中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/13576
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41680118      Online Users : 1543
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/13576


    Title: 具隱私防護與分析能力之網路封包酬載轉換機制研究;On Payload Transformation Mechanism with Privacy-Preserving and Packet Analysis Capability
    Authors: 曾俊豪;Chun-Hao Tzeng
    Contributors: 資訊管理研究所
    Keywords: 隱私防護;酬載分享;酬載編碼;資訊安全營運管理中心;酬載隱私;payload privacy;SOC;payload transformation;payload sharing;privacy preserving
    Date: 2009-06-23
    Issue Date: 2009-09-22 15:35:20 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 近年來隨著網際網路的快速普及,網路攻擊與入侵日益增加。為了防治這多且複雜的網路攻擊,大範圍防禦概念越來越受重視。在此架構下,資訊分享者會將自己收集到的資安警訊或封包資訊分享給各方的資安系統,去進行分析、判斷,了解目前有哪些網路威脅,快速有效的防範網路攻擊。無論如何,封包酬載中會有許多資訊分享者的個人隱私資訊,若此資料被不法人士取得,後果將不堪設想,因此需要對封包酬載做隱私防護。目前對封包酬載做隱私防護之研究主要為哥倫比亞大學提出的Anagram,系統產生的酬載特徵具有惡意碼特徵比對之能力,但此方法缺點是對於短的惡意酬載碼,其特徵比對效果不佳,且系統的門檻值設定也會影響偵測結果。 本研究提出一套封包酬載轉換機制: G-D酬載轉換法。此方法以酬載碼所對應的群組與碼間的差值去對封包酬載進行編碼轉換,其產生的編碼酬載具不可逆的特性,所以不法者無法從編碼酬載中得知分享者原始酬載資訊,且編碼後的酬載也保有原始酬載特徵,能比對找出惡意酬載。最後本研究提出一隱私防護指標去衡量G-D酬載轉換法,讓分享者了解所設定的編碼參數是否為最佳化。 The emergence of the internet has provided convenient way to exchange information, but many cybercrime incidents and network attacks has been discovered. In order to prevent from numerous and complicated network attacks, defending against a large scale attacks become more popular. In this architecture, individual organizations from anywhere would collect alerts or packets to share with SOC. However, packet payload has a lot of privacy information about corporations, we need to protect payload content. Anagram enables privacy-preserving payload sharing by using Bloom Filters. Generated payload signature still keep malicious signature, researcher can find anomalous payload, but Anagram has a poor detection rate when it detects short malicious signature and adjusting threshold is very difficult. We propose a payload transformative method: Group-Difference payload transformation. It would calculate groups and differences of payload character to encode the payload. Produced code is irreversible, attackers cannot get the original payload content. Produced code still keep signature of original payload, researcher can find malicious payload from produced code. Finally, we propose a privacy-preserving indicator to evaluate Group-Distance payload transformation, user can understand whether encode parameters are optimization or not.
    Appears in Collections:[Graduate Institute of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明