標題: | 網路誘捕系統之動態部署決策模式 The Dynamic Decision Model of Honeypot Deployment |
作者: | 王平 羅濟群 Ping Wang Chi-Chun Lo Institute of Business and Management 經營管理研究所 |
關鍵字: | 誘捕系統;網路安全;最佳部署;佈雷區;Honeypot;Network Security;Optimal Deployment;Minefield |
公開日期: | 1-四月-2009 |
摘要: | 近年來,資安組織成功運用入侵偵測系統(Intrusion Detection System, IDS),針對可疑的攻擊將其連線轉移至誘捕系統(honeypot),進行駭客或病毒的行爲觀察與分析,再將分析結果對所控管網路管理者發出警告,提供網路更堅實的保護。目前誘捕系統部署常運用「佈雷區」(minefield)的策略,透過欺敵技術,將它們散佈網路上,以誘捕駭客;但常發現資訊蒐集的效果不彰,即使部署完成,常無法吸引攻擊者前來探測,造成誘捕系統形同虛設,故如何有效選擇部署節點,以期在最短時間內蒐集最多的網路攻擊資訊,並降低被駭客反偵測的可能性,是研究誘捕系統部署決策的重要議題。本研究運用機率與網路路徑分析技術,建立一個誘捕系統的動態部署分析數學模式,改進現有靜態佈雷區策略的缺失,改善誘捕系統之部署決策品質。面對部署效果不彰的問題,本研究分析在不同等級的網路服務品質(Quality of Service, QoS)限制下,運用最低成本法以分析駭客連線的最佳路徑,進而推估誘捕系統的最佳部署節點,以提高誘捕機率。系統驗證將以NS2(Network Simulator, version2)工具模擬「隨機部署」、「最低成本部署」、「駭客擁有部份誘捕系統資訊下的部署」及「機動部署」等四種策略,由案例分析中,所提的決策模式,可有效協助網路管理者分析通訊網路中的建議部署節點及最佳部署節點。 To effectively provide an early alarm of dangers for attack events, security organizations have successfully employed Intrusion Detection System (IDS) to transfer the suspicious connections to honeypot which can capture and analyze the hacker's behavior and virus signature for years. Using the minefield strategy to deploy honeypot systems, managers place decoy systems and spread them among network nodes to trap hackers. There exists the problem that honeypot constantly cannot appeal the attention of hacker's attack if honeypot is deployed within the inappropriate zone or node. It is a crucial issue that how to effectively deploy it for accumulating large numbers of information as well as decrease the anti-detect possibilities by hackers. Hence, we develop a network-based analysis model for dynamic honeypot deployment through the use of probability theorem and traffic analysis technique to improve the limitations of way of static strategy, promote the decision quality of honeypot deployment. It discovers the best route with the minimum cost, and decides the optimal deployment node to increase the trap possibility within distinct QoS constraints. Using NS2, this model is validated by four network deployment strategies, that is, minimum-cost deployment, random deployment, Bayes-based deployment and dynamic deployment, to test its efficiency. The experimental results show that the proposed approach can effectively locate the recommended nodes and the optimal node of honeypot deployment in a communication network. |
URI: | http://hdl.handle.net/11536/107772 |
ISSN: | 1023-9863 |
期刊: | 管理與系統 Journal of Management and Systems |
Volume: | 16 |
Issue: | 2 |
起始頁: | 285 |
結束頁: | 309 |
顯示於類別: | 管理與系統 |