根據國外研究機構的資安調查,人為因素造成資安事件的比例高達6成。為了降低人為因素資安事件造成對伺服器的影響,企業與政府機關採用了跳板主機(Jump Station)管理機制強化對伺服器的存取控制,防止內部主機可以直接登入伺服器。在資安監控中心(Security Operator Center,SOC)的資安監控架構裡,資安管理服務供應商(Managed Security Service Provider,MSSP)會在客戶網路環境中擺放日誌蒐集主機,該主機被稱為前端資安設備(Front-end Security Appliance,FSA),在FSA的管理上就是採用跳板主機的管理機制。但是由於SOC管理者在登入遠端FSA時使用共用帳號,因此當多人由跳板主機登入遠端FSA時,會產生無法得知是由那個管理者帳號登入的問題,本研究稱之為帳號歸責問題(Accountability Problem)。為解決帳號歸責問題,本研究分析資安監控中心監控架構,設計出一套帳號關聯系統(Account Correlation System,ACS)。透過分析資安架構中各元件功能需求、進行系統實現並模擬資安監控架構建立測試環境,藉由蒐集跳板主機連線紀錄、防火牆流量日誌與前端主機系統稽核日誌或事件檢視器日誌,以三種日誌交叉稽核方式設計關聯規則(Correlation Rule)。當管理者透過跳板主機使用共用帳號登入遠端FSA時,ACS會記錄下跳板主機上的管理者帳號登入與其他相關資訊。經過實驗測試,測試結果成功驗證ACS可以有效解決帳號歸責問題。;According to security survey of foreign research institutions, the proportion of security incidents caused by human factors is as high as 60%. To reduce such kind of security incidents, many enterprises and government agencies control the server access with jump station to prevent internal hosts form directly logging to the server. However, as the Security Operator Center (SOC) administrators usually logging to remote Front-end Security Appliance (FSA) with a shared account, when multiple SOC administrators logging to a remote FSA from the same jump station, it will produce the accountability problem, which means we don’t know which administrator is responsible for the logon action. To solve this problem, in this thesis, we analyze the SOC monitoring framework and design an Account Correlation System (ACS). The ACS collects the jump station connection logs and firewall traffic logs and servers audit logs, and then correlates these logs according to a set of correlation rules designed in this study. Our experimental results show that the ACS can effectively solve the accountability problem in an SOC environment.