跳到主要內容

臺灣博碩士論文加值系統

(44.213.60.33) 您好!臺灣時間:2024/07/20 05:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:陳泊錦
論文名稱:社交工程的戰術戰法研析之研究
論文名稱(外文):Research and Analysis of Social Engineering Tactics and Tactics
指導教授:賴泰宏
指導教授(外文):Lai Tai Hong
口試委員:羅序仁劉中宇賴泰宏王仁甫周憲政
口試委員(外文):Luo Xu RenLiu Zhong YuLai Tai HongWang Ren FuZhou Xian Zheng
口試日期:2024-05-13
學位類別:碩士
校院名稱:國防大學
系所名稱:網路安全碩士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2024
畢業學年度:112
語文別:中文
論文頁數:130
中文關鍵詞:社交工程釣魚程式木馬程式戰術運用心理戰
外文關鍵詞:Social EngineeringPhishingTrojan HorseTactical ApplicationPsychological Warfare
相關次數:
  • 被引用被引用:0
  • 點閱點閱:40
  • 評分評分:
  • 下載下載:9
  • 收藏至我的研究室書目清單書目收藏:0
現付網路戰爭是一場分秒必爭的競賽,成功取勝不僅需要有效的策略指導,更要在戰術層陎上做出適當且精準配合,我們觀察到社交工程的在網路戰場的重要性,藉研究的過程,要點在探索網路戰場交戰時,能夠即時獲取敵方戰場資訊,同時希望能探討戰術理論能夠在社交工程中給予資訊戰軍官可以靈活運用戰術計畫之上,強化部隊資訊戰的能力,將部隊的網路行動與學術理論有效用的結合,邁向現付化兵學實踐的道路。 通過深入的研究,我們的目標可以加強資訊戰方式,並能夠選擇最佳的間接路線,並配合國際現勢,這將有助於提升現有網路部隊的戰力,使其在戰場上能夠更為專業的執行任務,在研究中致力學術理論實踐,落實在研究戰法與狀況相結合,使我們的行動更具有迅速性和戰術性,使敵方難以洞悉我方計劃,以此取得戰場的勝利。 透過這項研究,我們希望在社交工程的戰術研究上有更好的方法,並與網路部隊的作戰能力相結合,終極的目標是使我方能夠在網路戰場上運籌帷幄,構思出一個戰術框架,以智慧取勝利,也是對未來戰爭形勢的應對策略,我們深信這項研究將為學術界帶來新的洞察與貢獻,同時也為我國網路戰爭內的社交工程戰術可以強化專業性堅定國防學術後盾的能量。
Modern cyber warfare is a race where every second counts. Successful victory not only requires effective strategic guidance, but also appropriate and precise coordination at the tactical level. We observe the importance of social engineering in cyber warfare, and through the research process, we are exploring the ability to obtain timely information about the enemy's battlefield when engaging in cyber warfare and we hope to explore tactical theories that can give information warfare officers the flexibility to use tactical plans in the context of social engineering. At the same time, we hope to explore how tactical theories can be used in social engineering to give information warfare officers the flexibility to use tactical plans to strengthen the information warfare capabilities of the army, and to integrate the network operations of the army with academic theories in a practical way, towards the path of modernized military practice. Through in-depth research, our goal is to strengthen the information warfare approach and be able to choose the best indirect routes and match the international situation, which will help to enhance the combat power of the existing cyber troops and enable them to carry out their missions more professionally on the battlefield. This will make our actions more rapid and tactical, making it difficult for the enemy to understand our plans, and thus achieving victory on the battlefield.
Through this research, we hope to have a better approach in the research of social engineering tactics, and to combine it with the operational capabilities of cyber forces. The ultimate goal is to enable our side to strategies on the cyber battlefield, and to conceive a tactical framework to achieve victory through
vii
wisdom, as well as a strategy to cope with the future war situation. We are confident that this research will bring new insights and contributions to the academic community, and at the same time, strengthen the professionalism of social engineering tactics in cyber warfare and solidify the energy of the national defense academic backing of our country.
誌謝 .................................................................................................................................................... iv
摘要 ..................................................................................................................................................... v
ABSTRACT .................................................................................................................................... vi
表目錄 ............................................................................................................................................... xi
圖目錄 .............................................................................................................................................. xii
1. 緒論 ............................................................................................................................................... 1
1.1 研究背景 .................................................................................................................................. 1
1.2 研究動機 .................................................................................................................................. 4
1.3 研究目的 .................................................................................................................................. 5
1.4 研究範圍與限制 ................................................................................................................... 6
1.5 研究架構 .................................................................................................................................. 7
1.6 章節安排 .................................................................................................................................. 8
1.7 研究問題 ................................................................................................................................ 11
2. 文獻探討 ................................................................................................................................... 12
2.1 社交工程 ........................................................................................................................... 12
2.2 釣魚程式 ................................................................................................................................ 21
ix
2.3 木馬程式 ................................................................................................................................ 24
2.4 戰術運用 ................................................................................................................................ 37
2.5 心理戰 ..................................................................................................................................... 45
2.6 社交工程攻擊案例 ............................................................................................................ 48
2.7 小結 .......................................................................................................................................... 52
3. 研究方法 ................................................................................................................................... 53
3.1 研究方法 ................................................................................................................................ 53
3.2 深度訪談法 ........................................................................................................................... 56
3.3 文獻分析法 ........................................................................................................................... 59
3.4 研究途徑 ................................................................................................................................ 60
3.5 社交工程戰術架構 ............................................................................................................ 62
4. 研究結果與分析 .................................................................................................................... 63
4.1 研究結果 ................................................................................................................................ 63
4.2 社交工程案例 ...................................................................................................................... 65
4.3 運用網路遊戲帄臺作為社交工程發展的可能 ................................................ 90
4.4 運用音樂或影片做為社交工程發展的可能 .......................................................... 93
x
4.5 小結 .......................................................................................................................................... 95
5. 結論 ............................................................................................................................................. 99
5.1 研究發現 ................................................................................................................................ 99
5.2 研究建議 .............................................................................................................................. 105
參考文獻 ....................................................................................................................................... 107
附錄 ................................................................................................................................................. 115
附錄1 學者基本資料 .............................................................................................................. 115
附錄2 訪談題目大綱 .............................................................................................................. 116
附錄3 受訪談邀請函 .............................................................................................................. 117
附錄4 參與訪談研究同意書 ............................................................................................... 118
附錄5 訪談對話逐字稿 ......................................................................................................... 119
自傳 ................................................................................................................................................. 130
xi
表目錄
表1 新聞案例整理 ......................................................................................... 48
表2 立委批國內資訊安全毫無防備致使中共的駭客用釣魚程式盜取機關帳號分析 ..................................................................................................... 77
表3 選戰後陎後的陰謀是中共駭客組織在臺灣實施社交工程行動 ........... 78
表4 以色列與哈瑪斯組織的衝突,哈瑪斯駭客網路攻擊,我國應借鏡,需要強化整體網路安全分析 ...................................................................... 79
表5 駭客以包裝精美的電子信件實施釣魚攻擊的情形,企圖不法手段獲取政府機關的帳號密碼分析 ...................................................................... 81
表6 中國駭客SugarGh0st RAT 針對韓國和烏茲別克攻擊分析 ................ 82
表7 韓國造船廠遭到北韓駭客攻擊國家情報院警告攻擊分析 ................... 83
表8 韓國警方稱北韓駭客瞄準美韓軍事演習攻擊分析 .............................. 84
表9 拉撒路搶劫案:北韓如何幾乎完成了價值十億美元的駭客攻擊攻擊分析 ............................................................................................................. 85
表10 中國駭客攻擊俄羅斯國防企業卡巴斯基實驗室攻擊分析 ................. 86
表11 梅塔警告說,針對南亞軍事人員的網路間諜活動攻擊分析 ............. 87
表12 比利時網路安全機構將中國與針對議員的魚叉式網路釣魚攻擊聯繫貣來的攻擊情形 ...................................................................................... 88
表13 木馬屠襲我國政府企業全遭殃攻擊分析 ............................................ 89
xii
圖目錄
圖1 研究架構圖 ............................................................................................... 7
圖2 社交工程的攻擊流程圖 ......................................................................... 15
圖3 Social engineering attack framework,Protecting against social engineering ................................................................................................................. 21
圖4 Deception Modeling: Email Phishing Research Case ............................... 24
圖5 Trojan classification ................................................................................. 30
圖6 社交工程戰術架構 ................................................................................. 96
圖7 社交工程戰法架構之一 ......................................................................... 97
圖8 社交工程戰法架構之二 ......................................................................... 98
參考文獻
[1] https://www.proofpoint.com/us/threat-reference/social-engineering(2023.11.11).
[2] 李美燕,「國軍對社交工程安全控管與運用之研究」,陸軍通資半年刊,第124期,第22-38頁,民國104年9月。
[3] Brian E. Skarda, “Implementing Offensive Social Engineering for the Air Force,” Master's Thesis, Department of the Air Force, Aviation University, Alabama, pp.6-14, March 2008.
[4] Ding Nuo, Shen Mingche, Wei Peng, “Research on Trojan Camouflage Technology”, Progress in Intelligent System Research, Volume 132, Alantis Press, Central South University of Forestry and Technology, 2017, Page 304.
[5] Abuzaid, A. M., Saudi, M. M., Taib, B. M., and Abdullah, Z. H., “An efficient trojan horse classification (ETC),”International Journal of Computer Science Issues, Vol.10, No. 2, p.97, 2013.
[6] Jain, A., Tailang, H., Goswami, H., Dutta, S., Sankhla, M. S., and Kumar, R., “Social engineering: Hacking a human being through technology,” IOSR Computer Engineering Journal, Vol. 18, No. 5, pp. 95-98, 2016.
[7] Schaab, P., Beckers, K., and Pape, S., “A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology,”Proc. HAISA, pp. 241-251, 2016.
[8] Holt, T. J., and Bossler, A. M., The palgrave handbook of international cybercrime and cyberdeviance. London: palgravemacmillan, pp.3-8, 2019.
[9] Orchid, Park Woo-gil1, * Orchid, and Mogudam Siddiqui *,“Research on the Psychology of Cyber Attacks and Existing Countermeasures, ”Department of Sociology, Yeungnam University, University of Karachi, Gyeongsan, South Korea, Karachi, Pakistan, June 14, 2022, Page 17. 2-3
[10] https://www.taichung.gov.tw/media/207158/451615515371.(2023.9.18).
108
[11] 粘敬宣、陳慶文,「電子郵件內之警告內容與資訊素養高低是否能有效抵禦社交工程之攻擊行為?」第十七屆資訊管理暨實務研討會,高雄,第4頁,2011。
[12] Lena Rariby, “Development of a Taxonomy of Social Engineering Methods,” Master's Thesis, Naval Academy, Monterey, California, pp.17-19, June 2006.
[13] https://www.fidelity.com.tw/canonical/1620378150/56/(2023.11.11).
[14] Abraham, S., and Chengalur-Smith, I., “An overview of social engineering malware: Trends, tactics, and implications.” Technology in Society, Vol. 32, No. 3, pp. 183-196, 2010.
[15] https://media.defense.gov/2023/Oct/02/2003312499/-1/-1/0/STRATEGIC_CYBERSPACE_OPERATIONS_GUIDE.PDF
[16] 李俊成,「人格特質與電子郵件社交工程攻擊關係之研究-以國防部某軍事機關為例」,碩士論文,萬能科技大學,桃園,第12頁,2015。
[17] 黃昱榕,「社交工程系統實作與分析研究」,碩士論文,國立高雄第一科技大學,高雄,第14-18頁,2017。
[18] 胡統善,「從社群網站使用者行為模式探討社交工程手法與防制作為」,碩士論文,桃園, 國防大學,第29-30頁,2017。
[19] https://www.researchgate.net/publication/341199647_Defining_Social_Engineering_in_Cybersecurity(2023.11.12)
[20] Wang, Z., Sun, L., and Zhu, H., “Defining social engineering in cybersecurity”. IEEE Access, Vol. 8, pp. 85094-85115, 2020.
[21] https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Social-Engineering/social-engineering_node.html(2024.11.12)
109
[22] Mouton, F., Leenen, L., and Venter, H. S., “Social engineering attack detection model: Seadmv2,” In 2015 International Conference on Cyberworlds (CW), p. 217. 2015.
[23] Juni Ali Covelo, Preventing “Social Engineering Attacks in Enterprise Environments”, Wesleyan University, Connecticut, USA, p. 32, 2020.
[24] https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101-part10.pdf(2023.11.12).
[25] https://www.ijstr.org/final-print/mar2021/Social-Engineering-Attacks-A-Phishing-Case-Simulation.pdf
[26] https://ijramr.com/sites/default/files/issues-pdf/3407.pdf
[27] https://www.scribd.com/document/219802442/The-Phishing-Guide-Understanding-Preventing-Phishing-Attacks-IBM-Internet-Security-Systems(2023.11.12).
[28] https://www.researchgate.net/publication/338487895_Phishing_and_Social_Engineering_Techniques.(2023.11.12)
[29] Butavicius, M., Parsons, K., Pattinson, M., & McCormac, A., “Breaching the human firewall: Social engineering in phishing and spear-phishing emails, ”arXiv preprint arXiv:1606.00887, 2016.
[30] Abdullah Almoqpil, Imam Muhammad Ibn, Brian C. O'Connor, Richard Anderson, Jibril Shitu, Deception Modeling: The Case of Email Phishing Research, Issue 2 Proceedings of the Academy of Literature 2021 Annual Meeting Volume 8, Visual Thinking Laboratory, School of Information Science, University of North Texas, pp. 3-4, 2021
[31] https://www.ithome.com.tw/news/103331 (June 20, 2023).
[32] John McDermott, Center for High Assurance Computing Systems (CHACS), Naval Research Laboratory, Washington, DC, Technical report on removing an important class of Trojans from high-level languages, Conference Paper, p. 1
110
[33] Munika C., Benson-Edwin Raj., “A new architecture for executing phishing through Trojans”, IJCA special issue “Computational Science- New Dimensions and Perspectives”, p. 112, 2011.
[34] Ball D,. “China’s Cyber Warfare Capabilities”, Security Challenges, Vol. 7, No. 2, pp. 81-84, 2011.
[35] https://sansorg.egnyte.com/dl/ZYkhJVghTZ (2024.02.15).
[36] Yunos Z and Nasir Mohd Zin A., “Cyber Data, the Cyber Weapon of the Future, ”National Center for Information and Communications Technology Security and Emergency Response (NISER), The Star InTech, p. 2, 2003.
[37] 趙陣,軍事技術資訊化對作戰方式的影響,自然辯證法研究,第27卷第2期,第40-42頁,2011。
[38] https://www.airuniversity.af.edu/Portals/10/ASPJ/journals/Chronicles/crawford.(2023.9.25).
[39] Wijayarathne, S., “Trojan Malware--Case Study, ” pp. 1-4, 2022.
[40] Zhen fang H., “Research on computer Trojan viruses and their prevention and control, ” International Journal of Engineering and Applied Sciences, Vol. 2, No. 8, p. 95, 2015.
[41] https://arxiv.org/ftp/arxiv/papers/1106/1106.0853.pdf. (2024.02.15)
[42] Rowe, N. “A taxonomy of deception in cyberspace,” International Conference on Information Warfare and Security, pp. 173-181, 2006.
[43] https://www.nbcnews.com/id/wbna44093850 (2023.10.8).
[44] https://www.infosecurity-magazine.com/news/anatsa-banking-trojan-targets-us/(2023.10 . 9).
[45] https://www.scmagazine.com/news/smbs-plagued-by-exploits-trojans-and-backdoors(2023.10. 3).
[46] https://www.cyberlands.io/topsecuritybreachesjapan, (2023. 10. 3).
111
[47] https://www.secrss.com/articles/56192(2023. 10.10).
[48] https://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476 (2023. 10 . 10).
[49] https://www.globaltimes.cn/page/202206/1268801.shtml (2023. 10.10) .
[50] https://securityintelligence.com/news/ukraine-cyber-war-drags-on-with-stealers-trojans-and-more/(2023.10 . 10).
[51] https://www.techspot.com/news/99371-bmw-ad-used-trojan-horse-russian-cyber-attack.html,(2023.10 . 10) .
[52] https://dataconomy.com/2022/11/04/cyber-espionage-examples-types-tactics/(2023.10 . 10).
[53] https://www.globaltimes.cn/page/202209/1276192.shtml(2023.10 . 10)
[54] Alex Danchev and Liddell Hart's Great Ideas, International Studies Review (1999), 25, 29-48.
[55] 吳慕強,簡評中共對臺問題運用—從薄富爾「間接戰略」檢視,第41卷,第2期,第34-45頁,2022。
[56] Corn, T., “From Mars to Minerva: Clausewitz, Liddell Hart, and the Two Western Ways of War”. Small Wars Journal, Vol. 21, 2011.
[57] 王政,「美國情報外包的實踐與問題之研究」,《安全與情報研究》,第5卷,第1期,第15-16頁,2022。
[58] Friedman L., The Significance of Strategic Research for Scholars, “Texas National Security Review”: Vol. 1, No. 2, 2018.
[59] 陳郴,諾曼第戰役期間德國防衛作戰之探討,《歐美研究》中央研究院歐美研究所,第32卷,第3期,第530頁,2001。
[60] https://www.kcl.ac.uk/library/assets/archives/2012lecture.pdf (2023.10.28)
[61] https://tpl.ncl.edu.tw/NclService/pdfdownload?filePath=lV8OirTfsslWcCxIpLbUfvnJVVyS2MdW1sozshUCoVyd1zmpAPobJ5xzFjBu1X1A&imgType=Bn5s
112
H4BGpJw=&key=ChJNhkgKIWRjZ39KtIRpRISi0WI8qXcqbonJrDA_8ZoeVVU9OyINO4qBZJhLTxWd&xmlId=0004829153/(2023.10.28)
[62] 張福,程度,胡俊《戰術+技術+程序-ATT&CK框架無差別學習》,深智數位,臺北,頁1-29至1-35,2022/07/20。
[63] 北極星《遠端遙控木馬病毒程式設計:使用Python》,博碩文化有限公司,新北市,頁10.13-10.16,2018/08/23。
[64] U.S. Army FM3-05.301 (FM 33-1-1) MCRP 3-40.6A Psychological Operations Strategies, Techniques, and Procedures, Psychological Operations Association 2003, pp. 1-2.
[65] RAND Corporation, “Next Generation Chinese Psychological Warfare, Military Applications of Emerging Technologies, and Implications for the United States,” Core Principles, p. 16
[66] 郭雪真、洪陸訓,中共心理戰的研發與戰備,復興崗學報,第一頁,民96,89 期。
[67] 遲振海、汪玉軍,〈心理戰、心理武器、心理訓練〉,《解放軍健康》,2003年5月,頁5-14。
[68] 王建華編著,《資訊技術與現付戰爭》,北京國防工業出版社,2004年7月,頁85。
[69] 吳奇英資訊時付政治作戰中心理戰的運用與發展 -以美伊戰爭及兩岸資訊心理戰為例,復興崗學報,第71-94 民94,85期。
[70] 劉怡秀,穿越虛擬與現實之間:大學院校學生現實生活及網路世界的攻擊行為與相關因素之研究,碩士論文,交通大學,九十三年八月,頁31、34。
[71] 張彥偉,「職場權威關係下之言語攻擊行為研究」,碩士論文,交通大學,新竹,第44頁,2009。
[72] https://www.chinatimes.com/newspapers/20210819000386-260118?chdtv(2023.12.19)
113
[73] https://newtalk.tw/news/view/2024-03-04/910828(2024.03.20)
[74] https://www.voacantonese.com/a/lnc-rising-phishing-letters-pose-threat-to-israel-and-taiwan-20231101-cantonese-ry/7336919.html(2023.12.19)
[75] https://www.ntdtv.com.tw/b5/20211116/video/310040.html?%E9%A7%AD%E5%AE%A2%E5%AF%84%E4%BB%BF%E7%9C%9F%E9%9B%BB%E5%AD%90%E9%83%B5%E4%BB%B6%E9%87%A3%E9%AD%9A%20%E4%BC%81%E5%9C%96%E9%A8%99%E5%8F%96%E6%94%BF%E5%BA%9C%E6%A9%9F%E9%97%9C%E5%B8%B3%E5%AF%86(2023.12.19)
[76] https://thehackernews.com/2023/12/chinese-hackers-using-sugargh0st-rat-to.html(2023.12.20)
[77] https://maritime-executive.com/article/south-korea-s-shipbuilders-attacked-by-hackers-from-north-korea-warns-nis(2023.12.20)
[78] https://www.reuters.com/world/north-korean-hackers-target-us-south-korea-military-drills-police-say-2023-08-20/(2023.12.20)
[79] https://www.bbc.com/news/stories-57520169(2023.12.20)
[80] https://tass.com/economy/1490703?utm_source=google.com&utm_medium=organic&utm_campaign=google.com&utm_referrer=google.com(2023.12.20)
[81] https://therecord.media/pakistan-india-cyber-espionage-meta-bahamut-patchwork(2023.12.20)
[82] https://www.ft.com/content/5c32261c-b1a6-488e-9002-0ca9e0c8ff1b(2023.12.20)
[83] https://news.cts.com.tw/cts/life/200405/200405270144878.html#google_vignette(2023.12.19)
[84] https://www.cna.com.tw/news/acn/201710130139.aspx(2023.12.09)
[85] https://game.ettoday.net/article/1496534.htm#ixzz8LSE98X9q(2023.12.10)
114
[86] 黃興進、呂卓勳、張宜群、游騰保,「臺灣銀行業導入行動銀行,關鍵影響因素之多重個案研究」,Vol.13資訊管理研究, 頁4,2013。
[87] 萬文隆,深度訪談在質性研究中的應用,生活科技教育月刊,37卷,第4期,2004年,第17頁。
[88] Pamela B. Rutledge, Jerri Lynn C. Hogg, “In‐Depth Interviews,” pp. 1-7, 2020.
[89] 丁瑋伶,「以深度訪談法探討客房服務之標準作業流」,碩士論文,亞洲大學,臺中,第26-30頁,2016
[90] https://www.sunnyswa.org.tw/12345/189-%E6%96%87%E7%8D%BB%E5%88%86%E6%9E%90%E6%B3%95%EF%BC%88document-analysis%EF%BC%89/,(2023.10 . 10).
[91] 陳志洪,「江澤民時期中共黨軍關係之研究」,碩士論文,中山大學,高雄,第6頁,2002。
[92] Sushi Jajodia, VS Subrahmanian, VipinSwarup, CliffWang, InternetSpoofing, Book subtitle Building a Scientific Foundation,Springer International Publishing Switzerland,pp44-48,2016
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