系統識別號 | U0002-1106201016113800 |
---|---|
DOI | 10.6846/TKU.2010.00326 |
論文名稱(中文) | 以推論機制探討資訊安全本體之運作 |
論文名稱(英文) | Formalizing Computer Security Incidents Ontology by Rule-Based Mechanism |
第三語言論文名稱 | |
校院名稱 | 淡江大學 |
系所名稱(中文) | 資訊管理學系碩士班 |
系所名稱(英文) | Department of Information Management |
外國學位學校名稱 | |
外國學位學院名稱 | |
外國學位研究所名稱 | |
學年度 | 98 |
學期 | 2 |
出版年 | 99 |
研究生(中文) | 林苡汶 |
研究生(英文) | YI WEN LIN |
學號 | 697630209 |
學位類別 | 碩士 |
語言別 | 英文 |
第二語言別 | |
口試日期 | 2010-05-29 |
論文頁數 | 41頁 |
口試委員 |
指導教授
-
劉艾華(liou@mail.tku.edu.tw)
委員 - 林開榮 委員 - 梁恩輝 委員 - 吳宗禮 |
關鍵字(中) |
資訊安全本體論 資訊安全事件 規則推論 風險管理 |
關鍵字(英) |
Security Incidents Rule-based Reasoning Risk management Security Ontology |
第三語言關鍵字 | |
學科別分類 | |
中文摘要 |
鑑於廣泛使用的資訊科技,資訊安全的議題也逐漸成為研究的焦點。 資訊安全事件的來源可以從不同的事件產生如防火牆日誌檔,入侵偵測系統等等。 針對此類日益劇增的資安事件,對於不僅是使用者甚至是企業都會遭受影響,所以資訊安全的知識在當今的社會中扮演非常重要的角色。事實上,一個小小的資訊安全漏洞往往對組織企業產生莫大的傷害,為了使此種傷害降到最低,本研究提出了明確階層式的資訊安全本體專家系統本研究包含的層級有alert data, attacks, agents, tools, accesses, vulnerabilities and assets,來方便使用者以規則推論可能造成的資安事件和影響的層級,藉由資訊安全規則的使用更能幫助管理者在做資訊安全決策以及解決問題和進行有效的風險管理。 |
英文摘要 |
Based on the widely used computer technology, the security incidents have been expanding in an unbelievable fashion. Security incidents can be reflected by different sources, such as firewall logs, intrusion detection systems alerts, and frequency of processors or memory use. By facing this huge volume of information, it’s crucial for people to acknowledge the fact that computer security is playing an important part of our life. As a matter of fact, a slightly little flaw in our information system could be detected by the attackers; furthermore, lead to security disasters that threaten certain organizations or enterprises. For the sake of solving incidents matters precisely, we took into account different sources of possible objects and further analyzed relationship among them such as alert data, attacks, agents, tools, accesses, vulnerabilities and assets. Hence, the conceptual-model of Security Incident Ontology was developed. |
第三語言摘要 | |
論文目次 |
Directory 1. Introduction 1 1.1 Research Background and Motivation 1 1.2 Research Framework 2 2. Research Tools and Mechanism 4 2.1 Semantic Web 4 2.2 Jess (Java Expert System Shell) 4 2.3 Ontology 5 2.4 Computer Security Incident Ontology 6 3. Research Structure 7 3.1 Construct Computer Security Incident Ontology 8 3.1.1 Define Attributes and Relationships 14 3.1.2 Create Facts and Concept Mapping 17 4. Jess Inference Engine and Rule-based Mechanism 19 4.1 Jess the Rule Engine for Java Platform 20 4.2 Integrate Jess with Protégé 21 4.3 Computer Security Incidents Rules 23 4.3.1 Introduce Network Security Rules 24 5. Validate the Computer Security for Incident Management 26 5.1 Mapping the IDS Data into Computer Security Ontology 26 5.2 Implement the Rule-Based Mechanism 27 6. Conclusions and Future Prospect 29 7. Reference 30 8. Appendix 38 Illustration Directory Fig 1.1 Research Framework 3 Fig 2.1 Inference Engine Structure[18] 5 Fig 3.1 Research Structure 8 Fig 3.2 Event Class Ontology 9 Fig 3.3 Classes of the Computer Security Ontology 10 Fig 3.4 Vulnerability ontology classes 11 Fig 3.5 The Security Incident Ontology Conceptual Model. 13 Fig 3.6 Protégé 3.3.1 Framework for Computer Security Incident Ontology 14 Fig 3.7 Event Concept Mapping 18 Fig 4. 1 Jess Facts 22 Fig 4.2 Jess Rules 23 Fig 4.3 Jess Functions 23 Fig 5.1 Network Security Incident Data 27 Fig 5.2 Security Incident Alert 27 Fig 5.3 Scan Detection 28 Tables Directory Table 3-1:Computer Security Ontology attributes 21 Table 4-1:Intrusion Detection Rules Classification 24 Table 4-2 Protocol Detection Rules 25 |
