本研究希望能夠針對目前繁瑣的人工流程發展一套電腦自動化系統，可以自動的搜尋出發動攻擊電腦的負責單位聯絡方式；以及將相關資料存入資料庫，使用資料庫查詢的功能來查詢同一個攻擊源的IP位址，是否在一段時間內同時也去攻擊了其他國家的電腦主機﹔以及紀錄尋找錯誤的IP攻擊源，加快入侵事件處理的速度。本篇論文最主要的貢獻在於：
A. 降低人力資源以及時間成本
使用本研究所建議的自動化入侵事件處理系統，可以減低員工處理入侵事件的工作量，以及幫助員工更有效率的處理入侵事件。
B. 有效率的使用入侵事件資料
本研究將入侵事件的電子郵件資料轉換存放到資料庫當中，方便使用者可以進行各式各樣的資料查詢。
C. 加快反應時間
入侵事件的處理需要耗費龐大的工作量，使用自動化的入侵事件處理系統來處理入侵事件，可以增加組織的反應時間。

This thesis focuses develops an automatic incident report system which provides Whois search function, incident report handlers can proceed to Whois search without any other tools and time-consuming training. The incident report system transforms the incident report e-mail into database. The TWCERT/CC staffs can immediately analyze incident report data, and attack tendency. This thesis brings following contributions:
A. Reduce human and time resources
Organization uses the incident report system developed by this thesis can save the workload of staffs and help staffs efficiently handle incident reports.
B. Effective make use of incident report information
This research transforms e-mail message into database, uses database is more effective to calculate variety of statistic values.
C. Speed up reaction time
Processing the incident reports requires heavy human workload. Using automatic incident report system timely cope with incident report, can make organization speed up reaction time.

Abstract I
中文摘要 II
Chapter 1 1
Introduction 1
1.1 Background 1
1.2 Research Motivation and Objective 3
1.3 Research Process and Tasks 4
1.4 Research architecture 5
Chapter 2 7
Literature review 7
2.1 Computer Incident Response Team 7
2.2 Building an Incident Response Program 10
Chapter 3 16
Incident report system architecture 16
3.1 Background: security incident administrators search procedure 16
3.2 system architecture 20
3.3 System develop tools 26
Chapter 4 29
System prototype 29
4.1 Mail management function 29
4.2 Incident management function 32
4.3 Whois search function 33
4.4 Template set up function 34
4.5 Organization management function 37
Chapter 5 38
System testing 38
5.1 overseas incident report parse function 38
5.2 Whois search function 41
5.3 System evaluate 42
Chapter 6 45
Conclusions and Future work 45
6.1 The results of the research 45
6.2 The contribution to the research 45
6.3 The recommends of future direction 46
References 47

[Borodkin,2001] Michelle borodkin, “Computer Incident Response Team”, published at http://www.sans.org/ on Internet.
[West-Brown & Kossakowski, 1999] Moira West-Brown and Klaus-Peter Kossakowski, “International Infrastructure for Global Security Incident Response”, and published at http://www.cert.org on the Internet.
[Neel & DeQuendre, 2000] Neely, DeQuendre, “You’ve Been Hacked, Now What?”, and published at http://www.securitymanagement.com/library/000797.html on the Internet.
[Miora, 1998] Miora and Michael and Cobb and Stephen, “Springing Into Action”, and published at http://www.infosecuritymag.com/articles/1998/mayspringing.shtml on the Internet.
[Ono & Robert, 2000] Ono and Robert, “Computer Incident Response Teams”, and published at http://www.caworld.com/proceedings/2000/security_mgmt/ya014pn/ on the Internet.
[DOT H 1350.255] U.S. DEPARTMENT OF TRANSPORTATION OFFICE OF THE SECRETARY, ”DEPARTMENTAL GUIDE TO INCIDENT HANDLING PLANNING”, DOT H 1350.255.
[Northcutt & Stephen, 1998] Northcutt and Stephen, “Computer Security Incident Handling Step By Step”, published at http://www.sans.org on the Internet.
[CERT, 2001] CERT Coordination Center Organization, “Preparing for and responding to security incidents”, published at http://www.cert.org/present/cert-overview-trends/tsld223.htm on the Internet.
[Amoroso & Edward, 1999.2000] Amoroso and Edward, “Intrusion Detection”, Sparta: Intrusion.Net Books, 1999.2000.
[Ford, 2001] Paul Mason Ford, “Incident Reporting & Automation”, March 9 2001, published at http://www.sans.org on the Internet.
[ABH96] Derek Atkins, Paul Buis, Chris Hare, Robert Kelley, Carey Nachenberg, Anthony B. Nelson, Paul Phillips, Tim Ritchey, and William Steen, Internet Security Professional Reference, New Riders Publishing, IN, 1996.
[Amo94] Edward G. Amoroso, Fundamentals of Computer Security Technology, Prentice-Hall PTR, Upper Saddle River, NJ, 1994.
[Bel89] Steve Bellovin, "Security Problems in the TCP/IP Protocol Suite," Computer Communications Review, vol. 19, no. 2, April, 1989, pp. 32-48.
[Cer93] Vinton G. Cerf, "Core Protocols," in Internet System Handbook, Daniel C. Lynch, and Marshall T. Rose, editors, Addison-Wesley Publishing Company, Inc., Greenwich, CT, 1993, pp. 79-155.
[CER92] Computer Emergency Response Team Coordination Center, brochure available from the CERTR/CC, Carnegie Mellon University, Pittsburgh, PA, 1992.
[CER96] The CERTR Coordination Center FAQ, available on the World Wide Web at www.cert.org, November, 1996.
[ChB94] William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley Publishing Company, Reading, MA, 1994.
[Coh95] Frederick B. Cohen, Protection and Security on the Information Superhighway, John Wiley & Sons, New York, 1995.
[Dan94] Danny Smith, Forming an Incident Response Team, Ausltralian Computer Emergency Response Team, 1994.
[DSB96] Defense Science Board, Report of the Defense Science Board Task Force On Information Warfare - Defense (IW-D), Office of the Under Secretary of Defense for Acquisition and Technology, Washington, DC, November, 1996.
[FIR96] Forum of Incident Response Teams, FIRST Team Contact Information, available on the World Wide Web at www.first.org, November, 1996.
[Fri78] Milton and Rose Friedman, Free to Choose: A Personal Statement, Harcourt Brace Jovanovich, New York, 1978.
[GAO96] . . . . . . . ., Information Security: Computer Attacks at Department of Defense Pose Increasing Risks, GAO/AIMD-96-84, Government Accounting Office, Washington, DC, May, 1996.
[GaS96] Simson Garfinkel and Gene Spafford, Practical UNIX and Internet Security: Second Edition, O'Reilly & Associates, Inc., 1996.
[Gil92] Daniel Gilly, Unix in a Nutshell, System V Edition, O'Reilly and Associates, Inc., Sebastopol, CA, 1992.
[Gra96] Matthew Gray, Web Growth Summary, published by the Massachusetts Institute of Technology and available at http://www.mit.edu:8001/people/mkgray/net on the Internet, June, 1996.
[Gue93] Gary L. Guertner, editor, Introduction to The Search for Strategy: Politics and Strategic Vision, Greenwood Press, Westport, CT, 1993.
[HoR91] P. Holbrook, and J. Reynolds, editors, Site Security Handbook, RFC 1244, available on the Internet from the Internet Engineering Task Force (IETF), and at numerous other sites.
[Howard97] Superhighway, Thunder's Mouth Press, New York, NY, 1994.A dissertation submitted to the graduate school in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Engineering and Public Policy by John D. Howard Pittsburgh, Pennsylvania 15213 USA April 7, 1997
[Hug95] Larry J. Hughes, Jr., Actually Useful Internet Security Techniques, New Riders Publishing, Indianapolis, IN, 1995.
[ISV95] David Icove, Karl Seger and William VonStorch, Computer Crime: A Crimefighter's Handbook, O'Reilly & Associates, Inc., Sebastopol, CA, 1995.
[Kum95] Sandeep Kumar, Classification and Detection of Computer Intrusions, Ph.D. Dissertation, Computer Sciences Department, Purdue University, Lafayette, IN, August, 1995.
[LaL96] Kurt F. Lauckner and Mildred D. Lintner, Computers Inside and Out, Fifth Edition, Pippin Publishing Ltd., Ann Arbor, MI, 1996.
[Lan81] Carl E. Landwehr, "Formal Models for Computer Security," Computing Surveys, Vol. 13, No. 3, September, 1981, pp. 247-278.
[LBM94] Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi, "A Taxonomy of Computer Security Flaws," ACM Computing Surveys, Vol. 26, No. 3, September, 1994, pp. 211-254.
[Lot92] Mark Lottor, Internet Growth (1981-1991), Request for Comments 1296, SRI International, Network Information Systems Center, January, 1992. Available on the Internet at http://www.nw.com/zone/rfc1296.txt.
[Lot96] Mark Lottor, Internet Domain Survey, July, 1996, produced by Network Wizards and published at http://www.nw.com/zone/WWW on the Internet.
[Lyn93] Daniel C. Lynch, "Historical Evolution," in Internet System Handbook, Daniel C. Lynch, and Marshall T. Rose, editors, Addison-Wesley Publishing Company, Inc., Greenwich, CT, 1993, pp. 3-14.
