中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/92561
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78852/78852 (100%)
Visitors : 37997326      Online Users : 798
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/92561


    Title: 基於網絡威脅情報利用加權相似度計算對APT組織進行聚類;Weighted Similarity Measurement for Clustering APT Groups through Cyber Threat Intelligence
    Authors: 陳政劭;Chen, Zheng-Shao
    Contributors: 資訊工程學系
    Keywords: 網絡威脅情報;特徵重要性;加權相似性度量;MITRE ATT&CK;Cyber threat intelligence;Feature importance;Weighted Similarity Measurement;MITRE ATT&ACK
    Date: 2023-07-24
    Issue Date: 2023-10-04 16:05:06 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 近年來,高級持續威脅(APT) 組織的激增給網絡安全專業人員帶來了
    重大挑戰。為了有效地理解這些惡意組織之間的關係和相似之處,需要一
    種全面而穩健的分析方法。在本文中,我們提出了一種新穎的加權相似性
    度量方法,該方法考慮了APT 組的各種特徵和特徵。我們的方法利用
    MITRE ATT&CK 技術和軟件、目標國家和行業等類別來捕獲每個APT 組
    的特徵。通過分析這些特徵之間的聯繫和重疊,我們可以建立一個加權相
    似度分數來量化不同APT 組之間的相似程度。該分數對於識別惡意實體
    之間的潛在關聯、子組或共享特徵至關重要。為了驗證我們的方法的有效
    性,我們進行了廣泛的實驗評估。結果表明我們的方法能夠準確評估APT
    組之間的關係。通過加權相似性度量,我們在APT 組分析和分群實現了
    更可靠和公正的決策過程。我們研究的意義在於它有可能增強對APT 組
    動態的理解並提高威脅情報能力。通過深入了解APT 組織之間的相似性
    和聯繫,並進行分群。網絡安全專業人員可以針對同一個群體的APT 組織
    製定更有針對性和更有效的策略來減輕和應對網絡威脅。;In recent years, the rise of Advanced Persistent Threat (APT) groups has posed significant challenges to cybersecurity experts. To effectively understand the relationships and similarities among these groups, a comprehensive and robust analysis approach is required. In this article, we present a novel weighted similarity measurement method that considers various features and characteristics of APT groups. Our method leverages features such as MITRE ATT&CK Techniques and Software, target countries, and industries to capture the unique aspects of each APT group. By analyzing the connections and overlaps between these features, we can establish a weighted similarity score that quantifies the degree of similarity between different APT groups. This score is crucial in identifying potential associations, subgroups, or shared characteristics among malicious entities. To validate the effectiveness of our approach, we conducted extensive experimental evaluations. The results demonstrated the ability of our method to accurately assess the relationships among APT groups. By utilizing the proposed weighted similarity measurement, we achieved more reliable and unbiased decision-making processes in the field of APT group analysis and clustering. The significance of our research lies in its potential to enhance the understanding of APT group dynamics and improve threat intelligence capabilities. By gaining insights into the similarities and connections between APT groups, cybersecurity professionals can develop more targeted and effective strategies to mitigate and respond to cyber threats.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML38View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明