運用大數據處理APT攻擊之研究

文化大學機構典藏 CCUR > 理工學院 > 工學院 > 資訊工程學系 > 博碩士論文 > Item 987654321/30169

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/30169

题名:	運用大數據處理APT攻擊之研究 The Study of Use Big Data Analysis System Detecting APT Attack
作者:	陳威宏 Chen, Wei-Hung
贡献者:	資訊安全產業碩士專班
关键词:	進階持續性滲透攻擊大數據 Splunk 資料探勘決策樹 APT Big Data Splunk Data Mining Decision Tree
日期:	2015-06
上传时间:	2015-08-13 10:41:44 (UTC+8)
摘要:	進階持續性滲透攻擊(也稱為APT)是一種在不透露自己本身下，緩慢且安靜的偷偷的連接系統得到資訊的網路攻擊。APT經常使用各種攻擊方法來獲得未經授權的系統存取，然後在整個網路中逐漸蔓延。跟傳統攻擊不同的是，它們不用於中斷服務，主要是為了竊取知識財產，敏感的內部業務資訊和法律文件或其它資料。如果系統已被攻擊成功，及時發現以減輕其影響，並進一步禁止APT擴散是很重要的。　　為提早發現APT威脅所在，本研究提出一偵測機制，運用大數據(Big Data)使用Splunk分析，再使用資料探勘技術，找出惡意的IP位置。經過實驗結果比較，決策樹是做為預測模型的最佳演算法，且在有預測模型下，偵測率提高至99%。最後本研究建立一警示機制，可達到即時偵測APT威脅的效果。 An advanced persistent threat (also known as APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. If an attack on a system is successful, timely detection is of paramount importance to mitigate its impact and prohibit APTs from further spreading. For the early detection APT threat, this study proposes a detection mechanism, using Big Data and Splunk analysis, then using data mining techniques to find malicious IP position. Through the experimental results, decision tree algorithm is used as the best prediction model, and in the predictive model, the detection rate increased to 99%. Finally, This study established an alert system, can achieve real-time threat detection APT effect.
显示于类别:	[資訊工程學系] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	408	检视/开启

检视Licence

在CCUR中所有的数据项都受到原著作权保护.

数据加载中.....