中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/77631
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41662636      線上人數 : 2003
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77631


    題名: 特權帳號登入行為即時分析系統之實證研究;An Empirical Study on the Instant Analysis System of Privileged Account Login Behavior
    作者: 潘嘉良;Pan, Chia-Liang
    貢獻者: 資訊管理學系在職專班
    關鍵詞: 資訊安全;特權帳號;日誌;SIEM;關聯規則;風險評估;information security;privileged accounts;logs;SIEM;correlation rules;risk assessment
    日期: 2018-07-24
    上傳時間: 2018-08-31 14:50:49 (UTC+8)
    出版者: 國立中央大學
    摘要: 摘要
    隨著網際網路的普及,網路攻擊入侵的事件也層出不窮,因而造成社會、企業組織及大眾的困擾與恐懼。而持續演進的攻擊手法,對於組織所造成的損失也越趨嚴重。然而許多入侵活動與特權帳號管理息息相關,特權帳號若被盜用則易造成組織的內部威脅。因此對特權帳號進行妥善管理是必需的,對於其使用行為亦須加以監控,以避免異常使用行為的發生而對企業組織造成傷害。
    本研究以某組織的特權帳號管理機制為研究對象,透過強化其「特權帳號管理」作業模式,並結合「資安事件管理平台系統 ( SIEM )」的紀錄管理及即時告警之功能,探討如何透過系統整合建立一套工具,對特權帳號使用行為能有效即時監控各種登入行為樣態,且具有即時自動告警機制,針對特權帳號異常登入行為發生時能即時通知管理人員,使其可在第一時間掌握情況並採取因應策略,以避免或減少入侵行為對於企業組織的危害。
    本研究以常見之特權帳號登入成功行為之樣態種類,建立了十二種樣態組合之關聯分析規則,可供SIEM作為前述異常行為檢核之用,並經測試驗證此十二項規則皆能有效即時偵測特權帳號異常登入行為,因此運用於企業組織將強化其防禦能力,當遭遇到資訊安全攻擊時能透過本研究之即時監測機制早期發現,並快速因應以大幅降低損失及傷害。;Abstract
    With the rise in popularity of the Internet, the events of cyber attacks have also emerged endlessly, causing troubles and fears of society, enterprise organizations and the public. The continually evolving attack methods have also caused the losses of the organization to become more serious. However, many intrusions are related to privileged account management. If a privileged account is stolen, it is likely to cause internal threats to the organization. Therefore, proper management of privileged accounts is necessary. It is also need to monitor the usage behavior of their privileged accounts to avoid damage to the organization caused by abnormal use.
    This study is based on an organization′s privileged account management mechanism. It strengthens its "privileged account management" operation mode and combines the functions of the " security information and event management (SIEM) " records and logs management and instant alarms to explore how to through the system integration to establish a mechanism for effective monitoring and real-time analysis of various privileged account login behaviors, and have an automatic alert function. When an abnormal login behavior occurs, the privileged account administrator can be notified immediately, so that the administrator can grasp the situation and take countermeasures in the first time to avoid or reduce the harm of the intrusion to the organization.
    Through the common privileged account login success behavior type, the correlation rules of twelve patterns are developed, which can be used by SIEM as the aforementioned abnormal behavior check in this study. It has been tested and verified that these twelve correlation rules can instantly detect abnormal login behavior of privileged accounts, so the application to enterprise organizations will strengthen their immediate defense capabilities. When an organization encounters information security attacks, it can achieve early detection through the instant monitoring mechanism of this research, and quickly respond to significantly reduce losses and injuries.
    顯示於類別:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML268檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明