參考文獻 |
[1] Berners-Lee, T., Hendler, J. and Lassila, O., “The Semantic Web,” Scientific America, 2001. [2] Chandrasekaran et al., Chandrasekaran, J.R. Josephson and Benjamins, V. R., “Ontologies: What are they? Why do we need them?” IEEE Expert (Intelligent Systems and Their Applications), 14(1):20–26, 1999. [3] Davis, M., “Semantic Wave 2008 Report,” 2008. [4] Eriksson, H., “Using JessTab to Integrate Protégé and Jess,” IEEE Intelligent. [5] Eriksson, H., “JessTab Manual --- Integration of Protégé and Jess,” http://www.ida.liu.se/~her/JessTab, Linköping University, 2004. [6] Friedman-Hill, E., “Jess in Action:Rule-Based Systems in Java,” Manning Publications , 2003. [7] Friedman-Hill, E., “Jess, The Rule Engine for the Java Platform,” http://herzberg.ca.sandia.gov/jess/, Nov. 5, 2008. [8] Fenz, S. and Ekelhart, A., “Formalizing Information Security Knowledge,” ASIAN ACM Symposium on Information, Computer and Communications Security, session: Theory of security, pp.183-194, 2009. [9] Gruber, T. R., “Towards Principles for the Design of Ontologies Used for Knowledge Sharing,” International Journal of Human-Computer Studies, Vol. 43, No. 5-6, 1995, pp. 907-928. [10] Gruber, T. R., “A Translation Approach to Portable Ontology Specifications,” Knowledge Acquisition, pp.199-220, 1993. [11] Jones, A. and Sielken, R., “Computer System Intrusion Detection”, University of Virginia, 2000. [12] Laudon, K.C. and Laudon, J.P., “Management Information Systems,” Managing the Digital Firm, 7th ed, 2002. [13] Martimiano, L. and Moreira, E., “The Evaluation Process of a Computer Security Incident Ontology,” 2006. [14] Martimiano, L. and Moreira, E., “An OWL-based Security Incident Ontology,” 2005. [15] Martimiano, L., Moreira, E., Branda˜o, A., and Bernardes, M., “Ontologies for information security management and governance,” Information Management & Computer Security, Vol. 16, No. 2, 2008 pp. 150-165. [16] Noy, N. F. and McGuinness, D. L., “Ontology Development 101: A Guide to Creating Your First Ontology,” Stanford Knowledge Laboratory Technical Report KSL-01-05 and Stanford Medical Informatics Technical Report SMI-2001-0880 2001. [17] Noy, N. F., Sintek, M., Decker, S., Crubézy, M., Fergerson, R. W. and Musen, M.A., “Creating Semantic Web Contents with Protégé-2000,” IEEE Intelligent Systems, Vol. 16, Iss. 2, 2001, pp. 60-71. [18] Rehman, R.,“Intrusion Detection Systems with Snort,” Pearson Education, Inc,2003. [19] Shimeall, T., “Cert Research Annual Reeport,” CERT Software Engineering Institute Carnegie Mellon University, 2008. [20] Simmonds, A., Sandilands, P. and Ekert, L., “An Ontology for Network Security Attacks,” Faculty of IT, University of Technology Sydney, 2007. [21] Svarfone, K., Grance, T. and Masone, K., “Computer Security Incident Handling Guide,” National Institute of Standards and Technology of U.S. Department of Commerce, 2008. [22] Vorobiev, A., Bekmamedova, N., “An Ontological Approach Applied to Information Security and Trust,” 18th Australasian Conference on Information Systems, pp.865-874, 2007. [23] “The Protégé Project,” http://protege.stanford.edu [24] “SnortUsers Manual 2.2.3,” http://www.snort.org/docs/snort_htmanuals/htmanual_233/ [25] 黃志豪、民94,一個使用模組化方式來重建多步驟攻擊情境的方法,國立中央大學資訊管理研究所碩士論文 [26] 陳志達、江啟賓、民96,以語意網及使用者行為分析強化入侵偵測系統之研究,南台科技大學資訊管理研究所碩士論文 |
論文全文使用權限 |
如有問題,歡迎洽詢!
圖書館數位資訊組 (02)2621-5656 轉 2487 或 來信