以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：64

、訪客IP：3.135.202.182

姓名	陳婉宜(Wan-yi Chen)  查詢紙本館藏	畢業系所	資訊管理學系
論文名稱	基於D-S證據理論之階層式網路安全情境察覺系統 (Hierarchical Network Security Situation Awareness System Based on D-S Evidence Theory)
相關論文	★ 應用數位版權管理機制於數位影音光碟內容保護之研究 ★ 以應用程式虛擬化技術達成企業軟體版權管理之研究 ★ 以IAX2為基礎之網頁電話架構設計 ★ 應用機器學習技術協助警察偵辦詐騙案件之研究 ★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例 ★ 網際網路半結構化資料之蒐集與整合研究 ★ 電子商務環境下網路購物幫手之研究 ★ 網路安全縱深防護機制之研究 ★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究 ★ 以樹狀關聯式架構偵測電子郵件病毒之研究 ★ 考量地區差異性之隨選視訊系統影片配置研究 ★ 不信任區域網路中數位證據保留之研究 ★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發 ★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究 ★ 一種網頁資訊擷取程式之自動化產生技術研發 ★ 應用XML/XACML於工作流程管理系統之授權管制研究
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載] 本電子論文使用權限為同意立即開放。 已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。 請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。
摘要(中)	情境察覺(Situation Awareness, SA)簡單來說就是知道現在發生什麼事並能知道如何回應，其由最初之飛航安全領域被引申用於其他動態、複雜且需要人力介入之領域中，如資訊安全領域，所以近年來網路安全情境察覺(Network Security Situation Awareness)之研究議題也逐漸受到重視。然而目前提出的網路安全情境察覺模型，仍無法提供足夠量化的安全情境或風險評估數據來幫助管理者依據當下網路狀態即時做出對的決策。因此在本論文中我們提出了階層式網路安全情境察覺系統(HNSSAS)，目的則是為了協助網管人員迅速找出網路中最弱環節，並給予合適的對策。我們首先使用D-S證據理論(D-S Evidence Theory)融合各異質網路感應器所回報警訊(Alert)之信賴值(Belief)，接著結合服務(Service)、主機(Host)本身的重要性參數，以及網路拓樸(Network Topology)，由下而上、先局部後整體去評估每個階層的安全情境。本論文最後以模擬案例的方式進行系統推演，實驗結果除了提供宏觀的系統安全情況，還提供了三種不同層次直觀的安全情境評估數值，有助於管理者適切地調整系統安全策略，而提高網路整體安全性能。
摘要(英)	Situation Awareness is simply “knowing what is going on so you can figure out what to do”. The term was first used by U.S. Air Force (USAF) fighter aircrew and was considered to be essential for those who are responsible for being in control of complex, dynamic systems and high-risk situations. In recent years, Network Security Situation Awareness is a hot research in the domain of information security. However, present-day cyberspace situation awareness model is unable to provide useful security situation or risk estimation for administrators, or to help administrators to make right and timely decisions based on current state of the network security. A Hierarchical Network Security Situation Awareness System in this paper helps administrator to find out the Achilles’’ heel fast and deal with by suitable way. First using D-S Evidence Theory to fuse alert believes from multi-sensors. According to the network topology and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The simulation results show that this model can provide the intuitive security threat status in three hierarchies, so that system administrators are freed from tedious analysis tasks to have overall security status of the entire system. It is possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security.
關鍵字(中)	★ D-S證據理論 ★ 情境察覺 ★ 網路安全 ★ 階層式風險評估	關鍵字(英)	★ Network Security ★ Hierarchical Risk Assessment ★ Situation Awareness ★ D-S Evidence Theory
論文目次	中文摘要 i 英文摘要 ii 目錄 iii 圖目錄 v 表目錄 vi 一、 緒論 1 1-1 研究背景 1 1-2 研究動機與目的 3 1-3 研究假設、研究流程及主要成果 4 1-4 章節架構 5 二、 相關研究 7 2-1 網路安全情境察覺(Network Security Situational Awareness) 7 2-2 D-S 證據理論(D-S Evidence Theory) 8 2-3 階層式風險評估(Hierarchical Treat Evaluation Model) 10 三、 階層式網路安全情境察覺系統 12 3-1 系統設計考量 12 3-2 系統架構 12 3-2-1 知識庫及回饋(Knowledge Base and Feedback) 17 3-3 模型比較 21 3-4 研究限制 26 四、 案例模擬分析 27 五、 結論 32 5-1 研究結論 32 5-2 研究貢獻 32 5-3 未來研究方向 33 參考文獻 35
參考文獻	[1] CERT/CC Statistics 1988-2006, Hhttp://www.cert.org/stats/H, Accessed on March 16, 2007. [2] Cuppens, F. and Miège, A., “Alert correlation in a cooperative intrusion detection framework,” IEEE Symp. on Security and Privacy. Oakland, Dec. 2002. [3] 台灣賽門鐵克：管理企業內的資安事端(Security Incidents)。2008年6月取自HTUhttp://www.symantec.com/region/tw/enterprise/article/security_incidents.html#what_if_notUTH。 [4] Bass, T., “Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems,” Invited Paper 1999 IRIS National Symposium on Sensor and Data Fusion, pp.24-27, May 1999. [5] 凌羣電腦蔡坤家，SYSCOM SIM(Security Information Management)，HTUhttp://download.microsoft.com/download/5/3/7/5372d49c-fbee-4cb4-84b0-03a7b93b262f/6-2004MgmtDay_Syscom-SIM.pptUTH，Accessed on Jan 10, 2007. [6] Bass, T. and Robichaux, R., “Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations,” Proceedings of IEEE Military Communications Conference, vol.1, pp.64-70, 2001. [7] Hu Wei, Li Jianhua and Shi Jianjun, “A Novel Approach to Cyberspace Security Situation Based on the Vulnerabilities Analysis,” Proceedings of the 6th World Congress on Intelligent Control and Automation, June 2006. [8] Zhang Yong, Tan Xiaobin and Xi Hongsheng, “A Novel Approach to Network Security Situation Awareness Based on Multi-perspective Analysis,” IEEE 2007 International Conference on Computational Intelligence and Security, 2007. [9] Chen XZ, Zheng QH and Guan XH et al., “Quantitative hierarchical threat evaluation model for network security,” Journal of Software, Vol.17, No.4, pp.885-897, April 2006, http://www.jos.org.cn/1000-9825/17/885.htm, Accessed on Jun 2008. [10] Lai Jibao, Wang Huiqiang, and Zhu Liang, “Study of Network Security Situation Awareness Model Based on Simple Additive Weight and Grey Theory,” 2006. [11] Bass, T., “Intrusion Detection Systems and Multisensor Data Fusion,” Communications of the ACM, Vol. 43, No. 4, April 2000. [12] Wang Huiqiang, Lai Jibao, and Ying Liang, “Network Security Situation Awareness Based on Heterogeneous Multi-Sensor Data Fusion and Neural Network,” Second International Multisymposium on Computer and Computational Sciences, 2007. [13] 陳學毅，「匯率預測模型績效之研究—時間序列及灰色預測之模型應用」，東海大學，碩士論文，民國93年。 [14] Mei Haibin, Gong Jian and, Ding Yong et al., “Multi-feature correlation redundance elimination of intrusion event,” 東南大學學報(自然科學学版), 2005年03期, Accessed on http://scholar.ilib.cn/A-dndxxb200503010.html [15] Hu Wei, Li Jianhua and Gao Qiang, “Intrusion Detection Engine Based on Dempster-Shafer's Theory of Evidence,” Communications, Circuits and Systems Proceedings, IEEE 2006. [16] Liu Mixi, Yu Dongmei and Zhang Qiuyu et al., “Network Security Situation Assessment Based on Data Fusion,” 2008 Workshop on Knowledge Discovery and Data Mining, 2008. [17] Endsley, M., “Design and evaluation for situation awareness enhancement,” In Proceedings of the Human Factors Society 32nd Annual Meeting, Human Factors Society, pp. 97-101, 1988. [18] Endsley, M., “Toward a theory of situation awareness in dynamic systems,” Human Factors, Vol. 37, No.1, pp.32-64, 2005. [19] David L. Hall, McMullen & Sonya A. H., Mathematical Techniques in Multisensor Data Fusion, Artech House, Boston, 2004. [20] Clement, V., Giraudon, G., Houzelle, S. and Sandakly, F., “Interpretation of Remotely Sensed Images in a Context of Multisensor Fusion Using a Multispecialist Architecture,” IEEE Transactions on Geoscience and Remote Sensing, VOL. 31, No. 4, JULY 1993. [21] 游靖芬，「應用於網路安全情境察覺系統之警訊衝突解析模型」，國立中央大學，碩士論文，民國96年。 [22] Yu Dong and Frincke, D., “Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory,” 43rd ACM Southeast Conference, March 18-20, 2005. [23] Sentz, K. and Ferson, S., “Combination of Evidence in Dempster-Shafer Theory,” SAND 2002-0835, Unlimited Release, April 2002. [24] Tian Junfeng, Zhao Weidong and Du Ruizhong, D-S Evidence Theory and Its Data Fusion Application in Intrusion Detection, Springer Berlin, Heidelberg, 2006. [25] Mei Haibin and Gong Jian, “Intrusion Alert Correlation Based On D-S Evidence Theory,” Communications and Networking in China, Second International Conference on IEEE, 2007. [26] DoD Directive 3600.1, "Information Operations", December 1996, http://www.defenselink.mil/, Accessed on Jul 2008. [27] Snort Intrusions, http://www.whitehats.com/info/, Accessed on Jul 2008. [28] Snort Rules, http://www.snort.org/rules, Accessed on Jul 2008. [29] Analysis Console for Intrusions Detection, http://www.cert.org/kb/acid, Accessed on Jul 2008. [30] 李勁頤，陳奕明，「利用分散式入侵偵測與回應系統防治網蟲之入侵」，全國計算機會議2001(NCS 2001)，F156 ~ F166 頁，民國90 年12 月。 [31] 賴俊豪，「以支援向量機技術偵測微軟作業系統中非授權使用之研究」，國立中央大學，碩士論文，民國96年。 [32] 施文富，「基於漸進式隱藏馬可夫模型與Windows系統呼叫之可調適性異常入侵偵測方法」，國立中央大學，碩士論文，民國96年。
指導教授	陳奕明(Yi-ming Chen)	審核日期	2008-7-14
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare