簡易檢索 / 詳目顯示

研究生: 郭芷綾
Chih-Ling Kuo
論文名稱: 網絡安全技術發展脈絡與產業網絡分析
The Technology Evolution of Cybersecurity and Industry Network Analysis
指導教授: 何秀青
Mei H.C. Ho
口試委員: 劉顯仲
John S. Liu
盧煜煬
Louis Y.Y Lu
陳宥杉
Yu-Shan Chen
學位類別: 碩士
Master
系所名稱: 管理學院 - 科技管理研究所
Graduate Institute of Technology Management
論文出版年: 2019
畢業學年度: 107
語文別: 中文
論文頁數: 82
中文關鍵詞: 網絡安全資訊安全主路徑分析專利分析集群分析
外文關鍵詞: Cybersecurity, Main Path Analysis, Social Network Analysis, Clustering Analysis, Patent Analysis
相關次數: 點閱:331下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 隨著科技快速發展,電腦與網路生活已經與現代人密不可分,雲端及大數據時代正在發生,連網技術也將應用於萬物中,網絡安全意識逐漸提升,成為不可忽略的議題。本研究將深入探討網絡空間中安全技術演變與應用,進一步分析技術網絡中的領導業者之策略佈局和角色地位。

    本研究使用Derwent Innovation蒐集美國地區專利資料,擷取自1975年至2018年03月中核准專利資料,共蒐集到15,972筆美國專利資料。為建構出技術之核心知識發展路徑,採用主路徑分析與集群分析,找出整體與主要子領域權重較高之引證路徑,以了解網路安全技術發展之脈絡;另一方面,本研究也建構產業中的企業連結網絡,運用網絡分析工具及統計量,藉由專利引證關係,探討產業中主導廠商以及跨國中介角色。

    研究結果發現,美國擁有72.92%專利,屬於網絡安全技術發展的核心國家。專利大多由電腦軟硬體相關的歷史悠久廠商擁有,如IBM、Microsoft;或是終端保護的軟體公司,如Symantec、Mcafee;以及網路與通訊技術為主公司,如Cisco、AT&T。根據主路徑發展,網絡安全分為四大階段,起源於早期通訊中資訊安全及電腦終端防毒技術,隨著人們透過電腦進行更多網路上溝通,衍生出更多漏洞與威脅,此時網絡安全技術除了靜態特徵碼比對,也多了動態異常偵測,最後朝向全方面防禦整合。集群分析結果得出主要六大子領域發展,除了將主路徑上通訊與電腦終端安全延伸,也發展至數位版權保護、私網技術、垃圾訊息過濾及防止釣魚模擬。產業方面,網絡安全為技術門檻高領域,發展久遠的大廠佔據許多資源,然新進公司若廣納前人技術,發展出全面性整合技術,也能佔有一席之地。此外,收購具有技術核心實力的廠商,亦為拓展網絡安全事業的廣用策略。


    With the rapid growth of technology, our life is dependent on computer and internet. Application of cloud and big data is happening today, while IoT is tomorrow world. The awareness of cybersecurity is growing more and more so that people can not ignore. This study will discuss the technical trend and applicaiton of security in cyber space. In addition, explore the strategy of leading company and the role of each assignee.

    This study collects US patents from 1975 till 2018 mid-March by using Derwent Innovation database. The total number of this study sample patents after alias is 15,972. The study establishs the core knowledge trend of cybersecurity and main subgroup with main path analysis and edge-betweenness analysis. On the other hand, the study also creates the industry network to find the leading company and different role in this domain by using social network analysis and statistic method.

    The result shows that US owns up to 72.92% patents, which indicates US has the core technology of cybersecurity. Besides, patents belong to long-lasting company whose products or services are either computer-related, such as IBM or Microsoft; or endpoint protection software like Symantec or Mcafee; or internet-related like Cisco or AT&T. According to main path analysis, cybersecurity is divided into four stages, originating from data protection in early communication technology and antivirus technology in computer. With the increase of using internet to communicate each computer, it derives more vulnerabilities and threats. Both static signature and dynamic anomaly detection come out and turn into the more versatile products. The study figures out six main subgroup of cybersecurity from the result of edge-betweenness analysis, with two of them are the extension from mainpath analysis reults, communication technology and antivirus technology, respectively. The rest of them are technology in digital rights management, virtual private network, filter for spam and phishing simulation. As for the industry part, it shows that the technical threshold is quite high so that the resources are mostly occupied by large enterprises. However, companies which enter this market late but adopt technologies from others and develop integrated products can also stay competitive. Also, acquisition is another way to obtain core technology to extend the business of cybersecurity.

