中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/13362
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 81570/81570 (100%)
造訪人次 : 47022706      線上人數 : 177
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/13362


    Title: 應用於網路安全情境察覺系統之警訊衝突解析模型;Alert Conflict Resolution Model in Network Security Situation Awareness System
    Authors: 游靖芬;Ching-fen Yu
    Contributors: 資訊管理研究所
    Keywords: 警訊衝突;權重評估;安全政策;可信度;情境察覺;安全營運中心;警訊/資料融合;Alert Weight;Alert Confidence;Situation Awareness;Security Policy;Alert Conflict;Alert/Data Fusion;Security Operation Center
    Date: 2007-06-25
    Issue Date: 2009-09-22 15:29:59 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 情境察覺(Situation Awareness, SA)簡單來說就是知道現在發生什麼事並能知道如何回應,而其觀念由最初之飛航安全領域被引申於其他動態的、複雜的及需要人力介入之情境中,近年來也在資訊安全研究的領域中興起,即網路安全情境察覺(Network Security Situation Awareness)。然而,在情境察覺概念中使用多種警訊系統來確保對外在環境的瞭解並予以回應,其中所牽涉的問題可能包括發生資訊超載(Alert Overload)以擾亂管理人員,或儘管各系統回報之狀況並沒有錯誤,但資訊依然可能發生衝突(Alert Conflict)使管理人員不知所措等,所衍生之問題同樣的也將在網路安全防護資安監控中心(Security Operation Center, SOC)中發生。因此我們提出了異質網路感應器管理服務(HNSMS),目的則是為了解析警訊的衝突。首先利用各異質網路感應器所回報警訊之可信度及其權重之衡量進行警訊融合(Alert Fusion),此外也考慮經由單一時間點之警訊融合後尚可能造成的偵測漏報問題,進一步配合安全政策,利用其它輔佐資訊再次進行警訊融合,最後以模擬案例的方式進行系統的推演,期望藉由最終警訊以了解系統/網路整體之安全狀態,舒緩警訊衝突所帶來之風險。 SA is simply “knowing what is going on so you can figure out what to do”. The term was first used by U.S. Air Force (USAF) fighter aircrew and was considered to be essential for those who are responsible for being in control of complex, dynamic systems and high-risk situations. In recent years, Network Security Situation Awareness is a hot research in the domain of information security. However, these different types of sensor for better situation awareness could result in two problems. First is the “Alert Overload”, and it could disturb the security administrators. Second is the “Alert Conflict”. Though each of these sensors did not report the wrong message, it could be happened. Therefore, these problems could occur in SOC as well. This thesis addresses these problems in SOC using a Heterogeneous Network Sensors Management Service (HNSMS) in order to solve the alert conflict. We use Alert Confidence Fusion method at first to fuse the alerts from different sensors and consider the confidence and weight of alerts in the fusion technique. Moreover, we also consider that some attack cannot be detected in a single time, so we use Fuzzy Cognitive Maps (FCM) and policy to fuse the multiple inputs. Finally, the final alerts help to improve the understanding of whole system security and allow security administrators to take appropriate responses. To summarize, HNSMS refine the alert from different sensors by means of two data fusion techniques and relieve the risk from alert conflict.
    Appears in Collections:[資訊管理研究所] 博碩士論文

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明