. In Machine Learning and Cybernetics, 2007 International Conference on (Vol. 6, pp. 3211-3216).
[16] Qian, Y., Lu, K., and Tipper, D. (2007). A design for secure and survivable wireless sensor networks. Wireless Communications, IEEE, 14(5), 30-37.
[17] Ma, Z. (2008, March). Survival analysis approach to reliability, survivability and prognostics and health management (phm). In Aerospace Conference, 2008 IEEE (pp. 1-20).
[18] Yallouz, J., and Orda, A. (2013, April). Tunable QoS-aware network survivability. In INFOCOM, 2013 Proceedings IEEE (pp. 944-952).
[19] Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., and Lee, I. (2009). Above the clouds: A Berkeley view of cloud computing. Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS, 28, 13.
[20] Fan, G., Yu, H., Chen, L., and Liu, D. (2013, June). A Game Theoretic Method to Model and Evaluate Attack-Defense Strategy in Cloud Computing. In Services Computing (SCC), 2013 IEEE International Conference on (pp. 659-666).
[21] Wang, Q., and Jin, H. (2011, June). Data leakage mitigation for discretionary access control in collaboration clouds. In Proceedings of the 16th ACM symposium on Access control models and technologies (pp. 103-112).
[22] Grobauer, B., Walloschek, T., and Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security & Privacy, IEEE, 9(2), 50-57.
[23] Subashini, S., and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
[24] Hwang, F. K., Richards, D. S., and Winter, P. (1992). The Steiner tree problem. Elsevier.
[25] Skaperdas, S. (1996). Contest success functions. Economic Theory, 7(2), 283-290.
[26] Peng, R., Levitin, G., Xie, M., and Ng, S. H. (2010). Optimal defence of single object with imperfect false targets. Journal of the Operational Research Society,62(1), 134-141.
[27] Hausken, K., and Levitin, G. (2008). Efficiency of even separation of parallel elements with variable contest intensity. Risk Analysis, 28(5), 1477-1486.
[28] Cobb, C. W., and Douglas, P. H. (1928). A theory of production. The American Economic Review, 18(1), 139-165.


QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關點閱論文