    壹、緒論 1 1.1 研究背景 1 1.2 研究目的 2 1.3 論文架構 2 貳、文獻回顧 4 2.1 網絡安全定義 4 2.1.1 網絡安全字面上定義 4 2.1.2 網絡安全範疇 5 2.1.3 網絡安全組成要件 8 2.2 網絡安全產業發展 13 2.2.1 網絡犯罪演變 13 2.2.2 網絡安全市場 15 2.3 專利知識流動與社會網絡角色 17 2.3.1 專利知識流動 17 2.3.2 社會網絡角色 18 參、研究方法 21 3.1 資料來源 21 3.2 資料蒐集 21 3.3 主路徑分析 24 3.4 集群分析 26 肆、研究結果 27 4.1 描述性統計 27 4.1.1 專利成長趨勢 27 4.1.2 國家分析 28 4.1.3 專利權人分析 30 4.2 主路徑分析 32 4.2.1 階段1「資訊安全於早期通訊技術」 34 4.2.2 階段2「防毒技術的初期發展」 36 4.2.3 階段3「防毒技術的演變」 38 4.2.4 階段4「防護整合技術」 40 4.3 集群分析 43 4.3.1集群一「終端防護技術」 44 4.3.2集群二「金鑰密碼學技術發展應用」 49 4.3.3集群三「存取控制至數位版權管理」 53 4.3.4集群四「私人網路的安全機制」 57 4.3.5集群五「垃圾訊息過濾技術」 60 4.3.6集群六「網路釣魚防治技術」 64 4.3.7集群分析小結 67 4.4 專利權人知識學習與擴散 69 4.4.1 專利權人中心性及網絡地位 70 4.4.2 專利權人間關係網絡 74 4.4.3 專利權人跨國中介角色及結構洞 76 伍、結論與建議 78 5.1 網絡安全專利發展軌跡與未來趨勢 78 5.2 網絡安全六大主要領域發展與應用 79 5.3 產業網絡關係 81 5.4 研究限制與建議 82 參考文獻 83 附錄 87

