| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊管理學系在職專班 | zh_TW |
| DC.creator | 黃獻毅 | zh_TW |
| DC.creator | Hsien-I Huang | en_US |
| dc.date.accessioned | 2021-7-28T07:39:07Z | |
| dc.date.available | 2021-7-28T07:39:07Z | |
| dc.date.issued | 2021 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=108453026 | |
| dc.contributor.department | 資訊管理學系在職專班 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 資訊安全多年來一直是國內外資安人員重視的一項課題。隨著科技的發展快速,新的技術及解決方案不斷的出現,駭客攻擊手段逐年的精進。過往駭客多為個人行為,大部分僅是為展現技術,透過惡意軟體或簡單的程序癱瘓使用者主機系統。2008年隨著比特幣的出現,地下匿名交易開始流行,各類型的攻擊型態勢也趨向集團化及經濟化。透過APT類型攻擊來增加駭客集團收益,攻擊者目標不再只是癱瘓單一主機展現技術。例如,釋放勒索軟體對目標的重要資料文件進行加密,藉著受害者付錢了事的心態來增加駭客的收益,甚至攻擊金融機構影響其交易,造成受害者重大損失。
本研究結合現行商用流量分析平台 (Network Secure Analytics) 並針對SMB協定 (Server Message Block) 協定偵測部分進行外加模組,透過模組進一步發現疑似遭受該類型攻擊的主機並進行較精準針對SMB漏洞進行落點掃描。目前大部分企業發生該類型的攻擊時會採取以下對應方式。第一種方式為直接對企業內部所有設備進行弱點掃描來了解該類型SMB漏洞是否存在。第二為針對企業內部所導入的相關資訊安全設備,SOC戰情中心搜集到的LOG進行交叉比對,藉此找出疑似遭受攻擊的用戶端設備。以上兩種方式雖然可以全面在企業內部進行,但該兩種方式在執行上相當曠日費時且投入的人力及技術成本較高,精準度也不佳。在確認痛點後,本研究設計一式SMB流量分析模組系統,即是篩選流量找出高風險使用SMB流量端點。該研究貢獻企業整合流量分析平台後,可精準找出SMB流量之用戶並可進一步確保其電腦是否存在該類型相關漏洞以降低威脅損害。 | zh_TW |
| dc.description.abstract | Information security is an important issue for many enterprises, public sector, finance and commercial. As the technology go so fast, new product and solution go to market continually. The tools which hacker use is also update very often. In the past attacking behavior is doing personally. Most of them just want to show their muscle. Recently, hacking activity change to teamwork and economical after the bitcoin appeared in the word. APT attack such as ransomware is becoming popular. This thesis focuses on selecting high SMB vulnerability endpoints by Netflow and network behavior and doing vulnerability scanning on those users who is in high risky. Most of enterprise do vulnerability scanning and the log from other security solutions such as SOC, NGFW when they would like to check if they have SMB risky exist in their environment. Although this way can help them find the threaten end user, it needs to put so many resources and time. They cannot get the real time result. With a view to offload security admin’s loading, we purpose using SMB_Gate which is a Netflow base module and help them find the high SMB risk endpoint. By integrating with commercial Netflow platform, this solution can help IT admin find the high SMB risk endpoint more efficient and they do vulnerability scan on the accurate endpoint. | en_US |
| DC.subject | SMB | zh_TW |
| DC.subject | 弱點掃描 | zh_TW |
| DC.subject | 網路流量分析 | zh_TW |
| DC.subject | 勒索軟體 | zh_TW |
| DC.subject | APT防護 | zh_TW |
| DC.subject | SMB | en_US |
| DC.subject | Vulnerability Scanning | en_US |
| DC.subject | Ransomware | en_US |
| DC.subject | APT | en_US |
| DC.subject | Cyber security | en_US |
| DC.title | 基於網路流量篩選判定SMB漏洞造成之威脅研究 | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | On The Study of Netflow Filtering for Assessing the Threats of SMB Attacks | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |