文化大學機構典藏 CCUR:Item 987654321/19700
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 46833/50693 (92%)
造访人次 : 11853283      在线人数 : 602
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻
    主页登入上传说明关于CCUR管理 到手机版


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/19700


    题名: 資訊安全事故資訊分享機制之研究
    作者: 陳文其
    贡献者: 資訊安全產業研發碩士專班
    关键词: 資訊分享與分析
    資訊安全事故資訊分享
    網路安全
    日期: 2009
    上传时间: 2011-10-11 14:24:01 (UTC+8)
    摘要: 資訊技術蓬勃發展的現在,資訊安全事故也層出不窮。資訊安全廠商如雨後春筍般的冒出,但面對日新月異的惡意網路行為,資訊安全廠商能做的就是跟隨著已經發現的惡意攻擊程式進行系統漏洞修補、惡意程式特徵萃取防禦或是攻擊行為模式偵測阻擋。這樣的攻防模式已經行之有年,處於被動防禦的資訊安全廠商依然無法突破此困境,而每當有新型態的惡意程式攻擊行為發生時,初期所造成的災害較攻擊事故中期的影響,往往是數以倍計的。
    新型態的攻擊行為資訊在商業利基主導的環境中是不容易被公開分享,但新型態攻擊所造成的商業損失卻是無法估計的。本論文的目的希望在不損及商業行為的前提下,提出新型態的攻擊資訊分享機制,在此建議機制中,資訊安全服務廠商能減低對於資訊安全資訊分享的商業損失疑慮,進而在新型態的攻擊行為發生初期盡量減小攻擊所造成的損害範圍,甚至抑制該攻擊行為擴散並且迅速消滅。
    最後,經由文獻探討、技術分析,提出現行資訊技術、資訊安全事故資訊不易分享之原因,並逐一進行研究探討,以提出可以被接受且易於進行實作之資訊安全事故分享機制。
    Nowadays with the booming of developing the information technology, information security consulting venders have sprung up like bamboo shoots after spring rain since the security events emerge in endlessly. Facing these malicious attacks, the ways, security venders can do, are fixing the bugs related to the system loopholes, adapting appropriate defend processes depend on the characters of malicious programs or detecting and stopping the attacks activities. The defend ways has been implemented for years but the security venders still have not broken away for the security attacks. When the new types of malicious attacks happen, the damage in the early stage is higher and many times than middle stage.
    Based on the commercial interest, the companies reluctant to share the information of new types of security attacks, however the commercial losses caused by new type of security attacks are inestimable. Based on the purpose of not harming commercial interest, this research aims at providing a new type of information sharing system of information security incidents. According to this system, the information security consulting venders could lower their concerns that the security information sharing could cause the commercial loss, reduce the damage caused by new type of security attack in the early stage when attacks happen, controlling the spread of security attacks and eliminate these activities quickly.
    Finally, through literature review and technique analysis, this research finds out and studies the difficulties of sharing the information security incidents, and then brings up a practical and acceptable an information sharing system.
    显示于类别:[資訊工程學系] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML429检视/开启


    在CCUR中所有的数据项都受到原著作权保护.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