入侵威脅指標之阻擋時效研究－以IP為例

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：167

、訪客IP：3.128.197.55

姓名

鄧經業(Ching-Yeh Teng) 查詢紙本館藏

畢業系所

資訊管理學系在職專班

論文名稱

入侵威脅指標之阻擋時效研究－以IP為例
(The Research on Blocking Timeliness of Indicators of Compromise - A Case Study on IP)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

入侵威脅指標通常採用機器可讀（Machine-Readable）格式，使其可以很容易地整合至資安設備或資安監控機制之中，故為組織應用最廣之情資類型，但隨時間推移，入侵威脅指標將會變得越來越不可靠，原先遭攻擊者利用之 IP，可能會變得合法，若持續阻擋，可能會導致誤報（False Positives），然而，實務上，並沒有任何一個標準或機制，可用來判定入侵威脅指標之阻擋時效，因此，本研究以IP為例，設計一套實務上可行之自動化入侵威脅指標阻擋時效最適化模型，並進行多項實驗，找出最適解的最適化模型。本研究所設計之最適化模型，準確率高達94.4%，召回率高達97.2%，俾利於組織可利用該模型，有效排除已過阻擋時效之入侵威脅指標。
關鍵字：網路威脅情資、入侵威脅指標、有效期限、阻擋時效

摘要(英)

Indicators of Compromise (IoC) are commonly represented in machine-readable formats, making it easy to integrate them into cybersecurity devices or monitoring mechanisms. They are the most widely used type of threat intelligence in organizational applications. However, over time, IoCs can become increasingly unreliable. IP addresses that were previously used by attackers may become legitimate, and continuously blocking them could result in false positives. Unfortunately, there is currently no standard or mechanism to determine the timeliness of blocking IoCs.
Therefore, this study focuses on IP addresses and designs a practical and optimal model for blocking timeliness of IoC. Multiple experiments are conducted to find the best solution for the optimization model. The designed optimization model in this study achieves a high accuracy rate of 94.4% and a high recall rate of 97.2%. Organizations can effectively utilize this model to eliminate expired IoCs.
Keywords: Cyber Threat Intelligence, Indicators of Compromise, Expiration Date, Blocking Timeliness.

關鍵字(中)

★ 網路威脅情資
★ 入侵威脅指標
★ 有效期限
★ 阻擋時效

關鍵字(英)

★ Cyber Threat Intelligence
★ Indicators of Compromise
★ Expiration Date
★ Blocking Timeliness

論文目次

中文摘要 I
Abstract IV
誌謝 V
目錄 VI
表目錄 VIII
圖目錄 X
第一章緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 研究目的 4
1.4 論文架構 5
第二章文獻探討 6
2.1 網路威脅情資 6
2.1.1 定義 6
2.1.2 類型 7
2.1.3 來源 10
2.1.4 生命週期 13
2.2 入侵威脅指標 19
2.2.1 定義 19
2.2.2 類型 21
2.2.3 生命週期 24
2.3 評估入侵威脅指標 30
第三章系統架構與實驗設計 37
3.1 阻擋時效最適化模型設計 37
3.1.1 Hash 37
3.1.2 IP位址 38
3.2 系統架構 56
3.2.1 入侵威脅指標應用機制 57
3.2.2 資安監控機制 58
3.2.3 資安防禦機制 59
3.3 系統運作流程 60
3.4 實驗設計 61
3.4.1 資料蒐集來源與方式 62
3.4.2 實驗目的與流程 65
3.4.3 實驗結果驗證方式 67
第四章實驗結果分析 71
4.1 實驗環境 71
4.2 實驗資料 72
4.3 實驗結果 74
第五章結論 96
5.1 研究結論與貢獻 96
5.2 未來研究方向 97
參考文獻 98

表目錄
表1 戰略型與戰術型威脅情資之差異 2
表2 不同的網路威脅情資分類 7
表3 不同的網路威脅情資生命週期 14
表4 基於主機與網路的入侵威脅指標分類 23
表5 IoC應用於網路狙殺鏈不同階段之行動方針 25
表6 入侵威脅指標生命週期 27
表7 評估入侵威脅指標之相關文獻 32
表8 IP位址使用類型對應之分數 42
表9 惡意行為分類對應之分數 44
表10 Verdict分類對應之分數 48
表11 IP位址相關的惡意程式樣本時間遠近對應之分數 49
表12 IP位址阻擋時效最適化模型參數之定義 55
表13 本實驗採用之開源情資來源 63
表14 混淆矩陣 69
表15 實驗環境軟硬體規格 71
表16 實驗資料集 73
表17 實驗資料集一、二、三 73
表18 實驗結果範例 76
表19 實驗資料參數值（節錄） 79
表20 實驗資料參數值量化（節錄） 81
表21 最適化模型之權重組合 82
表22 以權重組合A計算IP之分數（節錄） 83
表23 以權重組合A~O計算IP之分數（節錄） 84
表24 VirusTotal驗證結果（節錄） 85
表25 權重組合A~O之準確率 86
表26 權重組合A~O之召回率 89
表27 最適化模型之權重組合－Domain 92
表28 實驗資料集一、二、三－Domain 93
表29 權重組合A~O之準確率－Domain 94
表30 權重組合A~O之召回率－Domain 95

圖目錄
圖1 有效期限與阻擋時效之定義 4
圖2 資料、資訊與情資的關係 6
圖3 網路威脅情資金字塔架構 8
圖4 網路威脅情資的四種類型 10
圖5 美國情報界定義的情資蒐集來源 12
圖6 三種主要的情資蒐集來源 13
圖7 SANS定義之網路威脅情資生命週期 16
圖8 MWR資安公司定義之網路威脅情資生命週期 16
圖9 兩種網路威脅情資生命週期之比較 17
圖10 網路威脅情資生命週期的六個階段 18
圖11 三種網路威脅情資生命週期之比較 19
圖12 入侵威脅指標之範例 20
圖13 IoC痛苦金字塔模型 21
圖14 網路狙殺鏈 24
圖15 OpenIOC定義之入侵威脅指標生命週期 26
圖16 HashedOut定義之入侵威脅指標生命週期 26
圖17 入侵威脅指標策劃的生命週期 28
圖18 AbuseIPDB平台畫面 40
圖19 IP位址使用類型 41
圖20 IP位址遭濫用之可信度 42
圖21 IP位址遭回報惡意行為的分類 43
圖22 AlienVault OTX平台畫面 46
圖23 IP位址遭判定為惡意的 47
圖24 IP位址傳輸檔案的惡意比率 48
圖25 IP位址相關的惡意程式樣本（otx） 49
圖26 ThreatMiner平台畫面 50
圖27 IP位址相關的惡意程式樣本（ThreatMiner）－1 51
圖28 IP位址相關的惡意程式樣本（ThreatMiner）－2 52
圖29 IBM X-Force Exchange平台 53
圖30 IP位址的風險分數 54
圖31 系統整體架構 56
圖32 入侵威脅指標應用機制 57
圖33 SOC中心之工作內容 59
圖34 系統運作流程 60
圖35 開源情資提供的IoC清單 62
圖36 Feodo Tracker開源情資源 65
圖37 Feodo Tracker提供之入侵威脅指標清單 65
圖38 實驗流程 66
圖39 VirusTotal平台畫面 68
圖40 實驗資料集示意圖 74
圖41 實驗步驟 74

參考文獻

[1] 蘇偉慶 and 林承忠, “從威脅情資分享談網路安全防禦的新趨勢,” 財金資訊季刊, no. 94, pp. 7–15, Dec. 2018.
[2] M. Clark and A. Barros, “How to Use Threat Intelligence for Security Monitoring and Incident Response,” Gart. Tech. Prof. Advice.
[3] M. Sahrom, S. Rahayu, A. Ariffin, and Y. Robiah, “An Enhancement of Cyber Threat Intelligence Framework,” J. Adv. Res. Dyn. Control Syst., vol. 10, pp. 96–104, Nov. 2018.
[4] “Joint Publication 2-0 Joint Intelligence,” US Joint Chiefs of Staff, Oct. 2013. [Online]. Available: https://irp.fas.org/doddir/dod/jp2_0.pdf
[5] I. Alsmadi, “Cyber Intelligence Analysis,” in The NICE Cyber Security Framework: Cyber Security Intelligence and Analytics, Cham: Springer International Publishing, 2019, pp. 91–134. doi: 10.1007/978-3-030-02360-7_6.
[6] D. Chismon and M. Ruks, “Threat Intelligence Collecting, Analysing, Evaluating,” MWR InfoSecurity Ltd, 2015. [Online]. Available: https://www.foo.be/docs/informations-sharing/Threat-Intelligence-Whitepaper.pdf
[7] Y. Kazato, Y. Nakagawa, and Y. Nakatani, “Improving Maliciousness Estimation of Indicator of Compromise Using Graph Convolutional Networks,” in 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC), Jan. 2020, pp. 1–7. doi: 10.1109/CCNC46108.2020.9045113.
[8] M. Bromiley, “Threat Intelligence: What It Is, and How to Use It Effectively,” SANS Institute, 2016.
[9] J. Friedman and M. Bouchard, Definitive Guide to Cyber Threat Intelligence. CyberEdge, 2015.
[10] “Understanding the Different Types of Intelligence Collection Disciplines,” Maltego Blog, Oct. 27, 2022. https://www.maltego.com/blog/understanding-the-different-types-of-intelligence-collection-disciplines/
[11] R. M. Clark, “Guide to the Study of Intelligence: Perspectives on Intelligence Collection,” AFIO Intell. J. US Intell. Stud., vol. 2, no. 20, pp. 47–53, Fall/Winter 2013.
[12] RFSID, “Improve Your Threat Intelligence Strategy with These Ideas,” Recorded Future Blog, Feb. 2016. https://www.recordedfuture.com/threat-intelligence-strategy
[13] 楊新章 and 黃怡翔, “運用公開來源文件於商業情報探勘,” presented at the 國際資訊管理研討會, 中華民國資訊管理學會, 2012.
[14] N. Veerasamy, “Cyber Threat Intelligence Exchange: A Growing Requirement,” Jun. 2017, [Online]. Available: http://hdl.handle.net/10204/9462
[15] G. Francisco Contreras Leão, “Assessment of Cyber Threats Discovered by OSINT,” Universidade de Lisboa, 2022.
[16] D. Franke, “Threat Intel Processing at Scale,” SANS Institute, Mar. 2019.
[17] “What the 6 Phases of the Threat Intelligence Lifecycle Mean for Your Team,” Recorded Future Blog, Jan. 2020. https://www.recordedfuture.com/threat-intelligence-lifecycle-phases
[18] Yuzuka, “The Threat Intelligence Lifecycle: A Definitive Guide for 2023,” Flare Blog, Nov. 2023. https://flare.systems/learn/resources/blog/threat-intelligence-lifecycle/
[19] C. Harrington, “Sharing Indicators of Compromise: An Overview of Standards and Formats,” EMC Crit. Incid. Response Cent., vol. 14, no. 5, pp. 28–42, 2013.
[20] A. Villalón-Huerta, I. Ripoll-Ripoll, and H. Marco-Gisbert, “Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise,” Electronics, vol. 11, no. 3, p. 416, 2022.
[21] C. Casey, “Indicators of Compromise: Cybersecurity’s Digital Breadcrumbs,” HashedOut Blog, Aug. 26, 2022. https://www.thesslstore.com/blog/indicators-of-compromise-cybersecuritys-digital-breadcrumbs/
[22] M. Shahi, “Tactics, Techniques and Procedures (TTPs) to Augment Cyber Threat Intelligence (CTI): A Comprehensive Study,” 2018.
[23] E. Hutchins, M. Cloppert, and R. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” Lead. Issues Inf. Warf. Secur. Res., vol. 1, Jan. 2011.
[24] D. Bianco, “The Pyramid of Pain,” Jan. 17, 2014. [Online]. Available: https://rvasec.com/slides/2014/Bianco_Pyramid%20of%20Pain.pdf
[25] M. Tatam, B. Shanmugam, S. Azam, and K. Kannoorpatti, “A Review of Threat Modelling Approaches for APT-style Attacks,” Heliyon, vol. 7, no. 1, p. e05969, Jan. 2021, doi: 10.1016/j.heliyon.2021.e05969.
[26] “The Cyber Kill Chain,” Lockheed Martin Corporation. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
[27] “The Value of Commitment Indicators in Industry,” INCIBE-CERT Blog, Aug. 03, 2018. https://www.incibe-cert.es/en/blog/value-commitment-indicators-industry
[28] “Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC,” OpenIOC, 2012.
[29] K. O’Meara and M. Gardner, “End of Life of an Indicator of Compromise (IOC),” Dragos Blog, May 31, 2022. https://www.dragos.com/blog/end-of-life-of-an-indicator-of-compromise-ioc/
[30] “2020 ICS Cybersecurity Year in Review,” Dragos, Feb. 2021. [Online]. Available: https://www.dragos.com/blog/industry-news/2020-ics-cybersecurity-year-in-review/
[31] A. Iklody, G. Wagener, A. Dulaunoy, S. Mokaddem, and C. Wagner, “Decaying Indicators of Compromise.” arXiv, Mar. 29, 2018. doi: 10.48550/arXiv.1803.11052.
[32] A. Dulaunoy, G. Wagener, A. Iklody, S. Mokaddem, and C. Wagner, “An Indicator Scoring Method for MISP Platforms,” Jun. 2018.
[33] S. Mokaddem, G. Wagener, A. Dulaunoy, and A. Iklody, “Taxonomy Driven Indicator Scoring in MISP Threat Intelligence Platforms.” arXiv, Feb. 08, 2019. doi: 10.48550/arXiv.1902.03914.
[34] “Indicators of Compromise Lifecycle Management,” Defensys Blog. https://defensys.com/blog-posts/indicators-of-compromise-lifecycle-management/
[35] C. Wagner, A. Dulaunoy, G. Wagener, and A. Iklody, “MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform,” in Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, in WISCS ’16. New York, NY, USA: Association for Computing Machinery, Oct. 2016, pp. 49–56. doi: 10.1145/2994539.2994542.
[36] “Decaying of Indicators - MISP Improved Model to Expire Indicators Based on Custom Models,” MISP Blog, Sep. 12, 2019. https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html/
[37] S. Gong, J. Cho, and C. Lee, “A Reliability Comparison Method for OSINT Validity Analysis,” IEEE Trans. Ind. Inform., vol. 14, no. 12, pp. 5428–5435, Feb. 2018, doi: 10.1109/TII.2018.2857213.
[38] “Indicators of Compromise (IOCs): How We Collect and Use Them,” SecureList by Kaspersky, Dec. 02, 2022. https://securelist.com/how-to-collect-and-use-indicators-of-compromise/108184/ (accessed Apr. 07, 2023).
[39] “IoC Management,” CheckPoint Horizon SOC Administration Guide. https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Horizon-SOC/Content/Topics-Horizon-SOC/IoC-Management.htm?TocPath=IoC%20Management%7C_____0 (accessed Apr. 09, 2023).
[40] Clark M., “A Guide to Indicator Expiration,” ThreatQuotient, Mar. 14, 2017. https://www.threatq.com/a-guide-to-indicator-expiration/ (accessed Apr. 09, 2023).
[41] “Best Practices for Optimizing Custom Indicators,” Microsoft Techcommunity, Aug. 23, 2021. https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/best-practices-for-optimizing-custom-indicators/ba-p/2670357 (accessed Apr. 09, 2023).
[42] “AbuseIPDB - IP Address Abuse Reports,” AbuseIPDB. https://www.abuseipdb.com/ (accessed Apr. 10, 2023).
[43] “Marathon Studios - Building Web Brands,” Marathon Studios, Inc. https://www.marathon-studios.com/ (accessed Apr. 10, 2023).
[44] S. N. Thanh Vu, M. Stege, P. I. El-Habr, J. Bang, and N. Dragoni, “A Survey on Botnets: Incentives, Evolution, Detection and Current Trends,” Future Internet, vol. 13, no. 8, Art. no. 8, Aug. 2021, doi: 10.3390/fi13080198.
[45] “What is a Content Delivery Network (CDN)? How do CDNs work?,” Cloudflare Blog. https://www.cloudflare.com/learning/cdn/what-is-a-cdn/ (accessed Apr. 10, 2023).
[46] “AbuseIPDB APIv2 Documentation,” AbuseIPDB. https://docs.abuseipdb.com/#configuring-fail2ban (accessed Apr. 24, 2023).
[47] “AbuseIPDB Report Categories,” AbuseIPDB. https://www.abuseipdb.com/categories (accessed Apr. 10, 2023).
[48] “What is DNS Cache Poisoning?,” Cloudflare Blog. https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ (accessed Apr. 10, 2023).
[49] “AlienVault Open Threat Exchange,” AlienVault. https://otx.alienvault.com/browse/global/pulses?include_inactive=0&sort=-modified&page=1&limit=10 (accessed Apr. 10, 2023).
[50] R. Kirk, “Threat Sharing – A Neighbourhood Watch for Security Practitioners,” Netw. Secur., vol. 2015, no. 12, pp. 5–7, Dec. 2015, doi: 10.1016/S1353-4858(15)30109-4.
[51] L. Rudman and B. Irwin, A Sharing Platform for Indicators of Compromise. 2016.
[52] “ThreatMiner - Data Mining for Threat Intelligence,” ThreatMiner.org. https://www.threatminer.org/ (accessed Apr. 10, 2023).
[53] “IBM X-Force Exchange,” IBM X-Force Exchange, Nov. 03, 2022. https://exchange.xforce.ibmcloud.com/exchange.xforce.ibmcloud.com (accessed Apr. 24, 2023).
[54] “IBM X-Force Exchange威脅情資平台在駭客上門前先一步強化安全,” iThome. https://www.ithome.com.tw/pr/124533 (accessed Apr. 24, 2023).
[55] “企業該如何掌握網路威脅情資，以有效阻擋惡意攻擊,” iThome. https://www.ithome.com.tw/tech/108544 (accessed Apr. 11, 2023).
[56] “Importing External Custom Intelligence Feeds in CLI,” CheckPoint Threat Prevention R81 Administration Guide. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics-TPG/Importing-External-Custom-Intelligence-Feeds-in-CLI.htm?tocpath=Configuring%20Advanced%20Threat%20Prevention%20Settings%7CConfiguring%20Threat%20Indicators%7CImporting%20External%20Custom%20Intelligence%20Feeds%7C_____1 (accessed Apr. 11, 2023).
[57] K. K. Watson, “Deploying Indicators of Compromise (IOCs) for Network Defense,” Feb. 2021.
[58] “Real-Time Indicator Feeds,” Center for Internet Security, CIS. https://www.cisecurity.org/ms-isac/services/real-time-indicator-feeds/ (accessed Apr. 11, 2023).
[59] “What is the Difference Between SIEM and SOC,” Mezmo. https://www.mezmo.com/learn-observability/what-is-the-difference-between-siem-and-soc (accessed Apr. 11, 2023).
[60] N. Miloslavskaya, Analysis of SIEM Systems and Their Usage in Security Operations and Security Intelligence Centers. 2018, p. 288. doi: 10.1007/978-3-319-63940-6_40.
[61] B. Leung, “Security Information and Event Management (SIEM) Evaluation Report,” 2021.
[62] “ThreatConnect SIEM Threat Intelligence Whitepaper,” ThreatConnect. Accessed: Apr. 11, 2023. [Online]. Available: https://threatconnect.com/wp-content/uploads/ThreatConnect-SIEM-Threat-Intelligence-Whitepaper.pdf
[63] “Adding Intelligence to Your SIEM: What Threat Intelligence is and why it is Important,” MicroFocus. Accessed: Apr. 11, 2023. [Online]. Available: https://www.microfocus.com/media/flyer/adding_intelligence_to_your_siem_what_threat_intelligence_is_and_why_it_is%20important_flyer.pdf
[64] “What is a Firewall?,” Forcepoint, Aug. 09, 2018. https://www.forcepoint.com/cyber-edu/firewall (accessed Apr. 11, 2023).
[65] “BlackListTotal,” BlackListTotal. https://www.blacklisttotal.com/ (accessed Apr. 12, 2023).
[66] “BlacklistTotal威脅情資平台介紹,” L7 Networks. https://www.tw.l7-networks.com/poweredbyblaclisttotal (accessed Apr. 12, 2023).
[67] “Binary Defense Threat Intelligence Feed,” Binary Defense. https://www.binarydefense.com/banlist.txt (accessed Apr. 12, 2023).
[68] “Botvrij.EU - Powered by MISP,” Botvrij.EU. https://www.botvrij.eu/ (accessed Apr. 12, 2023).
[69] D. Baglieri, “DigitalSide Threat-Intel.” Apr. 01, 2023. Accessed: Apr. 12, 2023. [Online]. Available: https://github.com/davidonzo/Threat-Intel
[70] “Feodo Tracker,” Feodo Tracker. https://feodotracker.abuse.ch/ (accessed Apr. 12, 2023).
[71] “Feodo Tracker Blocklist,” Feodo Tracker. https://feodotracker.abuse.ch/blocklist/#tos (accessed Apr. 12, 2023).
[72] C. Tsaousis, “FireHOL IP Lists, IP Blacklists, IP Reputation Feeds,” FireHOL. http://iplists.firehol.org/ (accessed Apr. 12, 2023).
[73] “FireHOL IP Lists介紹,” L7 Networks. https://kb.l7-networks.com/ (accessed Apr. 12, 2023).
[74] M. Stampar, “IPSum.” Apr. 06, 2023. Accessed: Apr. 12, 2023. [Online]. Available: https://github.com/stamparm/ipsum
[75] M. Stampar and M. Kasimov, “Maltrail - Malicious Traffic Detection System.” Dec. 2014. doi: 10.23721/100/1503924.
[76] “VirusTotal,” VirusTotal. https://www.virustotal.com/gui/home/upload (accessed Apr. 12, 2023).
[77] J. Liu et al., “TriCTI: an actionable cyber threat intelligence discovery system via trigger-enhanced neural network,” Cybersecurity, vol. 5, p. 8, Apr. 2022, doi: 10.1186/s42400-022-00110-3.
[78] “VirusTotal Multisandbox += Microsoft Sysinternals.” https://blog.virustotal.com/2021/10/virustotal-multisandbox-microsoft.html (accessed May 16, 2023).
[79] “VirusTotal support integrated into new version of Process Explorer.” https://www.virusbulletin.com/blog/2014/01/virustotal-support-integrated-new-version-process-explorer/ (accessed May 16, 2023).
[80] “Fortinet FortiSOAR v3.0.2 Connect VirusTotal.” https://docs.fortinet.com/document/fortisoar/3.0.2/virustotal/374/docs.fortinet.com/document/fortisoar/3.0.2/virustotal/374/virustotal-v3-0-2 (accessed May 16, 2023).
[81] “VirusTotal += Fortinet URL Scanner.” https://blog.virustotal.com/2013/03/virustotal-fortinet-url-scanner.html (accessed May 16, 2023).
[82] https://community.checkpoint.com/t5/user/viewprofilepage/user-id/34642, “Malware Catcher and Analyst: Virus Total and SandBlast Cooperation,” Check Point CheckMates, Apr. 02, 2021. https://community.checkpoint.com/t5/Scripts/Malware-catcher-and-analyst/td-p/115143 (accessed May 16, 2023).
[83] “VirusTotal += Check Point.” https://blog.virustotal.com/2017/03/virustotal-check-point.html (accessed May 16, 2023).
[84] “VirusTotal += Palo Alto Networks.” https://blog.virustotal.com/2017/03/virustotal-palo-alto-networks.html (accessed May 16, 2023).
[85] “CrowdStrike Virustotal Partner Integration Data Sheet,” crowdstrike.com. https://www.crowdstrike.com/resources/data-sheets/virustotal-integration/ (accessed May 16, 2023).
[86] “Confusion matrix,” Wikipedia. Apr. 07, 2023. Accessed: May 16, 2023. [Online]. Available: https://en.wikipedia.org/w/index.php?title=Confusion_matrix&oldid=1148699071
[87] “Precision and recall,” Wikipedia. Apr. 09, 2023. Accessed: May 16, 2023. [Online]. Available: https://en.wikipedia.org/w/index.php?title=Precision_and_recall&oldid=1149017180#F-measure
[88] M. Stampar, “Blackbook of Malware Domains.” May 24, 2023. Accessed: May 25, 2023. [Online]. Available: https://github.com/stamparm/blackbook
[89] “ZoneFiles Compromised Domain Lists.” https://zonefiles.io/compromised-domain-list/ (accessed May 25, 2023).

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2023-7-24

推文