中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/93201
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42804380      Online Users : 1060
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/93201


    Title: 入侵威脅指標之阻擋時效研究-以IP為例;The Research on Blocking Timeliness of Indicators of Compromise - A Case Study on IP
    Authors: 鄧經業;Teng, Ching-Yeh
    Contributors: 資訊管理學系在職專班
    Keywords: 網路威脅情資;入侵威脅指標;有效期限;阻擋時效;Cyber Threat Intelligence;Indicators of Compromise;Expiration Date;Blocking Timeliness
    Date: 2023-07-24
    Issue Date: 2024-09-19 16:47:32 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 入侵威脅指標通常採用機器可讀(Machine-Readable)格式,使其可以很容易地整合至資安設備或資安監控機制之中,故為組織應用最廣之情資類型,但隨時間推移,入侵威脅指標將會變得越來越不可靠,原先遭攻擊者利用之 IP,可能會變得合法,若持續阻擋,可能會導致誤報(False Positives),然而,實務上,並沒有任何一個標準或機制,可用來判定入侵威脅指標之阻擋時效,因此,本研究以IP為例,設計一套實務上可行之自動化入侵威脅指標阻擋時效最適化模型,並進行多項實驗,找出最適解的最適化模型。本研究所設計之最適化模型,準確率高達94.4%,召回率高達97.2%,俾利於組織可利用該模型,有效排除已過阻擋時效之入侵威脅指標。
    關鍵字:網路威脅情資、入侵威脅指標、有效期限、阻擋時效
    ;Indicators of Compromise (IoC) are commonly represented in machine-readable formats, making it easy to integrate them into cybersecurity devices or monitoring mechanisms. They are the most widely used type of threat intelligence in organizational applications. However, over time, IoCs can become increasingly unreliable. IP addresses that were previously used by attackers may become legitimate, and continuously blocking them could result in false positives. Unfortunately, there is currently no standard or mechanism to determine the timeliness of blocking IoCs.
    Therefore, this study focuses on IP addresses and designs a practical and optimal model for blocking timeliness of IoC. Multiple experiments are conducted to find the best solution for the optimization model. The designed optimization model in this study achieves a high accuracy rate of 94.4% and a high recall rate of 97.2%. Organizations can effectively utilize this model to eliminate expired IoCs.
    Keywords: Cyber Threat Intelligence, Indicators of Compromise, Expiration Date, Blocking Timeliness.
    Appears in Collections:[Executive Master of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML19View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明