簡易檢索 / 詳目顯示
| 研究生: |
謝昌益 Chang-I Hsieh |
|---|---|
| 論文名稱: |
具智能基礎之輕量化資安監控平台框架 A Framework of Intelligence-based Light-weight Security Operation Center Platform |
| 指導教授: |
吳宗成
Tzong-Chen Wu |
| 口試委員: |
楊維寧
Wei-Ning Yang 葉瑞徽 Ruey-Huei Yeh |
| 學位類別: |
碩士 Master |
| 系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
| 論文出版年: | 2021 |
| 畢業學年度: | 109 |
| 語文別: | 中文 |
| 論文頁數: | 58 |
| 中文關鍵詞: | 資訊安全監控中心 、人工智慧 、資訊安全管理框架 、資安態勢感知 |
| 外文關鍵詞: | Security Operation Center, Artificial Intelligence, Cybersecurity Framework, Cyber Security Situation Awareness |
| 相關次數: | 點閱:615 下載:10 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著高速成長的網際網路應用與資訊數位化的演進,源自網路的攻擊亦持續增長。企業在進行數位轉型時,如何有效降低資訊安全上的風險,保護數位資訊資產免受攻擊已經變成重要議題。因此,建構合適的資安防護措施與體質,已是企業持續發展中重要的一環。
資安監控機制可謂資安防護的指揮中心,提供企業資安防護能力的可視性。然而對於中小企業及單位,現今資訊安全監控中心平台建置成本極高,需要相當的人力與資源來建構與維持。因此,本研究嘗試綜整資訊安全監控管理面與技術面相關之研究,規劃一套具智能化的輕量資安監控平台框架。提供中小型企業與單位更易於建立資訊安全監控平台體制的指引,減低建立監控維運機制的負荷。
本研究參照資安風險管理、美國國家標準與技術研究所(NIST)的所制定的資訊安全管理框架(Cybersecurity Framework)、MITRE機構的網路攻擊戰術技術和常識框架(MITRE ATT&CK)、資安態勢感知理論收斂簡化資安事件處理層次,輔以人工智慧與自動化技術的運用,提出了一項資安監控服務整合模型(Cybersecurity Monitoring Service Integrated Model),作為具智能基礎的輕量化資安監控平台概念原型。期望透過本研究,推動提升整體社會資安防護環境,提升整體社會資安監控能力的覆蓋程度。
With the rapid growth and widespread use of electronic data in internet and digitalization, attacks from the network have continued to grow. To mitigate cybersecurity risk and defending information technology assets from attack during digital transformation has become a critical task for organizations. Hence, to construct appropriate protection and control mechanism of information security is essential to enterprises for their business continuity.
The information security monitoring platform provides visibility of companies and organizations to monitor and understand security threats in real time. However, for smaller enterprises and units, the traditional way of security information and events management platform is too heavy and expensive to construct and maintain. Therefore, this study attempts to combine researches from management and technical perspective in the field of cybersecurity monitoring, and propose the related planning to build a light-weight framework of intelligent security operation center platform. This study also attempts to provide guidance for smaller enterprises and organizations to build a platform for cybersecurity monitoring more easily and reduce the total cost of establishing a security operation center.
This study attempts to propose a model called Cybersecurity Monitoring Service Integrated Model (CMSIM) on the reference of information security risk management, Cybersecurity Framework developed by NIST, MITRE ATT&CK, theory of cyber security situation awareness, and artificial intelligence and automation technology. The proposed CMSIM model can be served as a prototype of intelligent light-weight security operation center platform. Finally, this study attempts to promote and improve the coverage of overall social cyber security monitoring capabilities.
毛敬豪(2010)。以序列為基礎之網路異常事件分析與攻擊行為偵測。國立臺灣科技大學資訊工程系博士論文,未出版,台北市。
王啟時(2020)。系統日誌異常檢測方法的效能評估。國立臺灣大學資訊工程學研究所碩士論文,未出版,台北市。
江國輝(2017)。適用於中小企業之迷你資訊安全監控中心規劃與設計。國立臺灣科技大學資訊管理系碩士班學位論文,未出版,台北市。
行政院國家資通安全會報(2017)。領域SOC實務建置指引。
行政院國家資通安全會報(2021)。國家資通安全發展方案(110年至113年)。27-32。
林文暉、王平、吳保樺、周明勝、蔡東霖、蔡一郎及羅濟群(2020)。一個基於行為分析學習模式之網路入侵偵測分類器。資訊管理學報,27(4),465-494。
林承忠(2020)。網路攻防演練框架之規劃與設計。國立臺灣科技大學資訊管理系碩士班學位論文,未出版,台北市。
邱育亨(2019)。基於網路流量架構之異常偵測機制。國立臺灣科技大學資訊管理系碩士論文,未出版,台北市。
傅上哲(2020)。工業控制系統的安全事件風險評估。中原大學資訊工程研究所碩士論文,未出版,桃園市。
傅振華、徐韻修(2020)。網路資訊系統防禦植基於日誌監控之研究。國防管理學報,41(2),1-21。
Ahmad, A., Maynard, S. B., Desouza, K. C., Kotsias, J., Whitty, M. T., & Baskerville, R. L. (2020). How can organizations develop situation awareness for incident response:A case study of management practice, Computers & Security, 101, 0167-4048, doi:10.1016/j.cose.2020.102122.
Aloseel, A., Al-Rubaye, S., Zolotas, A. & Shaw, C. (2021). Attack-Detection Architectural Framework Based on Anomalous Patterns of System Performance and Resource Utilization—Part II. IEEE Access, 9, 87611-87629, doi:10.1109/ACCESS.2021.3088411.
Devine, S. M. (2016). Securing small and medium-size businesses, Network Security, 2016(7), 14-20, 1353-4858, doi:10.1016/S1353-4858(16)30070-8.
Evangelou, M., Adams, N. M. (2020). An anomaly detection framework for cyber-security data, Computers & Security, 97, 0167-4048, doi:10.1016/j.cose.2020.101941.
Kwon, R., Ashley, T., Castleberry, J., Mckenzie, P. & Gourisetti, S. N. G. (2020). Cyber Threat Dictionary Using MITRE ATT&CK Matrix and NIST Cybersecurity Framework Mapping, 2020 Resilience Week (RWS), 106-112, doi:10.1109/RWS50334.2020.9241271.
Lee, J., Kim, Y. S., Kim, J. H. and Kim, I. K. (2017). Toward the SIEM architecture for cloud-based security services, 2017 IEEE Conference on Communications and Network Security (CNS), 398-399, doi:10.1109/CNS.2017.8228696.
MITRE. (2019). ATT&CK Matrix for Enterprise. Retrieved from: https://attack.mitre.org (May 1, 2021)
NIST. (2021). Cybersecurity Framework:A Quick Start Guide, NIST Special Publication 1271, Retrieved from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1271.pdf (May 11, 2021)
Onwubiko, C. (2015). Cyber security operations centre:Security monitoring for protecting business and supporting cyber defense strategy, 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 1-10, doi:10.1109/CyberSA.2015.7166125.
Schinagl, S., Schoon, K. & Paans, R. (2015). A Framework for Designing a Security Operations Centre (SOC), 2015 48th Hawaii International Conference on System Sciences, 2253-2262, doi:10.1109/HICSS.2015.270.
Serckumecka, A., Medeiros, I. & Bessani, A. (2019). Low-Cost Serverless SIEM in the Cloud. Symposium on Reliable Distributed Systems (SRDS), 38, 381-3811, doi:10.1109/SRDS47363.2019.00057.
Shah, A., Ganesan, R., Jajodia, S. & Cam, H. (2019). A Two-Step Approach to Optimal Selection of Alerts for Investigation in a CSOC, IEEE Transactions on Information Forensics and Security, 14(7), 1857-1870, doi:10.1109/TIFS.2018.2886465.
Sopan, A., Berninger, M., Mulakaluri, M. & Katakam, R. (2018). Building a Machine Learning Model for the SOC, by the Input from the SOC, and Analyzing it for the SOC, IEEE Symposium on Visualization for Cyber Security (VizSec), 2018, 1-8, doi:10.1109/VIZSEC.2018.8709231.
Tianfield, H. (2016). Cyber Security Situational Awareness, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications(GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 782-787, doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2016.165.
Werner, G., Yang, S., McConky, K. (2017). Time series forecasting of cyber attack intensity, CISRC '17:Proceedings of the 12th Annual Conference on Cyber and Information Security Research, 18, 1–3
Wu, Q., Zhu, X., Kuo, K. C. & Lu, C. (2017). Light SIEM for semiconductor industry, 2017 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM), 2331-2335, doi:10.1109/IEEM.2017.8290308.
