中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/83973
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78937/78937 (100%)
Visitors : 39425440      Online Users : 461
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/83973


    Title: TPSH: A Mechanism to Transform a Productive System to a Honeypot
    Authors: 石明裕;Shih, Ming-Yu
    Contributors: 資訊工程學系
    Keywords: Snort;蜜罐;虛擬機遷移;Snort;Honeypot;VM Migration
    Date: 2020-07-23
    Issue Date: 2020-09-02 17:48:38 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 傳統上,企業大多採取防火牆、入侵偵測系統和防毒軟體這一類的被動式防禦,這些防禦措施通常是仰賴既有的規則,針對已知的攻擊型態進行防禦,如果遇到從未出現過的新型態攻擊,這些防禦就會形同虛設一般。

      蜜罐(Honeypot)是近年來興起的一種主動式防禦,透過模擬一個網路服務或有漏洞的環境,吸引攻擊者來入侵,藉此收集攻擊者入侵機器的資訊。透過這些資訊,可以了解攻擊者所使用的攻擊手法,並針對現有防護中較為脆弱的部分進行補強。

      然而,現有的蜜罐卻有一些限制,例如,攻擊者可能會察覺蜜罐的存在、蜜罐收集的資訊不夠貼近真實情況、佈建無生產力的蜜罐需要消耗額外的資源等等。

      本篇論文整合了入侵偵測系統、蜜罐以及虛擬機遷移機制,將一個生產系統轉換成一個蜜罐,能夠克服上述蜜罐現有的限制。;Traditionally, enterprises have adopted passive defenses such as firewalls, intrusion detection systems and anti-virus software. These defenses usually rely on established rules to defend against known attack patterns. Faced with a new type of attack that has never appeared, these defenses will be completely useless.

      Honeypot is an active defense that has emerged in recent years. By emulating a network service or a vulnerable environment, it attracts attackers to invade, thereby collecting information about attackers invading machines. Through this information, enterprise can understand the attack methods used by attackers and strengthen the weaker parts of the existing protection.

      However, the existing honeypots have some limitations. For example, an attacker may detect the existence of honeypots, the information collected by honeypots is not close enough to the real situation, and the deployment of an unproductive honeypot requires additional resources.

      This paper integrates intrusion detection system, honeypot and virtual machine migration mechanism to transform a productive system into a honeypot, which can overcome the existing limitations of honeypots.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML161View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明