    1. Alcacer, J., & Gittelman, M. (2006). Patent citations as a measure of knowledge flows: The influence of examiner citations. The Review of Economics and Statistics, 88(4), 774-779.
    2. Almeida, P., & Kogut, B. (1999). Localization of knowledge and the mobility of engineers in regional networks. Management science, 45(7), 905-917.
    3. Avizienis, A., Laprie, J.-C., Randell, B., & Landwehr, C. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE transactions on dependable and secure computing, 1(1), 11-33.
    4. Batagelj, V. (2003). Efficient algorithms for citation network analysis. arXiv preprint cs/0309023.
    5. Batagelj, V., & Mrvar, A. (1998). Pajek-program for large network analysis. Connections, 21(2), 47-57.
    6. Borgatti, S. P., Jones, C., & Everett, M. G. (1998). Network measures of social capital. Connections, 21(2), 27-36.
    7. Burt, R. S. (1992). Structural Holes: The Social Structure of Competition.
    8. Carpenter, M. P., Narin, F., & Woolf, P. (1981). Citation rates to technologically important patents. World Patent Information, 3(4), 160-163.
    9. Cavelty, M. D. (2010). Cyber-security. The Routledge Handbook of New Security Studies, 154-162.
    10. Collins English Dictionary & Thesaurus. (Ed.) (1992). Sydney: HarperCollins Publishers.
    11. Committee on National Security Systems. (2010). CNSSI No. 4009.
    12. Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology Innovation Management Review, 4(10).
    13. Cybersecurity Ventures. (2017). 2017 Cybercrime Report. Retrieved from https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/2015-wp/wp-content/uploads/2017/10/2017-Cybercrime-Report.pdf
    14. Deibert, R., & Rohozinski, R. (2010). Liberation vs. Control: The Future of Cyberspace. Journal of Democracy, 21(4), 43-57.
    15. Deloitte, & the National Association of State Chief Information Officers. (2014). 2014 Deloitte-NASCIO Cybersecurity Study – State governments at risk: Time to move forward. Retrieved from https://www.nascio.org/Portals/0/Publications/Documents/Deloitte-NASCIOCybersecurityStudy_2014.pdf
    16. Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE transactions on Information Theory, 22(6), 644-654.
    17. ENISA. (2015). Definition of Cybersecurity: Gaps and Overlaps in Standardisation: European Union Agency for Network and Information Security.
    18. Fischer, R., & Green, G. (2004). Introduction to Security.
    19. Freeman, L. C. (1978). Centrality in social networks conceptual clarification. Social networks, 1(3), 215-239.
    20. Gartner. (2017). Gartner Forecasts Worldwide Security Spending Will Reach $96 Billion in 2018, Up 8 Percent from 2017 [Press release]. Retrieved from https://www.gartner.com/newsroom/id/3836563
    21. Gibson, W. (1984). Neuromancer (Vol. 1): Aleph.
    22. Gould, R. V., & Fernandez, R. M. (1989). Structures of mediation: A formal approach to brokerage in transaction networks. Sociological methodology, 89-126.
    23. Griliches, Z. (1984). Introduction to" R & D, Patents, and Productivity" R&D, Patents, and Productivity (pp. 1-20): University of Chicago Press.
    24. Hummon, N. P., & Carley, K. (1993). Social networks as normal science∗. Social networks, 15(1), 71-106.
    25. Hummon, N. P., & Doreian, P. (1989). Connectivity in a citation network: The development of DNA theory. Social networks, 11(1), 39-63.
    26. InfoSec Institute. (2016). Infosec Institute: Evolution in the World of Cyber Crime. Retrieved from https://resources.infosecinstitute.com/evolution-in-the-world-of-cyber-crime/
    27. International Telecommunication Union (ITU). (2009). Overview of Cybersecurity. Recommendation ITU-T X.1205.
    28. ISO/IEC. (2005). Information technology -- Security techniques -- Code of practice for information security management: ISO/IEC.
    29. ISO/IEC. (2012). Information technology -- Security techniques -- Guidelines for cybersecurity ISO/IEC 27032:2012.
    30. Jaffe, A. B., & Trajtenberg, M. (1999). International knowledge flows: evidence from patent citations. Economics of Innovation and New Technology, 8(1-2), 105-136.
    31. Jaffe, A. B., Trajtenberg, M., & Henderson, R. (1993). Geographic localization of knowledge spillovers as evidenced by patent citations. the Quarterly journal of Economics, 108(3), 577-598.
    32. Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993.
    33. Johnson, T. A. (2015). Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare: CRC Press.
    34. Klimburg, A., & NATO. (2012). National cyber security : framework manual: NATO CCD COE.
    35. Lewis, J. A. (2006). Cybersecurity and critical infrastructure protection. Center for Strategic and International Studies.
    36. Liu, J. S., & Lu, L. Y. (2012). An integrated approach for main path analysis: Development of the Hirsch index as an example. Journal of the Association for Information Science and Technology, 63(3), 528-542.
    37. Marsden, P. V. (1982). Brokerage behavior in restricted exchange networks. Social structure and network analysis, 7(4), 341-410.
    38. Mitchell, J. C. (1969). Social networks in urban situations: analyses of personal relationships in Central African towns: Manchester University Press.
    39. Mowery, D. C., Oxley, J. E., & Silverman, B. S. (1996). Strategic alliances and interfirm knowledge transfer. Strategic management journal, 17(S2), 77-91.
    40. National Initiative for Cybersecurity Careers and Studies (NICCS). (2018). Explore Terms: A Glossary of Common Cybersecurity Terminology. Retrieved from http://niccs.us-cert.gov/glossary
    41. National Institute of Standards and Technology (NIST). (2011). Managing information security risk: organization, mission, and information system view. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-39/final
    42. Newman, M. E. (2006). Modularity and community structure in networks. Proceedings of the national academy of sciences, 103(23), 8577-8582.
    43. Newman, M. E., & Girvan, M. (2004). Finding and evaluating community structure in networks. Physical review E, 69(2), 026113.
    44. Ponemon Institute. (2016). 2016 Cost of Cyber Crime Study & the Risk of Business Innovation. Retrieved from https://www.ponemon.org/local/upload/file/2016 HPE CCC GLOBAL REPORT FINAL 3.pdf
    45. Ponemon Institute & Accenture. (2017). 2017 COST OF CYBER CRIME STUDY. Retrieved from https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf
    46. Public Safety Canada. (2010). Canada’s Cyber Security Strategy.
    47. Public Safety Canada. (2012). Emergency management vocabulary.
    48. Ramirez, R., & Choucri, N. (2016). Improving Interdisciplinary Communication With Standardized Cyber Security Terminology: A Literature Review. IEEE Access, 4, 2216-2243.
    49. Reisner, P. (1963). A machine stored citation index to patent literature experimentation and planning. Paper presented at the Proceedings of Automation and Scientific Communications Annual Meeting.
    50. Rogers, E. M. (1962). Diffusion of innovations: Simon and Schuster.
    51. SHIVA, V. A. (2018). Inventing EMAIL - The History of EMAIL. Retrieved from https://vashiva.com/innovation/email/vashiva-inventor-of-email.asp
    52. The White House. (2003). The national strategy to secure cyberspace.
    53. The White House. (2008). National Security Presidential Directive 54:Homeland Security Presidential Directive 23 (NSPD-54:HSPD23).
    54. Tuchman, W. (1998). A brief history of the data encryption standard. In E. D. Dorothy & J. D. Peter (Eds.), Internet besieged (pp. 275-280): ACM Press/Addison-Wesley Publishing Co.
    55. UK National Crime Agency. (2016). Cyber Crime Assessment 2016. Retrieved from http://www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file
    56. Verspagen, B. (2007). Mapping technological trajectories as patent citation networks: A study on the history of fuel cell research. Advances in Complex Systems, 10(01), 93-115.
    57. Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
    58. Wasserman, S., & Faust, K. (1994). Social network analysis: Methods and applications (Vol. 8): Cambridge university press.
    59. Cisco. (2017). 2017年中網路安全報告. 取自https://www.cisco.com/c/zh_tw/about/news-center/news-20170728.html
    60. 粘添壽. (2008). 資訊與網路安全技術: 旗標.

    QR CODE