文化大學機構典藏 CCUR:Item 987654321/30169
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 47249/51115 (92%)
Visitors : 14210187      Online Users : 707
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://irlib.pccu.edu.tw/handle/987654321/30169


    Title: 運用大數據處理APT攻擊之研究
    The Study of Use Big Data Analysis System Detecting APT Attack
    Authors: 陳威宏
    Chen, Wei-Hung
    Contributors: 資訊安全產業碩士專班
    Keywords: 進階持續性滲透攻擊
    大數據
    Splunk
    資料探勘
    決策樹
    APT
    Big Data
    Splunk
    Data Mining
    Decision Tree
    Date: 2015-06
    Issue Date: 2015-08-13 10:41:44 (UTC+8)
    Abstract: 進階持續性滲透攻擊(也稱為APT)是一種在不透露自己本身下,緩慢且安靜的偷偷的連接系統得到資訊的網路攻擊。APT經常使用各種攻擊方法來獲得未經授權的系統存取,然後在整個網路中逐漸蔓延。跟傳統攻擊不同的是,它們不用於中斷服務,主要是為了竊取知識財產,敏感的內部業務資訊和法律文件或其它資料。如果系統已被攻擊成功,及時發現以減輕其影響,並進一步禁止APT擴散是很重要的。
      為提早發現APT威脅所在,本研究提出一偵測機制,運用大數據(Big Data)使用Splunk分析,再使用資料探勘技術,找出惡意的IP位置。經過實驗結果比較,決策樹是做為預測模型的最佳演算法,且在有預測模型下,偵測率提高至99%。最後本研究建立一警示機制,可達到即時偵測APT威脅的效果。
    An advanced persistent threat (also known as APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. If an attack on a system is successful, timely detection is of paramount importance to mitigate its impact and prohibit APTs from further spreading.
    For the early detection APT threat, this study proposes a detection mechanism, using Big Data and Splunk analysis, then using data mining techniques to find malicious IP position. Through the experimental results, decision tree algorithm is used as the best prediction model, and in the predictive model, the detection rate increased to 99%. Finally, This study established an alert system, can achieve real-time threat detection APT effect.
    Appears in Collections:[Department of Computer Science and Information Engineering] thesis

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML408View/Open


    View Licence

    All items in CCUR are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback