以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：128

、訪客IP：3.133.155.235

姓名	石明裕(Ming-Yu Shih)  查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	(TPSH: A Mechanism to Transform a Productive System to a Honeypot)
相關論文	★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm ★ Discoverer- Rootkit即時偵測系統 ★ 一項Android手機上詐騙簡訊的偵測與防禦機制 ★ SRA系統防禦ARP欺騙劫持路由器 ★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines ★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統 ★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統 ★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection ★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks ★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection ★ Shark: Phishing Information Recycling from Spam Mails ★ FFRTD: Beat Fast-Flux by Response Time Differences ★ Antivirus Software Shield against Antivirus Terminators ★ MAC-YURI : My ACcount, YoUr ResponsIbility ★ KKBB: Kernel Keylogger Bye-Bye ★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2025-6-30以後開放)
摘要(中)	傳統上，企業大多採取防火牆、入侵偵測系統和防毒軟體這一類的被動式防禦，這些防禦措施通常是仰賴既有的規則，針對已知的攻擊型態進行防禦，如果遇到從未出現過的新型態攻擊，這些防禦就會形同虛設一般。 　　蜜罐(Honeypot)是近年來興起的一種主動式防禦，透過模擬一個網路服務或有漏洞的環境，吸引攻擊者來入侵，藉此收集攻擊者入侵機器的資訊。透過這些資訊，可以了解攻擊者所使用的攻擊手法，並針對現有防護中較為脆弱的部分進行補強。 　　然而，現有的蜜罐卻有一些限制，例如，攻擊者可能會察覺蜜罐的存在、蜜罐收集的資訊不夠貼近真實情況、佈建無生產力的蜜罐需要消耗額外的資源等等。 　　本篇論文整合了入侵偵測系統、蜜罐以及虛擬機遷移機制，將一個生產系統轉換成一個蜜罐，能夠克服上述蜜罐現有的限制。
摘要(英)	Traditionally, enterprises have adopted passive defenses such as firewalls, intrusion detection systems and anti-virus software. These defenses usually rely on established rules to defend against known attack patterns. Faced with a new type of attack that has never appeared, these defenses will be completely useless. 　　Honeypot is an active defense that has emerged in recent years. By emulating a network service or a vulnerable environment, it attracts attackers to invade, thereby collecting information about attackers invading machines. Through this information, enterprise can understand the attack methods used by attackers and strengthen the weaker parts of the existing protection. 　　However, the existing honeypots have some limitations. For example, an attacker may detect the existence of honeypots, the information collected by honeypots is not close enough to the real situation, and the deployment of an unproductive honeypot requires additional resources. 　　This paper integrates intrusion detection system, honeypot and virtual machine migration mechanism to transform a productive system into a honeypot, which can overcome the existing limitations of honeypots.
關鍵字(中)	★ Snort ★ 蜜罐 ★ 虛擬機遷移	關鍵字(英)	★ Snort ★ Honeypot ★ VM Migration
論文目次	摘要 i Abstract ii 誌謝 iii 目錄 iv 圖目錄 vi 表目錄 vii 第 1 章 緒論 1 第 2 章 背景介紹 3 　 2.1　Snort 3 　 2.2　VM Migration 4 第 3 章 相關研究 6 　 3.1　低互動式蜜罐 8 　 3.2　高互動式蜜罐 10 第 4 章 TPSH 10 　4.1　設計原則 10 　4.2　系統架構 11 　4.3　系統元件 12 　4.3.1　Snort 架構 12 　4.3.2　Migration Controller 14 　4.3.3　Activity Monitor 15 第 5 章 實驗結果及分析 17 　 5.1　實驗環境 17 　 5.2　功能測試 17 　 5.3　效能測試 18 　 5.4　比較 19 第 6 章 討論 22 第 7 章 總結 23 參考文獻 24
參考文獻	[1] C. S. Martin Roesch. (2019). Snort, [Online]. Available: https://www.snort.org (visited on 07/22/2020). [2] E. Alata, V. Nicomette, M. Kaâniche, M. Dacier, and M. Herrb, “Lessons learned from the deployment of a high-interaction honeypot,” in 2006 Sixth European Dependable Computing Conference, IEEE, 2006, pp. 39–46. (visited on 07/22/2020). [3] A. Almutairi, D. Parish, and R. Phan, “Survey of high interaction honeypot tools: Merits and shortcomings,” in Proceedings of the 13th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting, PGNet2012. PGNet, 2012. (visited on 07/22/2020). [4] J. D. Guarnizo, A. Tambe, S. S. Bhunia, M. Ochoa, N. O. Tippenhauer, A. Shabtai, and Y. Elovici, “Siphon: Towards scalable high-interaction physical honeypots,” in Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, 2017, pp. 57–68. (visited on 07/22/2020). [5] A. Mairh, D. Barik, K. Verma, and D. Jena, “Honeypot in network security: A survey,” in Proceedings of the 2011 international conference on communication, computing & security, 2011, pp. 600–605. (visited on 07/22/2020). [6] I. Mokube and M. Adams, “Honeypots: Concepts, approaches, and challenges,” in Proceedings of the 45th annual southeast regional conference, 2007, pp. 321–326. (visited on 07/22/2020). [7] V. Nicomette, M. Kaâniche, E. Alata, and M. Herrb, “Set-up and deployment of a high-interaction honeypot: Experiment and lessons learned,” Journal in computer virology, vol. 7, no. 2, pp. 143–157, 2011. (visited on 07/22/2020). [8] S. Nithin Chandra and T. Madhuri, “Cloud security using honeypot systems,” International Journal of Scientific & Engineering Research, vol. 3, no. 3, p. 1, 2012. (visited on 07/22/2020). [9] thinkst. (2019). Opencanary, [Online]. Available: https://github.com/thinkst/opencanary (visited on 07/22/2020). [10] firnsy. (2020). Barnyard 2, [Online]. Available: https://github.com/firnsy/barnyard2 (visited on 07/22/2020). [11] Microsoft. (2019). Process monitor, [Online]. Available: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon (visited on 07/22/2020). [12] T. W. team. (2020). Wireshark, [Online]. Available: https://www.wireshark.org (visited on 07/22/2020). [13] P. H. Tom Preston-Werner Chris Wanstrath. (2008). Github, [Online]. Available: https://github.com/ (visited on 07/22/2020). [14] ytisf. (2014). Thezoo, [Online]. Available: https://github.com/ytisf/theZoo (visited on 07/22/2020). [15] (2020). Any.run, [Online]. Available: https://any.run/ (visited on 07/22/2020). [16] (2016). Cyberswachhtakendra, [Online]. Available: https://www.cyberswachhtakendra.gov.in/index.html (visited on 07/22/2020).
指導教授	許富皓(Fu-Hau Hsu)	審核日期	2020-7-23
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare