面臨駭客組織的攻擊威脅，近年來全球主要國家或區域型組織除持續改善資通安全規範政策並加強資安防護縱深防禦外，均定期辦理網路攻防演練。網路攻防演練得以測試資安防護策略與規範不足之處，也能找出資訊系統的脆弱環節，同時可訓練並提升參與者資安技術與知識，培養其技術能力並教導駭客的思考邏輯與方式，亦可強化跨國、跨企業組織間的溝通協調，建立資安聯防架構。因此，許多研究機構與學術期刊提出網路攻防演練規劃與設計指引，並研發網路攻防演練平台，提供辦理網路攻防演練的團隊使用。
然而，當前網路攻防演練及已公開之研究文獻，大多著重於傳統技術與程序的測試與評估，對於新型態資安威脅所應具備之情資分析預警技術較無著墨。因此，本研究提出使用競爭假設分析(Analysis of Competing Hypotheses , ACH)理論，規劃以威脅情資分析預警為主軸的網路攻防演練框架，並輔以入侵偵測鑽石模型(Diamond model)與網路威脅狙殺鍊模型(Cyber Kill Chain model)設計攻防演練系統平臺架構與情境範例，作為規劃辦理網路攻防演練之參考依據。期能補足其他研究網路攻防演練所不足之處，以符合當前資訊安全防護策略主流。
設計和規劃網路攻防演練是一項複雜的任務，本研究透過文獻分析法蒐集歐盟與美國攻防演練資料，擷取自2004年至2019年的資料，透過文獻與實務經驗，擬訂出網路攻防演練的實施程序，包括每個步驟的設計注意事項並遵循結構化方法，探討網路安全技術演練與應用，以作為培訓網路安全演練的參考。

Faced with the threat of hacking organizations, in recent years, major countries or regional organizations in the world, in addition to continuously improving the information security regulations and strengthening the security and defense in depth defense, have regularly conducted network offensive and defensive drills. The network offensive and defensive drills can test the inadequacies of security protection strategies and standards, and can also find the fragile links of the information system. At the same time, it can train and improve the participants 'security technology and knowledge, cultivate their technical capabilities and teach hackers' thinking logic And methods can also strengthen communication and coordination between multinational and cross-enterprise organizations, and establish a security and security defense structure. Therefore, many research institutions and academic journals have put forward guidelines for planning and designing of network offensive and defensive drills, and developed platforms for network offensive and defensive drills to provide references for teams handling network offensive and defensive drills.
However, most of the current network offensive and defensive drills and published research literature focus on the testing and evaluation of traditional technologies and procedures. The analysis and early warning techniques for new types of security threats are relatively inadequate. Therefore, this study proposes to use the Analysis of Competing Hypotheses (ACH) theory to plan a network offensive and defensive rehearsal framework with threat analysis and warning as the main axis, supplemented by intrusion detection diamond model and network The Cyber Kill Chain model designs the platform architecture and scenario examples of the offensive and defensive rehearsal system, and serves as a reference basis for planning and handling network offensive and defensive rehearsals. It is expected to make up for the inadequacies of other research on network offensive and defensive exercises to meet the mainstream of current information security protection strategies.
Designing and planning a network offensive and defensive drill is a complex task. This study collected data on European and American offensive and defensive drills through literature analysis, extracted data from 2004 to 2019, and developed a network offensive and defensive through literature and practical experience. The implementation procedures of the drill include design considerations for each step and follow a structured approach to explore cybersecurity technology drills and applications, as an organizational guide for organizing cybersecurity drills for training purposes.

丁諭祺、詹偉銘、張光宏、周國森、施君熹(2014)，以WARGAME型式建立資訊安全攻防演練平台，資訊安全通訊 20卷4期，P.72-83。
林敬皇(2013)，網路攻防演練框架設計及基於雲端實證資料下虛擬機器效能模型之研究，成功大學電腦與通信工程研究所博士學位論文。
徐志朋(2018)，雲端式網路攻擊鏈數位靶場教學演練實驗平台之設計與實作，健行科技大學資訊工程系碩士班學位論文。
張群岳(2003)，網路虛擬演習系統之建置與評估，臺北醫學大學醫學資訊研究所學位論文。
張錫鈴(2010)，電子郵件社交工程與資訊安全認知行為之研究探討-以某企業為例，虎尾科技大學資訊管理研究所學位論文。
陳信文、蔡一郎(2019)，CDX2.0平台攻防場域課程設計與實作，NCS 2019 全國計算機會議，P.188-191。
陳彥甫(2012)，殭屍網路測試自動化環境架設與實驗執行，中原大學資訊工程研究所學位論文。
黃鳳珠(2017)，各國資訊安全政策的比較研究，淡江大學資訊管理學系碩士在職專班學位論文。
聶順成、梁德容、王尉任(2018)，基於OpenStack開發之資訊安全演練平台，TANET2018 臺灣網際網路研討會，P.2205-2208。

Furtuna A., Patriciu V.V., & Bica Ion(2010). A Structured Approach for Implementing Cyber Security Exercises. Romania:IEEE.
Heuer, Richards J., Jr, "Chapter 8: Analysis of Competing Hypotheses", Psychology of Intelligence Analysis, Center for the Study of Intelligence, Central Intelligence Agency
Patriciu, V.V., & Furtuna, A.C. (2009) Guide for designing cyber security exercises. Proceedings of the 8th WSEAS International Conference on E-Activities and Information Security and Privacy, pp. 172–177. World Scientific and Engineering Academy and Society, WSEAS
Seker E.(2018) The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation.2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). IEEE
Sergio C., Pendergast A., & Betz C.(2013 July) The diamond model of intrusion analysis, DTIC Document Tech. Rep.
White G. B., Dietrich G., & Tim Goles(2004). Testing an Organization’s Ability to Prevent, Detect, and Respond to Cyber Security Events. Proceedings of the 37th Hawaii International Conference on System Sciences. Hawaii.
Wilhelmson N., & Svensson T.(2014) Handbook for planning running and evaluating information technology and cyber security exercises. Swedish National Defence College Center for Asymmetric Threats Studies (CATS).
Kolb A. , Kolb D. A. (2005). Experiential Learning Theory bibliography. Experience Based Learning Systems, Inc. Cleveland, OH. Retrieved from www.learningfromexperience.com. (May 1, 2020)
Kick, J.(2014) Cyber exercise playbook. Technical report, DTIC Document. Retrieved from https://www.mitre.org/publications/technical-papers/cyber-exercise-playbook.(May 1, 2020)
Sean T Malone (2016) Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency. Black hat USA 2016. Retrieved from https://www.blackhat.com/docs/us-16/materials/us-16-Malone-Using-An-Expanded-Cyber-Kill-Chain-Model-To-Increase-Attack-Resiliency.pdf .(May 1, 2020)