中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/84076
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78818/78818 (100%)
Visitors : 34485404      Online Users : 853
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/84076


    Title: 企業資訊安全防護:網路封包蒐集分析與網路行為之探索性研究
    Authors: 陳裕炎;Chen, Yu-Yen
    Contributors: 資訊管理學系在職專班
    Keywords: 資訊安全;開源軟體;機器學習;information security;open source software;machine learning
    Date: 2020-07-20
    Issue Date: 2020-09-02 18:01:38 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 惡意程式是指我們最常聽到的電腦病毒、蠕蟲、木馬病毒、間諜軟體、惡意廣告、瀏覽器綁架、後門程式以及近幾年最常聽到且造成重大危害的勒索軟體等,而這些惡意程式的產出原因無非都是有利可圖,從散佈惡意程式後從中獲取有利之資訊,或是進行破壞或是綁架等行為,因此擁有廣大商業資料及金流的企業就一定會是駭客攻擊的首要目標。
    近幾年來企業的資訊安全威脅除了外部的惡意程式入侵外,最嚴重的還有內部員工的監守自盜以及供應廠商有意或無意的資料外流行為,這些往往都會造成企業利益大受影響,甚至會失去市場競爭力,而這些行為防不勝防,一般的資安軟體大多只朝向惡意程式的偵測及防範,極少數能監控企業網路內部的網路行為。
    為了解決上述問題以及節省專業資訊安全系統導入成本,本研究朝向使用開源軟體之組合,自行蒐集企業內部網路資訊流量並作統計及分析,再搭配近幾年來最熱門的機器學習方法,使用C4.5決策樹、支援向量機、單純貝氏分類器等三種演算法來分類運算,找出企業內部網路流異常之網路行為。
    本研究中欲將網路流資料分成Warn、Critical及good等三個類別,不過由於使用特徵項目不足之因導致Warn類別不準確,但是Critical類別是卻是準確的分類出來,在實驗中顯示決策樹演算法在本研究的資料中,擁有準確度較高之結果,但是綜合起來使用單一決策樹分類法並無法真正達到預期之目標,只能大致找到重大的網路異常行為,這也意味著要達成建立真正的企業資訊安全警告系統的目標,還需加入更多的特徵標的來增強分類的準確度,也需再加入更多類型的機器學習演算法來試驗,補足各類型的分析與辨識能力,才能達到企業資訊安全防護之能力。
    ;Malware refers to Computer Viruses, Worms, Trojans, Spyware, Malicious Ads, Browser Kidnappings, and Backdoor Programs. The Ransomware that have been most frequently heard in recent years and cause major harm. The main purpose of those malware outputs is nothing more than grabbing the potential commercial profit or the competitive advantages through distributing malicious programs to users′ devices or deceive the users to execute those destructive programs that lead to the system be destructed and kidnapped. Of course, companies with vast commercial data and cash flow will certainly be the primary targets of hacker attacks.
    In recent years, besides the intrusions from the external malicious programs, the most serious threats to corporate information security are the infringement from the unlawful employees and intentional or unintentional information leaked caused by the vendors. These internal and external threats tend to greatly affect the corporate to lose their competitiveness and hard to prevent. However, most of the traditional security software that adopted in the company is only for the detection of malicious programs and the prevention of intruding actions and there is only a few software have abilities to monitor and track the users or systems behaviors within the corporate network.
    In order to solve the problems mentioned above and save the cost of implementing professional information security systems, the research aims to use combinations of open source software to collect corporate internal network traffic data for network behavior statistics and analysis. The research will identify each operation from the collected data and use the most popular machine learning method, such as C4.5 Decision tree, Support Vector Machine, and Naive Bayes classifier to classify each operation and find out the abnormal network behavior (operations combinations) in the corporate internal network.
    In this study, the operations will be divided into three categories: Warn, Critical, and Good. The operations that will be categorized as the “Warn” category are due to those operations that do not have sufficient characteristics to be classified as “Good” or “Critical” categories. Otherwise, the other operations will be classified as “Good” or “Critical” depends on the operation characteristics
    In this study, the Decision Tree calculation leads to a high accuracy result. Using a single Decision Tree classification method could not really achieve the preset goal, but only figure out the major abnormal network behavior. In order to achieve the goal of establishing a true enterprise information security alert system, we still need more operation characteristics for doing the detailed operation classification and then finally enhance the accuracy of each operation classification. Meanwhile, we could also leverage more kinds of machine learning algorithms to complement the current decision model and identify more various types of ambiguous network behaviors (operations combinations) in the corporate internal network.
    Appears in Collections:[資訊管理學系碩士在職專班 ] 博碩士論文

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML258View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明