標題: | 一個基於蠕蟲的合作式防禦系統 Collaborative Defending System for Computer Worms |
作者: | 李育松 Yu-Sung Lee 曾憲雄 Shian-Shyong Tseng 資訊科學與工程研究所 |
關鍵字: | 變異物件;知識擷取;專家系統;電腦蠕蟲;惡意程式;變種蠕蟲;Variant Objects;Knowledge Acquisition;Expert System;Computer Worms;Variant Worms |
公開日期: | 2004 |
摘要: | 隨著資訊科技不斷的演進,也伴隨著產生許多的變異物件。然而變異物件產生速度不斷的加快,專家尋找變異物件所花費的精神也越加繁重。VODKA是一個發現變異物件的知識擷取方法,可以協助找出隱藏在真實世界中的變異物件。然而隨著變異物件產生速度不斷的加快,VODKA提供的情境(Context)資訊太少,導致決策時需耗費較多的精神。因此,在本篇論文中,延伸之前的VODKA,使它能提供更多資訊輔助領域專家分析變異物件。也就是說,在本地端有些確認程度(CF)較低的變異物件即使有情境資訊的輔助,在單一台機器上並不容易辨識,容易有不確認的情況。因此,提出ㄧ個合作式的變異物件分析專家系統,藉由多台VODKA的回報資訊,系統化的分析是否有變異物件產生。而在本篇論文的應用實例中,將延伸型的VODKA應用在電腦蠕蟲這個領域,結果顯示,實作此合作式的變異蠕蟲分析專家系統,分析多台的回報資訊,可以輔助領域專家發掘本地端不易確認的複雜變異蠕蟲。 With the rapid growth of variant objects, domain experts might not be easy to keep up with the dramatically increasing knowledge. Although Variant Object Discovering Knowledge Acquisition (VODKA) is proposed to discover variant objects in our real world, it still provides insufficient context information and results in the heavy confirmation effort of domain experts. Hence, we propose extended VODKA to supply more context information for helping experts make correct decision in this thesis. However, several uncertain cases might not be discovered and learned in local environment because the context information might be not enough to determine whether it is a variant occurred in local or not. Therefore, a collaborative analysis expert system is proposed to solve those local uncertain cases according to the meta knowledge including environment factors and domain specific heuristic criteria. The construction of meta knowledge is also proposed based upon the Repertory Grid and Attributes Ordering Table to automatically generate corresponding collaborative analysis rules. Finally, the collaborative defending system for computer worms is implemented to evaluate extended VODKA. As a result, the implementation of collaborative defending system can assist domain experts to discover several sophisticated worms which can not be learned in the local environment. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT009223590 http://hdl.handle.net/11536/76641 |
顯示於類別: | 畢業論文 |