English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41661738      線上人數 : 1903
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/13576


    題名: 具隱私防護與分析能力之網路封包酬載轉換機制研究;On Payload Transformation Mechanism with Privacy-Preserving and Packet Analysis Capability
    作者: 曾俊豪;Chun-Hao Tzeng
    貢獻者: 資訊管理研究所
    關鍵詞: 隱私防護;酬載分享;酬載編碼;資訊安全營運管理中心;酬載隱私;payload privacy;SOC;payload transformation;payload sharing;privacy preserving
    日期: 2009-06-23
    上傳時間: 2009-09-22 15:35:20 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 近年來隨著網際網路的快速普及,網路攻擊與入侵日益增加。為了防治這多且複雜的網路攻擊,大範圍防禦概念越來越受重視。在此架構下,資訊分享者會將自己收集到的資安警訊或封包資訊分享給各方的資安系統,去進行分析、判斷,了解目前有哪些網路威脅,快速有效的防範網路攻擊。無論如何,封包酬載中會有許多資訊分享者的個人隱私資訊,若此資料被不法人士取得,後果將不堪設想,因此需要對封包酬載做隱私防護。目前對封包酬載做隱私防護之研究主要為哥倫比亞大學提出的Anagram,系統產生的酬載特徵具有惡意碼特徵比對之能力,但此方法缺點是對於短的惡意酬載碼,其特徵比對效果不佳,且系統的門檻值設定也會影響偵測結果。 本研究提出一套封包酬載轉換機制: G-D酬載轉換法。此方法以酬載碼所對應的群組與碼間的差值去對封包酬載進行編碼轉換,其產生的編碼酬載具不可逆的特性,所以不法者無法從編碼酬載中得知分享者原始酬載資訊,且編碼後的酬載也保有原始酬載特徵,能比對找出惡意酬載。最後本研究提出一隱私防護指標去衡量G-D酬載轉換法,讓分享者了解所設定的編碼參數是否為最佳化。 The emergence of the internet has provided convenient way to exchange information, but many cybercrime incidents and network attacks has been discovered. In order to prevent from numerous and complicated network attacks, defending against a large scale attacks become more popular. In this architecture, individual organizations from anywhere would collect alerts or packets to share with SOC. However, packet payload has a lot of privacy information about corporations, we need to protect payload content. Anagram enables privacy-preserving payload sharing by using Bloom Filters. Generated payload signature still keep malicious signature, researcher can find anomalous payload, but Anagram has a poor detection rate when it detects short malicious signature and adjusting threshold is very difficult. We propose a payload transformative method: Group-Difference payload transformation. It would calculate groups and differences of payload character to encode the payload. Produced code is irreversible, attackers cannot get the original payload content. Produced code still keep signature of original payload, researcher can find malicious payload from produced code. Finally, we propose a privacy-preserving indicator to evaluate Group-Distance payload transformation, user can understand whether encode parameters are optimization or not.
    顯示於類別:[資訊管理研究所] 博碩士論文

    文件中的檔案:

    檔案 大小格式瀏覽次數


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明