跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.91) 您好!臺灣時間:2025/01/21 10:28
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:洪韻茹
研究生(外文):HUNG,YUN-RU
論文名稱:資安風險評鑑異常偵測之漏列個資欄位的個資項目
論文名稱(外文):Missing Personal Information Project for Information Security Risk Assessment Anomaly Detection
指導教授:楊耿杰楊耿杰引用關係魏銪志魏銪志引用關係
指導教授(外文):YANG,KENG-CHIEHWEI,YU-CHIH
口試委員:陳正佑姜林杰祐楊耿杰魏銪志
口試委員(外文):CHEN, JHENG-YOUCHIANGLIN,CHIEH-YOWYANG,KENG-CHIEHWEI,YU-CHIH
口試日期:2019-06-17
學位類別:碩士
校院名稱:國立高雄科技大學
系所名稱:金融資訊系
學門:商業及管理學門
學類:財務金融學類
論文種類:學術論文
論文出版年:2019
畢業學年度:107
語文別:中文
論文頁數:56
中文關鍵詞:資安風險評鑑異常偵測個資項目
外文關鍵詞:Information Security Risk AssessmentAnomaly DetectionPersonal Information Project
相關次數:
  • 被引用被引用:0
  • 點閱點閱:433
  • 評分評分:
  • 下載下載:7
  • 收藏至我的研究室書目清單書目收藏:0
企業與組織逐漸依賴電腦系統,資訊安全風險評鑑為資訊安全重要一環,為風險管理的基礎,是組織確認資訊安全要求的途徑,運用資訊科技提升運作效率以取得競爭優勢,使得資訊安全議題顯得更加重要。為提升資訊安全,資訊安全風險評鑑是改善資訊安全風險相當有效的方法,然而所識別出資料可能因蓄意或人為疏失等因素,所導致資料填寫不當與遺漏之資料。風險評鑑常由單一人員憑藉著過去經驗累積加上隨機腦力激盪,每個人對風險的認知與容忍度不盡相同容易就單一層面判斷問題,即使採用相同的方法評估亦會產生不同的風險等級,產生過於主觀偏頗或評估出錯誤的決策結果。

本研究通過機器學習方式建立有效的檢測機制,可快速且精確地將風險評鑑資料中的個資資產項目,可能在個資欄位識別錯誤的部份進行標示,有效的縮小資料範圍快速抽取異常項目,減少資料檢查人員執行風險評鑑資料檢查所需耗費的時間,可有效降低人力成本,以快速且精準的檢測機制有效提升執行檢測的效率。
Nowadays, enterprises and companies rely more and more on computer system. Information security and risk assessment become an important key to protect information in the organization. Utilizing information technology to enhance working efficiency can become competitive, which strengthen the importance of information security.

The assessment is an effective way to improve information security. However, those data and results may be wrong due to personal negligence. For many cases, risk assessments always rely on some specific person’s experience and their own definition. Everyone has their personal recognition and tolerance to “Risk.” As a result, even people use the same way to do evaluation, the risk rating may be different because of subjective bias or evaluation error.
This thesis is to establish an effective detection mechanism through machine learning. This mechanism can detect and markup those error field in personal information rapidly and accurately. It can minimize the range of abnormal information and reduce the time that inspectors execute risk assessments. Therefore, with the mechanism of machine learning, organization can not only reduce cost in human resource but enhance the accuracy and efficiency in execute detection.
摘要
Abstract
目錄
表格

第 1 章. 緒論
1.1. 研究背景
1.2. 研究動機
1.3. 研究目的
1.4. 論文架構
第 2 章. 文獻探討
2.1. 資安風險評鑑的分類
2.2. ISO/IEC 31000
2.3. ISO/IEC 31010
2.4. ISO/IEC 27005
2.5. ISO/IEC 29134
2.6. NIST SP 800-30
2.7. 運用機器學習輔助風評鑑
第 3 章. 研究方法
3.1. 相似度量測
3.1.1. 餘弦距離 (Cosine Distance)
3.1.2. 傑卡德距離 (Jaccard Distance)
3.1.3. 歐幾里德距離 (Euclidean Distance)
3.2. 文字斷詞
3.3. 機器學習 _K-means
3.4. 資料探勘工具 _Orange3
第 4 章. 研究分析
4.1. 原始資料
4.2. 資料預處理
4.3. 文字斷詞
4.4. 資料轉換
4.5. 機器學習
4.6. 篩選相似度高之資料
4.7. 列出可能異常之資料
第 5 章. 結論
References
[1] Alireza Shameli-Sendi, Rouzbeh Aghababaei-Barzegar, and Mohamed Cheriet. Taxonomy of information security risk assessment (isra). Computers & security, 57:14– 30, 2016.
[2] 鄭皓陽祝亞琪, 魏銪志. 資訊安全風險評鑑方法比較. In: 電腦稽核,23,(2011), pp:26–43.
[3] ISO Central Secretary. ISO/IEC 31000 Risk management. standard, International Organization for Standardization, 2018.
[4] ISO Central Secretary. ISO/IEC 31010 Risk management —Risk assessment techniques. standard, International Organization for Standardization, 2009.
[5] ISO Central Secretary. ISO/IEC 27005 Information technology - Security techniques - Information security risk management. standard, International Organization for Standardization, 2018.
[6] Joint Task Force Transformation Initiative. Sp 800-30 Revision1 Guide for Conducting Risk Assessments. Technical report, 2012.
[7] ISO Central Secretary. ISO/IEC 29134 Information technology —Security techniques —Guidelines for privacy impact assessment. standard, International Organization for Standardization, 2017.
[8] Elaine Hulitt and Rayford B Vaughn. Information system security compliance to fisma standard: a quantitative measure. Telecommunication Systems, 45(2-3):139– 152, 2010.
[9] Evan Wheeler. Building an information security risk management program from the ground up. Wheeler, Ed. Waltham, 2011.
[10] Zeynep Filiz Eren-Dogu and Can Cengiz Celikoglu. Information security risk assessment: Bayesian prioritization for ahp group decision making. International Journal of Innovative Computing, Information and Control, 8(8001-8018):46, 2012.
[11] Mete Eminagaoglu and Saban Eren. Implementation and comparison of machine learning classifiers for information security risk analysis of a human resources department. In 2010 International Conference on Computer Information Systems and Industrial Management Applications (CISIM), pages 187–192. IEEE, 2010.
[12] Dong-Mei Zhao, Jin-Xing Liu, and Ze-Hong Zhang. Method of risk evaluation of information security based on neural networks. In 2009 International Conference on Machine Learning and Cybernetics, volume 2, pages 1127–1132. IEEE, 2009.
[13] Zhang Xinlan, Huang Zhifang, Wei Guangfu, and Zhang Xin. Information security risk assessment methodology research: Group decision making and analytic hierar44 chy process. In 2010 Second world congress on software engineering, volume 2, pages 157–160. IEEE, 2010.
[14] Alfredo Altuzarra, José María Moreno-Jiménez, and Manuel Salvador. A bayesian priorization procedure for ahp-group decision making. European Journal of Operational Research, 182(1):367–382, 2007.
[15] Mansour Alali, Ahmad Almogren, Mohammad Mehedi Hassan, Iehab AL Rassan, and Md Zakirul Alam Bhuiyan. Improving risk assessment model of cyber security using fuzzy logic inference system. Computers & Security, 74:323–339, 2018.
[16] 陳志誠, 林淑瓊, 李興漢, and 許派立. 資訊資產分類與風險評鑑之研究-以銀行 業為例. 資訊管理學報, 16(3):55–84, 2009.
[17] 邱垂彥. 文章內容與圖像的相似性分析. Thesis, 2016.
[18] Gang Qian, Shamik Sural, Yuelong Gu, and Sakti Pramanik. Similarity between Euclidean and cosine angle distance for nearest neighbor queries. Proceedings of the 2004 ACM symposium on Applied computing. 2004.
[19] Abhishek Jain, Aman Jain, Nihal Chauhan, Vikrant Singh, and Narina Thakur. Information retrieval using cosine and jaccard similarity measures in vector space model. Int. J. Comput. Appl, 164:28–30, 2017.
[20] Jin Zhang and Robert R Korfhage. A distance and angle similarity measure method. Journal of the American Society for Information Science, 50:772–778, 1999. [21] Anirut Suebsing and Nualsawat Hiransakolwong. Feature selection using euclidean distance and cosine similarity for intrusion detection model. 2009 First Asian Conference on Intelligent Information and Database Systems. 2009.
[22] Eric P Xing, Michael I Jordan, Stuart J Russell, and Andrew Y Ng. Distance metric learning with application to clustering with side-information. In Advances in neural information processing systems, pages 521–528, 2003.
[23] R Short and Keinosuke Fukunaga. The optimal distance measure for nearest neighbor classification. IEEE transactions on Information Theory, 27(5):622–627, 1981.
[24] Archana Singh, Avantika Yadav, and Ajay Rana. K-means with three different distance metrics. International Journal of Computer Applications, 67(10), 2013.
[25] Sergio Jimenez, Fabio A Gonzalez, and Alexander Gelbukh. Mathematical properties of soft cardinality: Enhancing jaccard, dice and cosine similarity measures with element-wise distance. Information Sciences, 367:373–389, 2016.
[26] Suphakit Niwattanakul, Jatsada Singthongchai, Ekkachai Naenudorn, and Supachanun Wanapu. Using of Jaccard coefficient for keywords similarity, volume 1 of Proceedings of the international multiconference of engineers and computer scientists. 2013.
[27] Manoj Chahal. Information retrieval using jaccard similarity coefficient. Int. J. Comput. Trends Technol, 36:140–143, 2016. 45
[28] AM FAHIM, AM SALEM, FA TORKEY, and MA RAMADAN. An efficient enhanced k-means clustering algorithm. Journal of Zhejiang University-SCIENCE A (Applied Physics & Engineering), 7(10):2.
[29] David Pollard et al. Strong consistency of k-means clustering. The Annals of Statistics, 9(1):135–140, 1981.
[30] Shehroz S Khan and Amir Ahmad. Cluster center initialization algorithm for kmeans clustering. Pattern recognition letters, 25(11):1293–1302, 2004.
[31] Gerhard Münz, Sa Li, and Georg Carle. Traffic anomaly detection using k-means clustering. In Proceedings of Leistungs-, Zuverlässigkeits-und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 4. GI/ITG-Workshop MMBnet 2007, 2007.
[32] Yasser Yasami and Saadat Pour Mozaffari. A novel unsupervised classification approach for network anomaly detection by k-means clustering and id3 decision tree learning methods. The Journal of Supercomputing, 53(1):231–245, 2010.
[33] Roya Ensafi, Soheila Dehghanzadeh, R Mohammad, and T Akbarzadeh. Optimizing fuzzy k-means for network anomaly detection using pso. In 2008 IEEE/ACS International Conference on Computer Systems and Applications, pages 686–693. IEEE, 2008.
[34] Moisés F Lima, Bruno B Zarpelao, Lucas DH Sampaio, Joel JPC Rodrigues, Taufik Abrao, and Mario Lemes Proença. Anomaly detection using baseline and k-means clustering. In SoftCOM 2010, 18th International Conference on Software, Telecommunications and Computer Networks, pages 305–309. IEEE, 2010.
[35] Ravi Ranjan and G Sahoo. A new clustering approach for anomaly intrusion detection. arXiv preprint arXiv:1404.2772, 2014.
[36] Paul Jaccard. Distribution de la flore alpine dans le bassin des dranses et dans quelques régions voisines. Bull Soc Vaudoise Sci Nat, 37:241–272, 1901.
[37] Wang Huiqin and Lin Weiguo. Analysis of the Art of War of Sun Tzu by Text Mining Technology. 2018 IEEE/ACIS 17th International Conference on Computer and Information Science (ICIS). 2018.
[38] 梁敬东,崔丙剑,姜海燕,沈毅,谢元澄. 基于 word2vec 和 lstm 的句子相 似度计算及其在水稻 faq 问答系统中的应用. ࠄ京䞏䛳大䗄䗄㟥, 41:946–953, 2018.
[39] 鄭家恒,李文花. 基于構詞法的網絡新詞自動識別初探. JOURNAL OF SHANXI UNIVERSITY(NATURAL SCIENCE EDITION), pages 115–119, 2002.
[40] James MacQueen et al. Some methods for classification and analysis of multivariate observations. In Proceedings of the fifth Berkeley symposium on mathematical statistics and probability, volume 1, pages 281–297. Oakland, CA, USA, 1967.
[41] Trupti M Kodinariya and Prashant R Makwana. Review on determining number of cluster in k-means clustering. International Journal, 1(6):90–95, 2013. 46
[42] 林良泰 and 陳乃萁. K-means 集群分析法應用於號誌定時時制時段劃分之研 究. 運輸學т, 22(3):347–368, 2010.
[43] 法務部. 個人資料保護法之特定目的及個人資料之類別, 1996.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top