中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/86513
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 41643655      在线人数 : 1202
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/86513


    题名: DCH: An Approach to Create a Dynamic Container Honeypot
    作者: 周芷安;Jhou, Jhih-An
    贡献者: 資訊工程學系
    关键词: 容器;防毒;備份;蜜罐;Container;anti-virus software;backup;Honeypot
    日期: 2021-07-23
    上传时间: 2021-12-07 12:55:17 (UTC+8)
    出版者: 國立中央大學
    摘要: 近幾年雲端運算愈來愈盛行,因為其成本低、延展性高、易於維護的優點,逐漸取代傳統只能在本地操作應用程式的限制。除了虛擬化,容器也是實現雲端運算的重要技術之一,容器可以直接共享主機的作業系統,雖然方便且節省成本,但因為沒有自己獨立的作業系統,安全、隔離機制和虛擬機比,相對薄弱,也較容易成為入侵者的攻擊目標。
    蜜罐是一種主動式防禦,透過模擬一個網路服務或有漏洞的環境,吸引入侵者上?,藉以蒐集入侵者的攻擊意圖、手法、工具等等,透過蒐集到的資訊,我們可以了解現有系統存在哪些資安問題,正面臨哪些挑戰,結合蜜罐和傳統的被動式防禦,可以更有效強化系統安全。
    本論文提出容器動態變蜜罐的機制,我們設計了一個警告備份系統,加上防毒軟體、即時監控,在容器被入侵時,能動態變成一個蜜罐,盡可能保護重要的資料,另外,我們也會把連線都導到即時監控的高互動式蜜罐,不僅能蒐集更多攻擊者的資訊,也能降低受汙染的容器去攻擊其他裝置的可能性。此機制經過測試,對原本系統的效能影響甚小,它的存在可以更加完善日後的容器防禦。
    ;In recent years, cloud computing has become more and more popular because of its low cost, high scalability, and easy maintenance. It has gradually replaced the limitation that the application can only be operated locally. In addition to virtualization, containers are also one of the important technologies for cloud computing. Containers do not need to have an independent operating system and can directly share the operating system of the host. Although it is convenient and cost-effective, the security isolation mechanism is not as complete as a virtual machine and is easier become the target of intruders.

    Honeypot is an active defense that can attract intruders by emulating a network service or environment with flaws. Honeypots collect the intruder′s attack intentions, techniques, tools, etc., to understand what security problems exist in the existing system, what challenges the system are facing.

    We propose a mechanism to dynamically transform a container into a honeypot. We integrate a warning backup system, anti-virus software and real-time monitoring to bring out DCH. When the container is invaded, our mechanism can protect important data, and also redirect network to a highly interactive honeypot for real-time monitoring. After experiments, we found that our system could perform well, and the overhead introduced by our system is neglectable.
    显示于类别:[資訊工程研究所] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML71检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明