题名

資安日誌管理暨惡意程式分析平台系統建置-以學校系所為例

并列篇名

Building a Platform System for Information Security Log Management and Malware Analysis-an Example at the School Departments

作者

楊慶裕(Ching-Yu Yang);郭家祥(Jia-Siang Guo);吳信德(Hsin-Te Wu)

关键词

資訊安全 ; 網路安全 ; 惡意程式分析 ; Docker平台 ; ELK套件 ; Information Security ; Network Security ; Malware Analysis ; Docker Platform ; ELK Stack

期刊名称

資訊安全通訊

卷期/出版年月

25卷4期(2019 / 11 / 01)

页次

17 - 28

内容语文

繁體中文
中文摘要

隨著科技時代進步,網路也提供人們許多便利性,不僅讓眾多企業帶來商機,也導致被用於犯罪的工具,使得電腦網路犯罪問題逐年累增,例如:竊取公司機密、阻斷服務攻擊、被植入惡意程式等犯罪事件發生,因此現在公司需增加一套完善的系統在犯罪事件發生後立即有效處理電腦鑑識的流程,一但犯罪事件發生,需要有追蹤犯罪電腦之作業程序的能力及技術,可以在最短的時間有效及快速地找到公司內部來源端電腦及犯罪者。本文提出的系統是由三種不同軟體所組成,先將犯罪者的電腦系統備份,並對備份完成的系統進行蒐集、分析Log、索引查詢,簡化過去繁鎖且沒效率的調查工作,並透過Cuckoo Sandbox沙盒分析,了解程式執行動向進而產生文件報表。
英文摘要

With the advances in the technology era, the Internet has provided tremendous convenience. Apart from bringing business opportunities for enterprises, the Internet has also become a criminal tool for unscrupulous people, which has increased the problem of cybercrime year by year, such as stealing confidential information, denial-of-service (DoS) attacks, malware implantation, and relevant crimes. Therefore, enterprises are suggested to install a comprehensive system that could implement the process of digital forensics effectively and immediately right after encountering a cybercrime. Once a cybercrime happened, it requires a processing system with sufficient capability and techniques to track the computers that involve in the crime, which enables the company to find the source computer internally and the criminal efficiently and effectively in the shortest time. The system this study offers consists of three different kinds of software, it back the computer system of the criminal up and conduct investigation processes of searching, analyzing logs, and index scanning; the system simplifies the old cumbersome and inefficient investigation process to understand the execution tendencies of the software and produce reports through Cuckoo Sandbox Analysis.
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. 間諜軟體(Spyware),https://zh.wikipedia.org/wiki/%E9%97%B4%E8%B0%8D%E8%BD%AF%E4%BB%B6。
  2. 廣告軟體,https://zh.wikipedia.org/wiki/%E5%BB%A3%E5%91%8A%E8%BB%9F%E9%AB%94。
  3. Docker 三大核心概念:鏡像、容器、倉庫,http://www.aboutyun.com/blog-31226-2831.html。
  4. Rootkkit,https://zh.wikipedia.org/wiki/Rootkit 。
  5. 木馬(Trojan),https://zh.wikipedia.org/wiki/%E7%89%B9%E6%B4%9B%E4%BC%8A%E6%9C%A8%E9%A9%AC_(%E7%94%B5%E8%84%91) 。
  6. 後門(Backdoor),https://zh.wikipedia.org/wiki/%E8%BB%9F%E9%AB%94%E5%BE%8C%E9%96%80。
  7. 有容雲-原理|Docker 存儲驅動之 AUFS, https://kknews.cc/other/nxlqn68.html。(2017-03-17)
  8. James 的資訊安全實驗室--如何自行架設惡意程式分析沙盒(Cuckoo Sandbox)_介紹篇,http://jameshclai.blogspot.com/2017/03/cuckoo-sandbox.html。
  9. Docker 快速入門之原理篇,https://zhuanlan.zhihu.com/p/31654581。
  10. Borkar, A. Donode,Kumari, A.(2017).A survey on Intrusion Detection System (IDS) and Internal Intrusion Detection and protection system (IIDPS).2017 International Conference on Inventive Computing and Informatics (ICICI)
  11. Gong, Y.,Mabu, S.,Chen, C.,Wang, Y.,Hirasawa, K.(2009).Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming.2009 ICCAS-SICE
  12. Li, W.,Meng, Y.,Kwok, L.-F.(2013).Enhancing Trust Evaluation Using Intrusion Sensitivity in Collaborative Intrusion Detection Networks: Feasibility and Challenges.2013 Ninth International Conference on Computational Intelligence and Security
  13. Lupu, R.,Badea, R.,Mihai, I. C.(2016).Agent-based IDMEF alerting infrastructure for distributed intrusion detection and prevention systems: Design and validation.2016 International Conference on Communications (COMM)
  14. Penya, Y. K.,Bringas, P. G.(2008).Experiences on Designing an Integral Intrusion Detection System.19th International Conference on Database and Expert Systems Application
  15. Sukumar, J. V. A.,Pranav, I.,Neetish, M.M.,Narayanan, J.(2018).Network Intrusion Detection Using Improved Genetic k-means Algorithm.2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI)
  16. WarunikaAmali,Cuckoo Sandbox 安裝指南,2017 年 7 月 9 日,https://medium.com/@warunikaamali/cuckoo-sandbox-installation-guided7a09bd4ee1f。
  17. Warzyński,Kołaczek, G.(2018).Intrusion detection systems vulnerability on adversarial examples.2018 Innovations in Intelligent Systems and Applications (INISTA)
  18. Ryan Watson(2018 年),Windows Events Sysmon and Elk…oh my!(Part1),SilentBreakSecurity 網站,來源:https://silentbreaksecurity.com/windows-events-sysmon-elk/。
  19. Ryan Watson(2018 年),Windows Events Sysmon and Elk…oh my!(Part2),SilentBreakSecurity 網站 , 來源 : https://silentbreaksecurity.com/windows-eventssysmon-elk-part-2/。
  20. weiweiwesley(2017 年),30 天 Docker、ELK Stack 系列,iT 邦幫忙網站,來源:https://ithelp.ithome.com.tw/users/20103420/ironman/1046。
  21. 何宗諭(2016)。淺談輕量化的虛擬技術─Docker 容器。臺灣大學計算機及資訊網路中心電子報,0036
  22. 資安科技研究所/技術研發中心/財團法人資訊工業策進會,Docker 容器虛擬化資安最佳化實務與應用,http://tprc.tanet.edu.tw/tpnet2017/training/10611.pdf。
  23. 叢培侃(2005)。中央警察大學資訊管理研究所碩士班。
  24. 蘇庫拉.塞哈特(2016).Learning ELK Stack.電子工業出版社.
  25. 饒琛琳(2017).ELK Stack 權威指南.電子工業出版社.
被引用次数
  1. 陳仕弘(2023)。資訊安全威脅與治理政策之探討。管理資訊計算,12(特刊1),1-12。
print cancel