具隱私防護與分析能力之網路封包酬載轉換機制研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：46

、訪客IP：18.188.224.177

姓名

曾俊豪(Chun-Hao Tzeng) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

具隱私防護與分析能力之網路封包酬載轉換機制研究
(On Payload Transformation Mechanism with Privacy-Preserving and Packet Analysis Capability)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

近年來隨著網際網路的快速普及，網路攻擊與入侵日益增加。為了防治這多且複雜的網路攻擊，大範圍防禦概念越來越受重視。在此架構下，資訊分享者會將自己收集到的資安警訊或封包資訊分享給各方的資安系統，去進行分析、判斷，了解目前有哪些網路威脅，快速有效的防範網路攻擊。無論如何，封包酬載中會有許多資訊分享者的個人隱私資訊，若此資料被不法人士取得，後果將不堪設想，因此需要對封包酬載做隱私防護。目前對封包酬載做隱私防護之研究主要為哥倫比亞大學提出的Anagram，系統產生的酬載特徵具有惡意碼特徵比對之能力，但此方法缺點是對於短的惡意酬載碼，其特徵比對效果不佳，且系統的門檻值設定也會影響偵測結果。
本研究提出一套封包酬載轉換機制: G-D酬載轉換法。此方法以酬載碼所對應的群組與碼間的差值去對封包酬載進行編碼轉換，其產生的編碼酬載具不可逆的特性，所以不法者無法從編碼酬載中得知分享者原始酬載資訊,且編碼後的酬載也保有原始酬載特徵，能比對找出惡意酬載。最後本研究提出一隱私防護指標去衡量G-D酬載轉換法，讓分享者了解所設定的編碼參數是否為最佳化。

摘要(英)

The emergence of the internet has provided convenient way to exchange information, but many cybercrime incidents and network attacks has been discovered. In order to prevent from numerous and complicated network attacks, defending against a large scale attacks become more popular. In this architecture, individual organizations from anywhere would collect alerts or packets to share with SOC.
However, packet payload has a lot of privacy information about corporations, we need to protect payload content. Anagram enables privacy-preserving payload sharing by using Bloom Filters. Generated payload signature still keep malicious signature, researcher can find anomalous payload, but Anagram has a poor detection rate when it detects short malicious signature and adjusting threshold is very difficult.
We propose a payload transformative method: Group-Difference payload transformation. It would calculate groups and differences of payload character to encode the payload. Produced code is irreversible, attackers cannot get the original payload content. Produced code still keep signature of original payload, researcher can find malicious payload from produced code. Finally, we propose a privacy-preserving indicator to evaluate Group-Distance payload transformation, user can understand whether encode parameters are optimization or not.

關鍵字(中)

★ 隱私防護
★ 酬載分享
★ 酬載編碼
★ 資訊安全營運管理中心
★ 酬載隱私

關鍵字(英)

★ payload privacy
★ SOC
★ payload transformation
★ payload sharing
★ privacy preserving

論文目次

中文摘要I
英文摘要II
目錄III
圖目錄V
表目錄VII
第一章緒論1
1.1 研究背景1
1.2 研究動機5
1.3 研究目的7
1.4 章節架構8
第二章相關研究9
2.1封包分享之隱私防護方法9
2.1.1美國德州大學之封包匿名研究10
2.2警訊分享之隱私防護方法13
2.2.1 Partial K-Anonymity14
2.2.2北卡州立大學的警訊關聯計畫17
2.2.3 Pseudo/CoRe18
2.3 警訊酬載分享之隱私防護方法21
2.3.1哥倫比亞大學的PAYL系統 21
2.3.2 Anagram酬載隱私防護方法22
第三章具隱私防護與分析能力之封包酬載轉換機制25
3.1 利用G-D酬載轉換法之封包酬載分享架構25
3.2 G-D酬載轉換法26
3.3 G-D酬載轉換法之問題27
3.4 G-D酬載轉換法問題之解決 29
3.4 G-D酬載轉換法隱私防護程度指標32
3.4.1群組和轉換區間大小的選定32
3.4.2 G-D酬載轉換法隱私防護程度指標33
第四章實驗與分析36
4.1實驗架構和流程36
4.2實驗結果和分析38
第五章結論與未來研究44
5-1研究結論與貢獻44
5-2 未來研究45
參考文獻46

參考文獻

中文參考文獻：
[林昶志 2008]林昶志，具隱私防護與關聯能力之資安警訊轉換機制研究，國立中央大學資訊管理學系碩士論文，2008。
[陳威宇 2005]陳威宇，安全管理營運中心中警訊整合與關聯呈現之研究與實作，國立成功大學電腦與通信工程研究所碩士論文，2005。
[翁興國 2004]翁興國，「資訊安全營運中心之事件關聯處理的根本問題分析」，2004 網際網路安全工程研討會論文集，台北，2004。
[樊國楨 2006]樊國楨、林樹國、歐崇明，資安監控中心之終極目標：資訊分享與分析中心初探，資通安全分析專論T95002，http://ics.stpi.org.tw/Treatise/doc/17.pdf，2006。
英文參考文獻：
[BBB 2008] Martin Burkhart, Daniela Brauckhoff, Elisa Boschi, “The risk-utility tradeoff for IP address truncation,” Conference on Computer and Communications Security , Proceedings of the 1st ACM workshop on Network data anonymization, 2008.
[BLOO 1970] Bloom, B.H., “Space/time trade-offs in Hash Coding with Allowable Errors,” Communications of the ACM, 1970. 13(7): p. 422-426.
[CTB 2006] T. Cover, J. Thomas, M. Burns, “ Elements of Information Theory,” Wiley Series in Telecommunications and Signal Processing, 2006.
[CWK 2008] S. E. Coull, C. V. Wright, A. D. Keromytis et al., “ Taming the Devil: Techniques for Evaluating Anonymized Network Data,” In NDSS ’08:
15th Annual Network and Distributed System Security Symposium,2008.
[DAPP 1999] MIT Lincoln Laboratory - DARPA Intrusion Detection Evaluation Data Sets, http://www.ll.mit.edu/IST/ideval/data/data_index.html,1999
[DEFC] DEFCON® Hacking Conference, http://www.defcon.org/.
[DSC 2002] C. Dıaz, B. Seys, J. Claessens, “Towards Measuring Anonymity ,” In Proceedings of Privacy Enhacing Technologies, pages 54–68, 2002.
[FLEG 2007] Ulrich Flegel, “Privacy-Respecting Intrusion detection,” volume 35 in Advances in Information Security, Springer, Page(s):62.107.325, 2007 .
[FMB 2008] Amer Farroukh, Nabil Mukadam, Elie Bassil,
“Distributed and Collaborative Intrusion Detection Systems ,“ American University of Beirut, 2008
[GBB 2007] Abdoul Karim Ganame, Julien Bourgeois, Renaud Bidou, “A Global Security Architecture for Intrusion Detection on Computer Networks,” Universit de Franche Comt, 2007.
[KDL 2006] O. Kolesnikov, D. Dagon, W. Lee, “Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic,” in USENIX Security Symposium. 2006, 2006.
[KING 2008] Justin King, "A Taxonomy, Model, and Method for Secure Network Log Anonymization," Master's Thesis, University of Illinois at Urbana-Champaign, Apr., 2008.
[LHF 2000] Richard Lippmann, Joshua W. Haines, David J. Fried, “The 1999 DARPA Off-Line Intrusion Detection Evaluation,” Computer Networks, Vol. 34, No. 4, page(s): 579-595, 2000.
[LPS 2004] Patrick Lincoln, Phillip Porras, Vitaly Shmatikov, “Privacy-Preserving Sharing and Correlation of Security Alerts," in 13th USENIX Security Symposium, 2004.
[LS 2007] Grigorios Loukides, Jianhua Shao, “Capturing Data Usefulness and Privacy Protection in K-Anonymisation,” SAC07, March 11-15, 2007.
[NCS 2002] Peng Ning, Yun Cui, Douglas S. Reeves, “Constructing Attack Scenarios through Correlation of Intrusion Alerts," in Proceedings of the 9th ACM Conference on Computer & Communications Security, page(s):245--254, November 2002.
[NZ 2007] Yi Niu, Quanju Zhang, “Security Operation Center Based on Immune System,“ Computational Intelligence and Security Workshops, Page(s):97-103, 2007.
[PAP 2006] Ruoming Pangy, Mark Allmanz, Vern Paxson “The Devil and Packet Trace Anonymization,” SIGCOMM Computer Communication Review, Volume 36 Issue 1, 2006.
[PWS 2006] Janak J. Parekh, Ke Wang, Salvatore J. Stolfo, “Privacy-Preserving Payload-Based Correlation for Accurate Malicious Traffic Detection,” Department of Computer Science, Columbia University, 2006.
[RCMT 2008] Bruno Ribeiro, Weifeng Chen, Gerome Miklau, Don Towsley, “Analyzing Privacy in Enterprise Packet Trace Anonymization,” In Proceedings of the 15 th Network and Distributed Systems Security Symposium, 2008.
[RW 2007] Ramaswamy Ramaswamy, Tilman Wolf, “High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems,” IEEE/ACM transactions on NETWORKING, VOL. 15, NO. 1, 2007.
[SB 2008] Francoise Sailhan, Julien Bourgeois, “Log-based Distributed Intrusion Detection for Hybrid Networks,” Proceedings of the 4th annual workshop on Cyber security and information intelligence research, Vol. 288, 2008.
[SHMO] Shmoo Group, http://cctf.shmoo.com.
[SNOR] SNORT IDS homepage, http://snort.org.
[SLL 2006] A. Slagell, K. Lakkaraju, K. Luo, “FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs," 20th USENIX Large Installation System Administration Conference, 2006.
[SS 1998] P. Samarati, L. Sweeney, “Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression,” SRI Technical Report SRICSL-98-04, 1998.
[SW 2005] A. Slagell, W. Yurcik, “Sharing Computer Network Logs for Security and Privacy: A Motivation for New Methodologies of Anonymization," SECOVAL: The Workshop on the Value of Security through Collaboration, Athens, Greece, Sep., 2005.
[SWEE 2002] L. Sweeney, “k-anonymity: A model for protecting privacy.” International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 2002.
[SWEE 2002] L. Sweeney, “Achieving k-anonymity privacy protection using generalization and suppression,” International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 2002.
[SYMA 2009] Internet Security Threat Report,
http://www.symantec.com/business/theme.jsp?themeid=threatreport, 2009.
[TMI 2007] Keisuke Takemori, Yutaka Miyake, Chie Ishida, “A SOC Framework for ISP Federation and Attack Forecast by Learning Propagation Patterns ,” Intelligence and Security Informatics, 2007 IEEE , page(s): 172-179, 2007.
[WCS 2006] Ke Wang, Gabriela Cretu, Salvatore J. Stolfo, “Anomalous Payload-based Worm Detection and Signature Generation,” Computer Science Department, Columbia University, 2006.
[WFMB 2003] Yu-Sung Wu, Bingrui Foo, Yongguo Mei, Saurabh Bagchi, “Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS,” 19th Annual Computer Security Applications Conference December 8-12, 2003.
[WFWP 2007] Raymond ChiWing Wong, Ada WaiChee Fu, Ke Wang, Jian Pei, “Minimality attack in privacy preserving data publishing,” Proceedings of the 33rd international conference on Very large data bases, page(s) 543-554, 2007.
[WLFW 2006] Raymond Chi-Wing Wong, Jiuyong Li, Ada Wai-Chee Fu, Ke Wang, “(α,k)-Anonymity: An Enhanced-Anonymity Model for Privacy-Preserving Data Publishing,” KDD’06, 2006.
[WPS 2006] Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, “Anagram: A Content Anomaly Detector Resistant to Mimicry Attack”, Computer Science Department, Columbia University, http://www1.cs.columbia.edu/ids/publications/anagram-camera-fixed.pdf , 2006.
[WS 2004] K. Wang, S. Stolfo, “Anomalous payload-based network intrusion detection,” In Recent Advances in Intrusion Detection, RAID 2004.
[XFA 2007] Jun Xu, Jinliang Fan, Mostafa H. Ammar, “High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems,” IEEE/ACM Transactions on Networking, Volume 15, 2007.
[XN 2005] Dingbang Xu, Peng Ning, “Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach,” Annual Computer Security Applications Conference, 2005.
[XN 2006] Dingbang Xu and Peng Ning, “A Flexible Approach to Intrusion Alert Anonymization and Correlation,” Securecomm and Workshops, page(s): 1-10 , 2006.
[XWW 2006] Jian Xu, Wei Wang, Xiaoyuan Wang, “UtilityBased Anonymization for Privacy Preservation with Less Information Loss,” 12th ACM SIGKDD, 2006.
[YWH 2007] William Yurcik, Clay Woolam, and Greg Hellings, “Toward Trusted Sharing of Network Packet traces Using Anonymization,” University of Texas at Dallas, 2007.
[ZYN 2005] Sheng Zhong, Zhiqiang Yang, Rebecca N.Wright, “Privacy Enhancing k-Anonymization of Customer Data,” Principles of Database Systems , 2005.

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2009-7-21

推文