[LyR93] Daniel C. Lynch, and Marshall T. Rose, editors, Internet System Handbook, Addison-Wesley Publishing Company, Inc., Greenwich, CT, 1993.
[Mar91] John Markhoff, Dutch Computer Intruders Tap U.S. Files With Impunity," New York Times, April 21, 1991, p.A-1.
[McB96] Campbell R. McConnell, and Stanley L. Brue, Economics: Principles, Problems, and Policies, 13th Edition, McGraw-Hill, Inc., New York, 1996
[McK82] McKelvey, Bill, Organization Systematics: Taxonomy, Evolution, Classification, University of California Press, Berkeley, CA, 1982.
[Mer95] …….., NSFNET Statistics, produced by Merit Network Information Center Services, October 29, 1995, and published at http://nic.merit.edu/nsfnet/statistics on the Internet.
[Moc93] Paul V. Mockapetris, "Directory Services," in Internet System Handbook, Daniel C. Lynch, and Marshall T. Rose, editors, Addison-Wesley Publishing Company, Inc., Greenwich, CT, 1993, pp. 469-491.
[NC00] Network Computing, Novermber 27, 2000, page 64
[NYCa] Fire Department, City of New York, Facts About the FDNY, World Wide Web Site, http://www.ci.nyc.ny.us/html/fdny/html/facts.html, April, 1997.
[NYCb] Department of Buildings, New York City, Home Page, World Wide Web Site, http://www.ci.nyc.ny.us/html/dob/html/dobabout.html, April, 1997.
[NeP89] Peter Neumann and Donald Parker, "A Summary of Computer Misuse Techniques," Proceedings of the 12th National Computer Security Conference, 1989.
[Par90] Donald B. Parker, "The Trojan Horse Virus and Other Crimoids," in Computers Under Attack: Intruders, Worms, and Viruses, Peter J. Denning, editor, ACM Press, New York, NY, 1990, pp. 544-554.
[Per93] Radia Perlman, "Routing Protocols," in Internet System Handbook, Daniel C. Lynch, and Marshall T. Rose, editors, Addison-Wesley Publishing Company, Inc., Greenwich, CT, 1993, p. 180.
[PeW84] T. Perry and P. Wallich, "Can Computer Crime Be Stopped?," IEEE Spectrum, Vol. 21, No. 5.
[Pik97] Frank Pikelner, Hard Drive Specs, World Wide Web Site, http://www.ariel.cs.yorku.ca/ ~frank/hd-specs.html, April, 1997.
[RuG91] Deborah Russell and G. T. Gangemi, Sr., Computer Security Basics, O'Reilly & Associates, Inc., Sebastopol, CA, 1991.
[Sch94] Winn Schwartau, Information Warfare: Chaos on the Electronic Superhighway, Thunder's Mouth Press, New York, NY, 1994.
[SHF90] Eugene H. Spafford, Kathleen A. Heaphy, and David J. Ferbrache, "A Computer Virus Primer," in Computers Under Attack: Intruders, Worms, and Viruses, Peter J. Denning, editor, ACM Press, New York, NY, 1990, pp. 316-355.
[ShM96] Tsutomu Shimomura and John Markoff, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It, Hyperion, New York, NY, 1996.
[Sob95] Mark G. Sobell, A Practical Guide to the UNIX System, The Benjamin Cummings Publishing Company, Inc., Redwood City, CA, 1995.
[Sta91] "Dutch Hackers Hit Stanford," Stanford Daily, April 24, 1991.
[Sta95] William Stallings, Network and Internetwork Security Principles and Practice, Prentice Hall, Englewood Cliffs, NJ, 1995.
[StZ78] Edith Stokey and Richard Zeckhauser, A Primer for Policy Analysis, W. W. Norton & Company, Inc., New York, NY, 1978.
[Tan92] Andrew S. Tanenbaum, Modern Operating Systems, Prentice Hall, Englewood Cliffs, NJ, 1992.
[Til96] Ed Tiley, Personal Computer Security, IDG Books Worldwide, Inc., Foster City, CA, 1996.
[TsM96] Tsutomo Shimomura and John Markoff, Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw - By the Man Who Did It, Hyperion, New York, NY, 1996.
[USB96] U.S. Bureau of the Census, Statistical Abstract of the United States: 1996 (116th Edition), Washington, DC, 1996.
[WhK96] Richard White and Greg Kincaid, Information Warfare: An Overview of AFIWC Operations, version 2.3, briefing at the USAF Academy, CO, February, 1996.
[Ws01] "What is Snort." http://www.snort.org/what_is_snort.htm (2 Apr. 2001)
[Ap01] " Policies for IPv4 address space management in the Asia Pacific region " http://www.apnic.net/docs/policy/add-manage-policy.html#part1 (17 December 2001)