题名

以系統動力學探討電腦病毒防治政策

并列篇名

Research of the Computer Viruses Prevention Policy Using System Dynamics

DOI

10.6382/JIM.201207.0621

作者

宋佩貞(Pei-Chen Sung);古政元(Cheng-Yuan Ku);陳加屏(Chia-Ping Chen)

关键词

電腦病毒傳播 ; 系統動力學 ; 傳染病散播模型 ; 電腦病毒防治政策 ; Computer Virus Propagation ; System Dynamics ; Epidemic Model ; Anti-Virus Policy

期刊名称

資訊管理學報

卷期/出版年月

19卷3期(2012 / 07 / 01)

页次

621 - 652

内容语文

繁體中文
中文摘要

電腦病毒防治乃是資訊安全政策的核心任務之一,然而現今防範電腦病毒的研究多集中在技術面,在實證研究部份則因資料數據取得困難,故較少探討。為彌補此缺口,本研究採用系統動力學的方法,建立電腦病毒傳播的動態模式,藉以探討用戶端防毒政策的成效。多數研究認為定期更新病毒碼或成立資訊安全事件通報小組,能有效遏止電腦病毒散播,除此之外我們更進一步確認下述現象:(1)電腦接觸外來媒介的頻繁對於電腦病毒感染速率具高度敏感;(2)透過用戶端通報異常狀況存在著時間滯延,因此較不能快速減緩電腦病毒的散播;(3)自動通報機制可以有效控制高峰期的已感染電腦數量並縮短疫情持續時間,故防治效果比較佳;(4)公共衛生政策裡的隔離措施亦可有效抑制電腦病毒的傳播。
英文摘要

Anti-virus action is the core of information security policy. Many researchers focus on the technology of anti-virus, but not on the anti-virus policies because of the difficulty for obtaining data in empirical research. The research goal of this paper is to explore and evaluate the effectiveness of anti-virus policies by using the System Dynamic Model. Most computer users think that updating the virus pattern files regularly or setting up the security incident reporting team can effectively control the spread of computer viruses. However, the research results of this study indicate: (1) computer virus infection rate is very sensitive to the frequency of contact with other media; (2) relying on the manual reporting mechanism of clients will delay the development of anti-virus vaccine; therefore, this method can slow down the spread of computer virus a little; (3) automatic reporting system can effectively control the number of infected computers and shorten the duration of infection peak; (4) isolation policies can effectively reduce the spread of computer virus.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 管理學
参考文献
  1. 黃士銘、張碩毅、蘇耿弘(2005)。企業導入BS7799資訊安全管理系統之關鍵成功因素─以石化產業為例。資訊管理學報,13(2),171-192。
    連結:
  2. 黃經洲、陳加屏、艾昌瑞(2009)。以系統動力學模擬登革熱擴散現象與評估防治策略效果─台南市為例。臺灣公共衛生雜誌,28(6),541-551。
    連結:
  3. 蘇建源、江婉媚、阮金聲(2010)。資訊安全政策實施對資訊安全文化與資訊安全有效性影響之研究。資訊管理學報,17(4),61-87。
    連結:
  4. ISO (2005), 'ISO/IEC 27001 information technology - code of practice for information'..
  5. ISO (2005), 'ISO/IEC 27001 information technology - security techniques - information security management systems-requirements'..
  6. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  7. CSI, (2009), Computer Crime & Security Survey Executive Summary, Computer Security Institute.
  8. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  9. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  10. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  11. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  12. DTI, (2004), Information Security Breaches Survey, Department of Trade & Industry.
  13. 行政院主計處(2010),『98年電腦應用概況報告』,available at http://www.dgbas.gov.tw/ct.asp?xItem=28145&CtNode=5526&mp=1 (accessed 18 January 2011)。
  14. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  15. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  16. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  17. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  18. CSI, (1999-2008), Computer Crime & Security Survey, Computer Security Institute.
  19. Albrechtsen, E.,Hovden, J.(2009).The information security digital divide between information security managers and users.Computer & Security,28(6),476-490.
  20. Anderson, R. M.,May, R. M.(1991).Infectious Diseases of Humans: Dynamics and Control.Oxford:Oxford University Press.
  21. Bailey, N. T. J.(1975).The Mathematical Theory of Infectious Diseases and its Application.London:Charles Griffin.
  22. Chen, Z.,Gao, L.,Kwiat, K.(2003).Modeling the spread of active worms.Proceedings of IEEE INFOCOM2003,San Francisco, California, USA:
  23. Cho, K.,Lee, J.,Lim, J.,Moon, J.(2007).Verification method of network simulation for pervasive environments.Proceedings of the Third International Conference on Security and Privacy in Communication Networks and the Workshops,Nice, France:
  24. Cohen, F.(1984).Computer viruses theory and experiments.Proceedings of the 7th DoD/NBS Computer Security Conference,Gaithersburg, Maryland, USA:
  25. Farmer, J. D.,Belin, A. d''A.(1991).Artificial life: the coming evolution.Artificial Life II,California:
  26. Ferbrache, D.(1992).A Pathology of Computer Viruses.London:Springer-Verlag.
  27. Forrester, J. W.(1961).Industrial Dynamics.Combridge:MIT Press.
  28. Highland, Harold Joseph(1990).The Computer Virus Handbook.Oxford:Elsevier Science.
  29. Hoppensteeadt, F.,Waltman, P.(1970).A problem in the theory of epidemics.Mathematical Biosciences,9,71-91.
  30. Hruska, J.(1990).Computer Viruses and Anti-virus Warfare.New York:Ellis Horwood.
  31. Kephart, J. O.,White, R. S.(1993).Measuring and modeling computer virus prevalence.Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy,Oakland, California, USA:
  32. Kephart, J. O.,White, R. S.(1991).Directed-graph epidemiological models of computer virus.Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy,Oakland, California, USA:
  33. Kotulic, A. G.,Clark, J. G.(2004).Why there aren't more information security research studies.Information & Management,41(5),597-607.
  34. Ludwig, M. A.(1996).The Little Black Book of Computer Viruses.Arizona, USA:American Eagle Publucations.
  35. Mishra, B. K.,Pandey, S. K.(2010).Fuzzy epidemic model for the transmission of worms in computer network.Nonlinear Analysis: Real World Applications,11(5),4335-4341.
  36. Peter, S.(2005).The Art of Compter Virus Research and Defense.Boston:Addison Wesley Professional.
  37. Piqueira, J. R. C.,Araujo, V. O.(2009).A modified epidemiological model for computer viruses.Applied Mathematics and Computation,213(2),355-360.
  38. Post, G.,Kagan, A.(2000).Management tradeoffs in anti-virus strategies.Information & Management,37(1),13-24.
  39. Qing, S.,Wen, W.(2005).A survey and trends on Internet worms.Computer & Security,24(4),334-346.
  40. Senge, P. M.(1990).The Fifth Discipline: The Art and Practice of the Learning Organization.New York:Doubleday.
  41. Silva, L.,Backhouse, J.(2003).The circuits-of-power framework for studying power in institutionalization of information systems.Journal of the Association for Information Systems,4(6),294-336.
  42. Smith, S.,Winchester, D.,Bunker, D.,Jamieson, R.(2010).Circuits of power: a Study of mandated compliance to an information systems security De Jure standard in a government organization.MIS Quarterly,34(3),463-486.
  43. Stallings, W.(2006).Cryptography and Network Security Principles and Practices.New Jersey:Pearson Prentice Hill.
  44. Sterman, J. D.(1989).Modeling management behavior: misperceptions of feedback in a dynamics decision making experiment.Management Science,35(3),321-339.
  45. Sterman, J. D.(2000).Business Dynamics: System Thinking and Modeling for a Complex World.New York:McGraw-Hill.
  46. Sterman, J. D.,Wittenberg, J.(1999).Path dependence, competition, and succession in the dynamics of scientific revolution.Organization Science,10(3),322-341.
  47. Wang, F.,Zhang, Y.,Wang, C.,MA, J.,Moon, S.(2010).Stability analysis of a SEIQV epidemic model for rapid spreading worms.Computers & Security,29(4),410-418.
  48. Whitman, M. E.,Mattord, H. J.(2008).Management of Information Security.Boston:Thomson Course Technology.
  49. Wierman, J. C.,Machette, D. J.(2004).Modeling computer virus prevalence with a Susceptible-Infected-Susceptible model with reintroduction.Computational Statistics & Data Analysis,45(1),3-23.
  50. Yang, Y.,Fang, Y.,Li, L. Y.(2008).The analysis of Propagation model for Internet worm based on active vaccination.Proceedings of Fourth International Conference on Natural Computation,Jinan, China:
  51. Yuan, H.,Chen, G.,Wu, J.,Xiong, H.(2009).Towards controlling virus propagation in information systems with point-to-group information sharing.Decision Support Systems,48(1),57-68.
  52. Zou, C. C.,Gong, W.,Towsley, D.(2002).Code red worm propagation modeling and analysis.Proceedings of 9th ACM Symposium on Computer and Communication Security,Washington, DC, USA:
  53. 林宜隆、黃讚松(2001)。網路犯罪學之探討。中央警察大學學報,38,325-348。
  54. 張宏琳(2007)。碩士論文(碩士論文)。中國,中國陝西師範大學智能信息處理與信息安全研究所。
  55. 郭家宏(2005)。碩士論文(碩士論文)。花蓮縣,國立東華大學企業管理研究所。
  56. 蔡思達(2007)。碩士論文(碩士論文)。臺北市,國立臺灣科技大學資訊管理系。
  57. 蘇懋康(1988)。系統動力學原理及應用。中國上海:上海交通大學出版社。
被引用次数
  1. 劉培林,李宗倫,方崇懿(2019)。一個無線通訊材料領導廠商經營模式的分析-系統動態觀點。管理與系統,26(4),451-485。
  2. 鍾健平、賴信廷、張志強、李靜芳(2014)。台灣砂糖供需系統動態模擬分析。管理資訊計算,3(2),235-254。
print cancel