 |
English
|
正體中文
|
简体中文
|
全文筆數/總筆數 : 83696/83696 (100%)
造訪人次 : 57847915
線上人數 : 4129
|
|
|
資料載入中.....
|
請使用永久網址來引用或連結此文件:
https://ir.lib.ncu.edu.tw/handle/987654321/98284
|
| 題名: | 以自動化URL與IP過濾框架改善網路威脅情資誤判之研究;Enhancing Cyber Threat Intelligence Accuracy with Automated URL and IP Filtering |
| 作者: | 施翔耀;Shih, Siang-Yao |
| 貢獻者: | 資訊管理學系 |
| 關鍵詞: | 網路威脅情資;資訊分享與分析中心;網頁過濾器;網頁分類;Cyber Threat Intelligence;Information Sharing and Analysis Center;Web Filter;Web Classification |
| 日期: | 2025-07-15 |
| 上傳時間: | 2025-10-17 12:34:56 (UTC+8) |
| 出版者: | 國立中央大學 |
| 摘要: | 隨著生成式AI與雲端服務普及,有助於企業營運效率提升,但網路犯罪者亦運用AI工具發動網路攻擊,增加企業資訊安全挑戰。若AI生成的釣魚郵件躲過郵件防護系統,可能增加使用戶點選其中的惡意連結,進而引發進階持續性威脅(APT),所以為了抵禦不斷更新的網路威脅,網路威脅情資(CTI)已是企業常見防護方法之一。
此外,資安資訊分享與分析中心(ISAC)所共享的網路威脅情資(CTI),會無意將雲端服務商共用IP列入風險名單,導致企業引用情資後,誤將合法網站一併阻擋;同時,資安廠商因資料庫廣度不足,無法有效識別出ISAC情資的風險資訊,影響APT中惡意網址的防護能力。
本研究提出一基於網路威脅情資的URL與IP過濾框架,運用次世代系統的URL過濾功能與透過ASN查詢IP資訊,聚焦於提升APT中惡意網址的偵測與降低共用IP誤擋風險,並透過ISAC情報共享提升情資品質與企業防護韌性。以B公司為例,研究整合公司資安系統與本研究框架,分析6932筆URL與200筆IP風險情資數據,結果顯示整體分類準確率達57.8%,資安廠商情資中未分類URL比例下降,顯著提升情資品質;在雲端服務共用IP的誤阻擋方面,可有效降低誤判風險。透過資安廠商比對與回報平台,框架能快速響應威脅。本研究提出的框架有效提升APT中惡意網址的防護能力,為企業提供精準的資安防護策略,應對雲端環境下的網路威脅,並提升企業資安防護韌性。
;The widespread adoption of generative AI and cloud services has significantly enhanced enterprise operational efficiency; however, cybercriminals have also leveraged AI tools to launch cyberattacks, posing increasing challenges to information security. If AI-generated phishing emails bypass email protection systems, they may lure users into clicking malicious links or phishing URLs, potentially triggering Advanced Persistent Threats (APTs).
Furthermore, the shared intelligence from the Information Sharing and Analysis Center (ISAC) often misidentifies shared IPs of cloud service providers as risks due to excessive data volume, leading to misjudgments when enterprises apply such intelligence. Meanwhile, the limited scope of security vendors′ databases hinders effective cross-referencing with ISAC intelligence, impairing the protection against malicious URLs in APTs.
This study proposes a URL and IP filtering framework based on cyber threat intelligence, utilizing the URL filtering capabilities of next-generation systems and IP-based ASN analysis to enhance the detection and defense against malicious URLs in APTs. Through ISAC intelli-gence sharing, the framework improves intelligence quality and strengthens enterprise resili-ence. Using Company B as a case study, this research integrates the company′s security system with the proposed framework to analyze 6,932 URLs and 200 IPs of suspected threat intelli-gence data. Results show an overall classification accuracy of 57.8%, a significant reduction in the proportion of uncategorized URLs in security vendors′ intelligence, markedly improving intelligence quality, and effectively reducing misjudgment risks related to shared IPs in cloud services. Leveraging security vendors′ comparison and reporting platforms, the framework en-ables rapid threat response. The proposed framework effectively enhances the defense against malicious URLs in APTs, providing enterprises with a precise cybersecurity strategy to ad-dress cyber threats in cloud environments and bolster resilience against APTs. |
| 顯示於類別: | [資訊管理研究所] 博碩士論文
|
文件中的檔案:
| 檔案 |
描述 |
大小 | 格式 | 瀏覽次數 |
|---|
| index.html | | 0Kb | HTML | 18 | 檢視/開啟 |
|
在NCUIR中所有的資料項目都受到原著作權保護.
|
::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
