Title page for etd-0231117-135151


[Back to Results | New Search]

URN etd-0231117-135151
Author Ya-Hui Ou
Author's Email Address No Public.
Statistics This thesis had been viewed 5379 times. Download 0 times.
Department Information Management
Year 2016
Semester 2
Degree Ph.D.
Type of Document
Language zh-TW.Big5 Chinese
Title Detecting Targeted Attacks by Risk Evaluation
Date of Defense 2016-07-18
Page Count 63
Keyword
  • targeted attack
  • feature reduce
  • rough set theory
  • intrusion detection system
  • Abstract More recently, the problems of targeted attack have been the major subject of study in the fields of network attack research due to the increase of network usage. In the past few years, study in network attacks analysis has shifted its focus from random attack to targeted attack, such as DDoS, APT, and Ransomware. The features of targeted attack are probing the vulnerable hosts of targeted enterprises for a long-term period, entice someone by several methods such as social network, malicious websites, C&C then execute attack behaviors such as intrusion of important system by malware to paralyze the service or steal secret data.
    Computers are becoming a part of our everyday life, thus the internet data are becoming larger day by day, which makes administering such gigantic data a challenging task. It is becoming more difficult to analyze the malicious behaviors in a long-term period. Accordingly, this study associated multiple data source to assemble gigantic log data before filtering malicious features to recognize the behavior module when hackers attack the vulnerable systems. First by extracting the correct feature sets by two-stage feature reduction. The first stage, rough set theory is utilized to extract the critical characteristics to find out the feature sets of targeted attacks. The second stage, the chi-square test is employed to confirm the applicable to judge the targeted attack. Then, risk values of each stage are calculated to early alert the administrator to estimate the hazardous IP address. The experiment shows that two-stage feature reduction improves the effect of filtering to enhance the detection rate. By accurately measuring risk for enterprise networks, our system allows network defenders to discover the most critical threats and select the most effective countermeasure.
    Advisory Committee
  • D. J. Guan - chair
  • Chu-Sing Yang - co-chair
  • Gu-Hsin Lai - co-chair
  • Bo-Chao Cheng - co-chair
  • Chia-Mei Chen - advisor
  • Files
  • etd-0231117-135151.pdf
  • Indicate in-campus at 5 year and off-campus access at 5 year.
    Date of Submission 2017-04-05

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys