以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：111

、訪客IP：3.145.188.41

姓名	周芷安(Jhih-An Jhou)  查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	(DCH: An Approach to Create a Dynamic Container Honeypot)
相關論文	★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm ★ Discoverer- Rootkit即時偵測系統 ★ 一項Android手機上詐騙簡訊的偵測與防禦機制 ★ SRA系統防禦ARP欺騙劫持路由器 ★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines ★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統 ★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統 ★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection ★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks ★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection ★ Shark: Phishing Information Recycling from Spam Mails ★ FFRTD: Beat Fast-Flux by Response Time Differences ★ Antivirus Software Shield against Antivirus Terminators ★ MAC-YURI : My ACcount, YoUr ResponsIbility ★ KKBB: Kernel Keylogger Bye-Bye ★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2026-6-30以後開放)
摘要(中)	近幾年雲端運算愈來愈盛行，因為其成本低、延展性高、易於維護的優點，逐漸取代傳統只能在本地操作應用程式的限制。除了虛擬化，容器也是實現雲端運算的重要技術之一，容器可以直接共享主機的作業系統，雖然方便且節省成本，但因為沒有自己獨立的作業系統，安全、隔離機制和虛擬機比，相對薄弱，也較容易成為入侵者的攻擊目標。 蜜罐是一種主動式防禦，透過模擬一個網路服務或有漏洞的環境，吸引入侵者上鈎，藉以蒐集入侵者的攻擊意圖、手法、工具等等，透過蒐集到的資訊，我們可以了解現有系統存在哪些資安問題，正面臨哪些挑戰，結合蜜罐和傳統的被動式防禦，可以更有效強化系統安全。 本論文提出容器動態變蜜罐的機制，我們設計了一個警告備份系統，加上防毒軟體、即時監控，在容器被入侵時，能動態變成一個蜜罐，盡可能保護重要的資料，另外，我們也會把連線都導到即時監控的高互動式蜜罐，不僅能蒐集更多攻擊者的資訊，也能降低受汙染的容器去攻擊其他裝置的可能性。此機制經過測試，對原本系統的效能影響甚小，它的存在可以更加完善日後的容器防禦。
摘要(英)	In recent years, cloud computing has become more and more popular because of its low cost, high scalability, and easy maintenance. It has gradually replaced the limitation that the application can only be operated locally. In addition to virtualization, containers are also one of the important technologies for cloud computing. Containers do not need to have an independent operating system and can directly share the operating system of the host. Although it is convenient and cost-effective, the security isolation mechanism is not as complete as a virtual machine and is easier become the target of intruders. Honeypot is an active defense that can attract intruders by emulating a network service or environment with flaws. Honeypots collect the intruder′s attack intentions, techniques, tools, etc., to understand what security problems exist in the existing system, what challenges the system are facing. We propose a mechanism to dynamically transform a container into a honeypot. We integrate a warning backup system, anti-virus software and real-time monitoring to bring out DCH. When the container is invaded, our mechanism can protect important data, and also redirect network to a highly interactive honeypot for real-time monitoring. After experiments, we found that our system could perform well, and the overhead introduced by our system is neglectable.
關鍵字(中)	★ 容器 ★ 防毒 ★ 備份 ★ 蜜罐	關鍵字(英)	★ Container ★ anti-virus software ★ backup ★ Honeypot
論文目次	摘要 ...... i Abstract ..... ii 致謝 ...... iii 目錄 ..... iv 圖目錄 ..... vii 表目錄 ..... viii 第 1 章緒論 ..... 1 第 2 章背景介紹 ..... 5 2.1容器 ..... 5 2.1.1 Docker ..... 6 2.2 容器之底層安全機制 ..... 8 2.2.1 命名空間 ..... 9 2.2.2 控制組 ..... 10 2.2.3 容器其他安全機制 ..... 11 第 3 章相關研究 ..... 12 3.1 Docker的保護機制 ..... 13 3.2 互動式蜜罐 ..... 14 3.2.1 高互動式蜜罐 ..... 14 3.2.2 中互動式蜜罐 ..... 15 3.2.3 低互動式蜜罐 ..... 15 第 4 章系統架構與實作 ..... 16 4.1 設計理念 ..... 16 4.2 系統架構 ..... 17 4.3 系統元件 ..... 19 4.3.1 ClamAV ..... 19 4.3.2 警告器 ..... 20 4.3.3 BFSEC ..... 20 4.3.4 Activity Monitor ..... 21 第 5 章實驗結果及分析..... 23 5.1 實驗環境 ..... 23 5.2 功能測試 ..... 23 5.3 效能測試 ..... 26 5.4 DCH 和現有蜜罐之比較 ..... 29 第 6 章討論 ..... 30 6.1 目前限制 ..... 30 6.2 未來展望 ..... 30 第 7 章總結 ..... 31 參考文獻 ..... 32
參考文獻	[1] Docker, https://www.docker.com/ , Last Accessed: June, 2020 [2] Kubernetes, https://kubernetes.io/ , Last Accessed: June, 2020 [3] Docker CVE details, https://reurl.cc/3aYdLj , Last Accessed: June, 2020 [4] Honeypot, https://www.fortinet.com/resources/cyberglossary/what-is-honeypot , Last Accessed: June, 2020 [5] Docker Overview, https://docs.docker.com/get-started/overview/ , Last Accessed: June, 2020 [6] Linux Namespace, https://man7.org/linux/manpages/man7/namespaces.7.html , Last Accessed: June, 2020 [7] Cgroups, https://man7.org/linux/man-pages/man7/cgroups.7.html , Last Accessed: June, 2020 [8] Capabilities, https://man7.org/linux/man-pages/man7/capabilities.7.html , Last Accessed: June, 2020 [9] MAC, https://www.linux.com/news/securing-linux-mandatory-access-controls/, Last Accessed: June, 2020 [10] Seccomp, https://man7.org/linux/man-pages/man2/seccomp.2.html , Last Accessed: June, 2020 [11] Volume, https://docs.docker.com/storage/volumes/ , Last Accessed: June, 2020 [12] X. Lin, L. Lei, Y. Wang, J. Jing, K. Sun, and Q. Zhou, “A measurement study on linux container security: Attacks and countermeasures,” in Proceedings of the 34thAnnual Computer Security Applications Conference, 2018 [13] F. Loukidis-Andreou, I. Giannakopoulos, K. Doka, and N. Koziris, “Docker-sec: A fully automated container security enhancement mechanism,” in 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), IEEE, 2018 [14] W. Luo, Q. Shen, Y. Xia, and Z. Wu, “Container-ima: A privacy-preserving integrity measurement architecture for containers,” in 22nd International Symposium on Research in Attacks, Intrusions and Defenses , 2019 [15] RedHat “Atomic Scan - Container Vulnerability Detection”, https://developers.redhat. com/ blog/2016/05/02/introducing-atomic-scancontainer-vulnerability-detection [16] A. Mairh, D. Barik, K. Verma, and D. Jena, “Honeypot in network security: A survey,” in Proceedings of the 2011 international conference on communication, computing & security, 2011 [17] I. Mokube and M. Adams, “Honeypots: Concepts, approaches, and challenges,”in Proceedings of the 45th annual southeast regional conference, 2007 [18] MuhammetBaykara and ResulDas, “A novel honeypot based security approach for real-time intrusion detection and prevention systems”, 2018 [19] Docker run reference - runtime privilege and linux capabilities, https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities, Last Accessed: June,2020 [20] Sysdig, https://sysdig.com/, Last Accessed: June,2020 [21] Falco, https://sysdig.com/blog/docker-falco-security/ , Last Accessed: June,2020 [22] High interaction honeypots with Sysdig and Falco, https://labs.f-secure.com/archive/high-interaction-honeypots-with-sysdig-and-falco/
指導教授	許富皓(Fu-Hau Hsu)	審核日期	2021-7-23
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare