可調適符合資安隱私政策之大範圍網路警訊分享機制

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：57

、訪客IP：3.14.141.62

姓名

陳玉佩(Yu-Pei Chen) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

可調適符合資安隱私政策之大範圍網路警訊分享機制
(Adjust Able for Privacy of Information Security Policies Consistent with a Wide Range of Network Alert Sharing Mechanism)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

企業組織以異質資安設備架構出大範圍網路聯合防禦網，藉由區域聯合防禦方式，能提供聯合防禦網中的成員獲取充足威脅預警資訊。將公司內部產生的資安警訊送給資訊安全營運管理中心（Security Operation Center，以下簡稱SOC）處理，但警訊難免會暗藏一些公司內部網路資訊及敏感隱私內容，使得企業組織不願意和外界分享內部資安設備所偵測的警訊，為了避免被惡意者取得企業組織機密資訊，造成商譽或資產損害。然而每家企業的資安政策不同，所要求的隱私保護程度也不同，依據分享者不同的隱私保護需求前提下，如何提供一個可隨企業資訊安全政策不同而具彈性調整的警訊分享機制，更能兼顧警訊隱私保護與警訊關聯分析之間取得平衡，成為一個很重要的安全議題。
針對此議題，本論文探討對資安警訊封包標頭做模糊化隱私保護處理，進而評估警訊封包經處理後影響因素，包括警訊封包IP位址模糊化轉換區間大小與警訊關聯性，警訊封包隱私保護與原始警訊封包資訊的資訊含量（entropy）變化關係，以及警訊封包模糊化後的警訊關聯能力。本論文透過將原始警訊封包的IP位址資訊模糊化來計算警訊封包經隱私保護後的資訊含量，再由SOC警訊關聯分析。本論文提供以量化指標讓企業依據資訊安全政策可彈性調整其警訊內容隱私防護程度，藉以達到隱私保護與警訊關聯正確性之間的最佳平衡。

摘要(英)

Companies and Organizations usually structure the large-scale joint defense network by information security devices. Through joint regional defense, the network can provide members sufficient threat warning information. In companies, the information security alerts are sent to Security Operation Center (SOC), but there are some internal network information and sensitive privacy content in the alerts. Taking the alerts into consideration, companies and Organizations would not prefer to share the warning of internal information security. Therefore, they can avoid malicious person to obtain confidential information of organization or result in damage to goodwill or assets.
However, not only information security policy but also requested level of privacy protection is different from each company. In addition to protect the information privacy, we also want to provide companies a sharing mechanism which is changeable to information security policy. A balance in the trade between privacy protection and warning association analysis becomes a significant issue people concern.
For this issue, this thesis discusses processing of fuzzy information privacy protection on the packet header and the factors of assessing the alert packets. The factors include the fuzzy conversion region of IP address, warning Relevance, information content changes between privacy protection of warning packet and original warning packet information (entropy), and the capability of warning packet after fuzzy.
In this thesis, there are two steps in the purposed method. First, calculate the information of warning packet. Use IP address of the original warning packet and get the information after fuzzy to calculate. Second, analyze correlation of SOC. Also, we provide the quantitative standard for companies to change the level of privacy protection. Finally, it will achieve optimal condition between privacy protection and accuracy of warning relevance.

關鍵字(中)

★ 資訊安全政策
★ 資訊含量
★ 資訊安全營運管理中心
★ 隱私保護
★ 警訊關聯

關鍵字(英)

★ alert correlation
★ entropy
★ privacy preserving
★ security policy
★ security operations center

論文目次

中文摘要---------------------------------------------I
英文摘要---------------------------------------------II
目錄-------------------------------------------------V
圖目錄-----------------------------------------------VII
表目錄-----------------------------------------------IX
第一章緒論-----------------------------------------1
1.1 研究背景--------------------------------------2
1.2 研究動機與目的--------------------------------5
1.3 研究貢獻--------------------------------------8
1.4 章節架構--------------------------------------9
第二章相關研究-------------------------------------10
2.1 資訊安全隱私政策------------------------------10
2.2 大範圍網路聯合防禦----------------------------13
2.3 警訊隱私保護方法------------------------------14
2.4 警訊關聯--------------------------------------17
2.5 小結------------------------------------------18
第三章可調適符合資訊安全隱私政策之警訊分享機制-----20
3.1 研究限制與考量--------------------------------20
3.2 警訊封包隱私保護具關聯能力分享架構------------21
3.3 警訊封包IP位址模糊化轉換區間方法--------------23
3.4 評估警訊模糊化後之資訊含量 (Entropy)----------23
3.5 警訊經模糊化後之關聯--------------------------27
第四章實驗結果分析---------------------------------30
4.1 實驗架構和流程--------------------------------30
4.2 模擬攻擊警訊----------------------------------32
4.3 實驗分析--------------------------------------34
第五章結論與未來研究-------------------------------44
5-1 研究結論與貢獻--------------------------------44
5-2 未來研究--------------------------------------46
參考文獻 47

參考文獻

中文參考文獻：
[余俊賢 2010] 余俊賢，「後個資法時代之Log安全稽核記錄管理」，資安人雜誌No.69 Page(s): 88–91, May/June 2010。
[微軟 2010] 台灣微軟，「新版個資法上路，企業 IT 機不可失」，2010。 http://download.microsoft.com/download/5/4/C/54CC1721-F3F6-4F79-8221-52428FB27669/PrivacyIssue_0520.pdf
[曾俊豪 2009] 曾俊豪、陳奕明，「具隱私防護與分析能力之網路封包酬載轉換機制」，台灣網際網路研討會 (TANET)，2009。
[蘇漢君 2009] 蘇漢君，「小型資通安全營運中心聯防系統之研究與應」，資訊管理學術與實務研討會，2009。
[林昶志 2008] 林昶志，「具隱私防護與關聯能力之資安警訊轉換機制研究」，國立中央大學資訊管理學系碩士論文，2008。
[郭木興2008] 郭木興、陳良駒、張志豪、楊誌瑋，「動態資訊安全聯防架構之最適決策研究」，資訊、科技與社會學報，2008。
[徐國鈞 2008] 徐國鈞、羅豐彬、郭建麟，「探討組織如何落實ISO 27001-以網路入侵衍生危安事件為例」，台灣網際網路研討會 (TANET)，2008。
[樊國楨 2006] 樊國楨、林樹國、歐崇明，「資安監控中心之終極目標：資訊分享與分析中心初探」，資通安全分析專論T95002，2006。
[郭香吟 2006] 郭香吟，「自風險管理觀點探討資安監控中心建置契約之研究」，國立清華大學科技法律研究所碩士論文，2006。
[陳志安2000] 陳志安，「以屬性導向歸納法挖掘資料異常之研究」，國立中央大學資訊管理學系碩士論文，2000。
英文參考文獻：
[ALJ 2008] Almgren, M. , Lindqvist, U. and Jonsson, E. , “A multi-sensor model to improve automated attack detection,” in Proceedings of the 11th international symposium on recent advances in intrusion detection, Page(s):291–310, 2008.
[BBB 2008] Burkhart, M. , Brauckhoff, D. and Boschi, E. , “The risk-utility tradeoff for IP address truncation,” Conference on Computer and Communications Security, Proceedings of the 1st ACM workshop on Network data anonymization, 2008.
[CLF 2003] Cheung, S. , Lindqvist, U. and Fong, M. W. , “Modeling Multistep Cyber Attacks for Scenario Recognition,” DARPA Information Survivability Conference and Exposition (DISCEX III), 2003.
[CM 2002] Cuppens, F. and Miège, A. , “Alert Correlation in a Cooperative Intrusion Detection Framework,” IEEE Symposium on Research in Security and Privacy, 2002.
[CUPP 2001] Cuppens, F. , “Managing alerts in a multi-intrusion detection environment,” in Proceedings of the 17th annual computer security applications conference (ACSAC) , Page(s):22–31, 2001.
[CVE] Common Vulnerability and Exposure, “National Vulnerability Database,” 2010. http://web.nvd.nist.gov/view/vuln/statistics-results?cid=2
[CWKMR 2008] Coull, S. E. , Wright, C. V. , Keromytis, A. D. , Monrose, F. and Reiter, M. K. , “Taming the Devil: Techniques for Evaluating Anonymized Network Data,” in Proceedings of the 15th Annual Network and Distributed System Security Symposium, 2008.
[DW 2001] Debar, H. and Wespi, A. , “Aggregation and correlation of intrusiondetection alerts,” in Proceedings of the 4th international symposium on recent advances in intrusion detection (RAID), Page(s):85–103, 2001.
[FLEG 2007] Flegel, U. , “Privacy-Respecting Intrusion detection,” volume 35 in Advances in Information Security, Springer, Page(s):62.107.325, 2007 .
[FMB 2008] Farroukh, A. , Mukadam, N. and Bassil, E. , “Distributed and Collaborative Intrusion Detection Systems,” American University of Beirut, 2008
[GBB 2007] Ganame, A. K. , Bourgeois, J. and Bidou, R. , “A Global Security Architecture for Intrusion Detection on Computer Networks,” Universit de Franche Comt, 2007.
[JULI 2001] Julisch, K. , “Mining alarm clusters to improve alarm handling efficiency,” in Proceedings of the 17th annual computer security applications conference (ACSAC) , Page(s): 12–21, 2001.
[KING 2008] King, J. , “A Taxonomy, Model, and Method for Secure Network Log Anonymization,” Master's Thesis, University of Illinois at Urbana-Champaign, Apr., 2008.
[LPS 2004] Lincoln, P. , Porras, P. and Shmatikov, V. , “Privacy-Preserving Sharing and Correlation of Security Alerts,” in 13th USENIX Security Symposium, 2004.
[LS 2007] Loukides, G. and Shao, J. , “Capturing Data Usefulness and Privacy Protection in K-Anonymisation,” SAC07, March 11-15, 2007.
[NCR 2002] Ning, P. , Cui, Y. and Reeves, D. S. , “Constructing Attack Scenarios through Correlation of Intrusion Alerts,” in Proceedings of the 9th ACM Conference on Computer & Communications Security, page(s):245-254, November 2002.
[NZ 2007] Niu, Y. and Zhang, Q. , “Security Operation Center Based on Immune System,” Computational Intelligence and Security Workshops, Page(s):97-103, 2007.
[QIN 2005] Qin, X. , “A probabilistic-based framework for infosec alert correlation,” Ph. D. dissertation, Atlanta, GA, USA: Georgia, Institute of Technology, 2005.
[QUIN 1986] Quinlan, J. R. , “Induction of Decision Trees,” Machine learning, Vol. 1, Page(s):81-106, 1986.
[RC 2001] Dain, O. and Cunningham, R. , “Fusing a heterogeneous alert stream into scenarios,” in Proceedings of the 2001 ACM workshop on data mining for security applications, Page(s):1–13, 2001.
[RCMT 2008] Ribeiro, B. , Chen, W. , Miklau, G. and Towsley, D. , “Analyzing Privacy in Enterprise Packet Trace Anonymization,” in Proceedings of the 15 th Network and Distributed Systems Security Symposium, 2008.
[RW 2007] Ramaswamy, R. and Wolf, T. , “High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems,” IEEE/ACM transactions on NETWORKING, VOL.15, NO.1, 2007.
[SS 1998] Samarati, P. and Sweeney, L. , “Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression,” SRI Technical Report SRICSL-98-04, 1998.
[STAN 2002] Staniford, S. , “Practical automated detection of stealthy portscans,” Journal of Computer Security, Page(s):105–36, 2002.
[SWEE 2002] Sweeney, L. , “k-anonymity: A model for protecting privacy,” International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 2002.
[SYMA 2010] Symantec Corporation, “Symantec Global Internet Security Threat Report,” 2010.http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf
[TMI 2007] Takemori, K. , Miyake, Y. and Ishida, C. , “A SOC Framework for ISP Federation and Attack Forecast by Learning Propagation Patterns,” Intelligence and Security Informatics, 2007 IEEE , page(s): 172-179, 2007.
[VK 2001] Valdes, A. and Skinner, K. , “Probabilistic alert correlation,” in Proceedings of the 4th international symposium on recent advances in intrusion detection (RAID), Page(s):54–68, 2001.
[WLFW 2006] Chi-Wing Wong, R. , Li, J. , Wai-Chee Fu, A. and Wang, K. , “(α,k)-Anonymity: An Enhanced-Anonymity Model for Privacy-Preserving Data Publishing,” KDD’06, 2006.
[XFA 2007] Xu, J. , Fan, J. and Ammar, M. H. , “High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems,” IEEE/ACM Transactions on Networking, Volume 15, 2007.
[XKHRZ 2004] Xie, Y. , Kim, H. , Hallaron, D. O. , Reiter, M. and Zhang, H. , “Seurat: a pointillist approach to anomaly detection,” in Proceedings of the 7th international symposium on Recent Advances in Intrusion Detection (RAID), Page(s): 238–57, 2004.
[XN 2005] Xu, D. and Ning, P. , “Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach,” Annual Computer Security Applications Conference, 2005.
[XN 2006] Xu, D. and Ning, P. , “A Flexible Approach to Intrusion Alert Anonymization and Correlation,” Securecomm and Workshops, Page(s): 1-10, 2006.
[XWW 2006] Xu, J. , Wang, W. and Wang, X. , “UtilityBased Anonymization for Privacy Preservation with Less Information Loss,” 12th ACM SIGKDD, 2006.
[YZ 2008] Yu, S. and Zhou, W. , “Entropy-Based Collaborative Detection of DDOS Attacks on Community Networks,” Sixth Annual IEEE, 2008.
[ZG 2006] Zhu, B. and Ghorbani, A. A. , “Alert Correlation for Extracting Attack Strategies,” International Journal of Network Security, Vol. 3, No. 3, Page(s):244-258, Nov. 2006.
[ZLK 2010] Zhou, C. V. , Leckie, C. and Karunasekera, S. , “A survey of coordinated attacks and collaborative intrusion detection,” Computers & Security, 2010.
[ZLK 2009] Zhou, C. V. , Leckie, C. and Karunasekera, “Collaborative detection of fast flux phishing domains,” Journal of Networks, Page(s): 75–84, 2009.
[ZYW 2005] Zhong, S. , Yang, Z. and Wright, R. N. , “Privacy Enhancing k-Anonymization of Customer Data,” Principles of Database Systems, 2005.

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2010-7-21

推文