中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/93201
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 42802848      在线人数 : 905
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/93201


    题名: 入侵威脅指標之阻擋時效研究-以IP為例;The Research on Blocking Timeliness of Indicators of Compromise - A Case Study on IP
    作者: 鄧經業;Teng, Ching-Yeh
    贡献者: 資訊管理學系在職專班
    关键词: 網路威脅情資;入侵威脅指標;有效期限;阻擋時效;Cyber Threat Intelligence;Indicators of Compromise;Expiration Date;Blocking Timeliness
    日期: 2023-07-24
    上传时间: 2024-09-19 16:47:32 (UTC+8)
    出版者: 國立中央大學
    摘要: 入侵威脅指標通常採用機器可讀(Machine-Readable)格式,使其可以很容易地整合至資安設備或資安監控機制之中,故為組織應用最廣之情資類型,但隨時間推移,入侵威脅指標將會變得越來越不可靠,原先遭攻擊者利用之 IP,可能會變得合法,若持續阻擋,可能會導致誤報(False Positives),然而,實務上,並沒有任何一個標準或機制,可用來判定入侵威脅指標之阻擋時效,因此,本研究以IP為例,設計一套實務上可行之自動化入侵威脅指標阻擋時效最適化模型,並進行多項實驗,找出最適解的最適化模型。本研究所設計之最適化模型,準確率高達94.4%,召回率高達97.2%,俾利於組織可利用該模型,有效排除已過阻擋時效之入侵威脅指標。
    關鍵字:網路威脅情資、入侵威脅指標、有效期限、阻擋時效
    ;Indicators of Compromise (IoC) are commonly represented in machine-readable formats, making it easy to integrate them into cybersecurity devices or monitoring mechanisms. They are the most widely used type of threat intelligence in organizational applications. However, over time, IoCs can become increasingly unreliable. IP addresses that were previously used by attackers may become legitimate, and continuously blocking them could result in false positives. Unfortunately, there is currently no standard or mechanism to determine the timeliness of blocking IoCs.
    Therefore, this study focuses on IP addresses and designs a practical and optimal model for blocking timeliness of IoC. Multiple experiments are conducted to find the best solution for the optimization model. The designed optimization model in this study achieves a high accuracy rate of 94.4% and a high recall rate of 97.2%. Organizations can effectively utilize this model to eliminate expired IoCs.
    Keywords: Cyber Threat Intelligence, Indicators of Compromise, Expiration Date, Blocking Timeliness.
    显示于类别:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML19检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明