中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/92561
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 78852/78852 (100%)
造訪人次 : 38000606      線上人數 : 865
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/92561


    題名: 基於網絡威脅情報利用加權相似度計算對APT組織進行聚類;Weighted Similarity Measurement for Clustering APT Groups through Cyber Threat Intelligence
    作者: 陳政劭;Chen, Zheng-Shao
    貢獻者: 資訊工程學系
    關鍵詞: 網絡威脅情報;特徵重要性;加權相似性度量;MITRE ATT&CK;Cyber threat intelligence;Feature importance;Weighted Similarity Measurement;MITRE ATT&ACK
    日期: 2023-07-24
    上傳時間: 2023-10-04 16:05:06 (UTC+8)
    出版者: 國立中央大學
    摘要: 近年來,高級持續威脅(APT) 組織的激增給網絡安全專業人員帶來了
    重大挑戰。為了有效地理解這些惡意組織之間的關係和相似之處,需要一
    種全面而穩健的分析方法。在本文中,我們提出了一種新穎的加權相似性
    度量方法,該方法考慮了APT 組的各種特徵和特徵。我們的方法利用
    MITRE ATT&CK 技術和軟件、目標國家和行業等類別來捕獲每個APT 組
    的特徵。通過分析這些特徵之間的聯繫和重疊,我們可以建立一個加權相
    似度分數來量化不同APT 組之間的相似程度。該分數對於識別惡意實體
    之間的潛在關聯、子組或共享特徵至關重要。為了驗證我們的方法的有效
    性,我們進行了廣泛的實驗評估。結果表明我們的方法能夠準確評估APT
    組之間的關係。通過加權相似性度量,我們在APT 組分析和分群實現了
    更可靠和公正的決策過程。我們研究的意義在於它有可能增強對APT 組
    動態的理解並提高威脅情報能力。通過深入了解APT 組織之間的相似性
    和聯繫,並進行分群。網絡安全專業人員可以針對同一個群體的APT 組織
    製定更有針對性和更有效的策略來減輕和應對網絡威脅。;In recent years, the rise of Advanced Persistent Threat (APT) groups has posed significant challenges to cybersecurity experts. To effectively understand the relationships and similarities among these groups, a comprehensive and robust analysis approach is required. In this article, we present a novel weighted similarity measurement method that considers various features and characteristics of APT groups. Our method leverages features such as MITRE ATT&CK Techniques and Software, target countries, and industries to capture the unique aspects of each APT group. By analyzing the connections and overlaps between these features, we can establish a weighted similarity score that quantifies the degree of similarity between different APT groups. This score is crucial in identifying potential associations, subgroups, or shared characteristics among malicious entities. To validate the effectiveness of our approach, we conducted extensive experimental evaluations. The results demonstrated the ability of our method to accurately assess the relationships among APT groups. By utilizing the proposed weighted similarity measurement, we achieved more reliable and unbiased decision-making processes in the field of APT group analysis and clustering. The significance of our research lies in its potential to enhance the understanding of APT group dynamics and improve threat intelligence capabilities. By gaining insights into the similarities and connections between APT groups, cybersecurity professionals can develop more targeted and effective strategies to mitigate and respond to cyber threats.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML38檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明