中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/86601
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42696553      Online Users : 1477
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/86601


    Title: 基於網路流量篩選判定SMB漏洞造成之威脅研究;On The Study of Netflow Filtering for Assessing the Threats of SMB Attacks
    Authors: 黃獻毅;Huang, Hsien-I
    Contributors: 資訊管理學系在職專班
    Keywords: SMB;弱點掃描;網路流量分析;勒索軟體;APT防護;SMB;Vulnerability Scanning;Ransomware;APT;Cyber security
    Date: 2021-07-28
    Issue Date: 2021-12-07 13:01:00 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 資訊安全多年來一直是國內外資安人員重視的一項課題。隨著科技的發展快速,新的技術及解決方案不斷的出現,駭客攻擊手段逐年的精進。過往駭客多為個人行為,大部分僅是為展現技術,透過惡意軟體或簡單的程序癱瘓使用者主機系統。2008年隨著比特幣的出現,地下匿名交易開始流行,各類型的攻擊型態勢也趨向集團化及經濟化。透過APT類型攻擊來增加駭客集團收益,攻擊者目標不再只是癱瘓單一主機展現技術。例如,釋放勒索軟體對目標的重要資料文件進行加密,藉著受害者付錢了事的心態來增加駭客的收益,甚至攻擊金融機構影響其交易,造成受害者重大損失。
    本研究結合現行商用流量分析平台 (Network Secure Analytics) 並針對SMB協定 (Server Message Block) 協定偵測部分進行外加模組,透過模組進一步發現疑似遭受該類型攻擊的主機並進行較精準針對SMB漏洞進行落點掃描。目前大部分企業發生該類型的攻擊時會採取以下對應方式。第一種方式為直接對企業內部所有設備進行弱點掃描來了解該類型SMB漏洞是否存在。第二為針對企業內部所導入的相關資訊安全設備,SOC戰情中心搜集到的LOG進行交叉比對,藉此找出疑似遭受攻擊的用戶端設備。以上兩種方式雖然可以全面在企業內部進行,但該兩種方式在執行上相當曠日費時且投入的人力及技術成本較高,精準度也不佳。在確認痛點後,本研究設計一式SMB流量分析模組系統,即是篩選流量找出高風險使用SMB流量端點。該研究貢獻企業整合流量分析平台後,可精準找出SMB流量之用戶並可進一步確保其電腦是否存在該類型相關漏洞以降低威脅損害。
    ;Information security is an important issue for many enterprises, public sector, finance and commercial. As the technology go so fast, new product and solution go to market continually. The tools which hacker use is also update very often. In the past attacking behavior is doing personally. Most of them just want to show their muscle. Recently, hacking activity change to teamwork and economical after the bitcoin appeared in the word. APT attack such as ransomware is becoming popular. This thesis focuses on selecting high SMB vulnerability endpoints by Netflow and network behavior and doing vulnerability scanning on those users who is in high risky. Most of enterprise do vulnerability scanning and the log from other security solutions such as SOC, NGFW when they would like to check if they have SMB risky exist in their environment. Although this way can help them find the threaten end user, it needs to put so many resources and time. They cannot get the real time result. With a view to offload security admin’s loading, we purpose using SMB_Gate which is a Netflow base module and help them find the high SMB risk endpoint. By integrating with commercial Netflow platform, this solution can help IT admin find the high SMB risk endpoint more efficient and they do vulnerability scan on the accurate endpoint.
    Appears in Collections:[Executive Master of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML106View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明