Responsive image
博碩士論文 etd-0231117-135151 詳細資訊
Title page for etd-0231117-135151
Detecting Targeted Attacks by Risk Evaluation
Year, semester
Number of pages
Advisory Committee
Date of Exam
Date of Submission
targeted attack, feature reduce, rough set theory, intrusion detection system
本論文已被瀏覽 5869 次,被下載 53
The thesis/dissertation has been browsed 5869 times, has been downloaded 53 times.
More recently, the problems of targeted attack have been the major subject of study in the fields of network attack research due to the increase of network usage. In the past few years, study in network attacks analysis has shifted its focus from random attack to targeted attack, such as DDoS, APT, and Ransomware. The features of targeted attack are probing the vulnerable hosts of targeted enterprises for a long-term period, entice someone by several methods such as social network, malicious websites, C&C then execute attack behaviors such as intrusion of important system by malware to paralyze the service or steal secret data.
Computers are becoming a part of our everyday life, thus the internet data are becoming larger day by day, which makes administering such gigantic data a challenging task. It is becoming more difficult to analyze the malicious behaviors in a long-term period. Accordingly, this study associated multiple data source to assemble gigantic log data before filtering malicious features to recognize the behavior module when hackers attack the vulnerable systems. First by extracting the correct feature sets by two-stage feature reduction. The first stage, rough set theory is utilized to extract the critical characteristics to find out the feature sets of targeted attacks. The second stage, the chi-square test is employed to confirm the applicable to judge the targeted attack. Then, risk values of each stage are calculated to early alert the administrator to estimate the hazardous IP address. The experiment shows that two-stage feature reduction improves the effect of filtering to enhance the detection rate. By accurately measuring risk for enterprise networks, our system allows network defenders to discover the most critical threats and select the most effective countermeasure.
目次 Table of Contents
目 錄
中文摘要 ii
Abstract iii
第一章 緒論 1
1.1 研究動機 2
1.2 研究目的 3
第二章 相關文獻 5
2.1 目標式攻擊 5
2.2 約略集合理論 8
2.3 卡方檢定 11
2.4 風險評估 11
2.5. 屬性折減 12
第三章 研究方法 13
3.1擷取特徵 14
3.2 驗證特徵集合 16
3.3 風險值計算 19
3.4總風險值 23
第四章 實驗與結果 25
4.1 Experiment 1: 約略集合理論 25
4.1.1 實驗結果分析 26
1.2 Experiment 2:卡方檢定 27
4.2.1. 實驗結果分析 31
1.3 Experiment 3: 利用風險值計算作為可疑名單的基礎 31
4.3.1 Experiment 3A: 單一特徵集合偵測率 31
4.3.2 Experiment 3B: 特徵集合組合後的偵測率 36
4.3.3 Experiment 3C: Test data 偵測率 40
4.4 Experiment4: 驗證新攻擊 45
4.5 對照SVM分類器的比較 46
第五章 結論 50
參考文獻 51
參考文獻 References
[1] DIGITIMES, ”目標式攻擊日增 網路安全風險加大”, Retrieved from:, 2015.
[2] TREND LABS, “《APT 攻擊》南韓爆發史上最大駭客攻擊 企業及個人用戶電腦皆停擺”, TREND Micro, Retrieved from:, 2015.
[3] J. Scott, and D. Spaniel, “2016 Will be the Year Ransomware Holds America Hostage”, The ICIT Ransomware Report, 2016. Retrieved from:, 2016.
[4] TREND LABS, “Understand and combat advanced persistent threats and targeted attacks”, TREND Micro, Retrieved from:, 2016.
[5] TREND LABS, “ Lateral movement: How Do Threat Actors Move Deeper into Your Network?”, TREND Micro, Retrieved from: , 2013.
[6] Fireeye, “Fireeye Reveals Rise in Advanced Threat Activities By Iranian-Linked Ajax Security Team in Post Stuxnet Era”, Fireeye 2014 Press Releases, 2014.
[7] C. M. Chen, H. W. Hsiao, P. Y. Yang, and Y. H. Ou, “Defending malicious attacks in Cyber Physical Systems”, Cyber-Physical Systems, Networks, and Applications (CPSNA), 2013 IEEE 1st International Conference, pp. 13-18, 2013.
[8] M. Sato, A. Sugimoto, N. Hayashi, Y. Isobe, and R. Sasaki,, “Proposal of a Method for Identifying the Infection Route for Targeted Attacks Based on Malware Behavior in a Network”, 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic, pp.40-45, 2015.
[9] A. Lai, B. Wu and M. C. Chiu. “Apt Secrets in Asia “,2011HITCON: Apt Secrets in Asia, 2011 Hacks in Taiwan Conference. Retrieved from:, 2011.
[10] Y. F. Huang, “M-Trends 2016”, Taiwan InfoSec Conference 2016, Retrieved from:, 2016.
[11] A. Botta, W. Donato, V. Persico, and A. Pescapé, “Integration of Cloud computing and Internet of Things: A survey”, International Journal of Future Generation Computer Systems, vol.56, pp.684-700, 2016.
[12] 盧沛樺,“你有用銀行APP嗎? 過半銀行APP有資安漏洞”, 天下雜誌,Retrieved from:, 2016.
[13] H. Holm, W. R. Flores, M. Nohlberg, and M. Ekstedt, “An Empirical Investigation of the Effect of Target-Related Information in Phishing Attacks” Published in: 2014 IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations, pp. 357-363, 2014.
[14] A. K. Sood, and R. J. Enbody, “Targeted cyber attacks: A superset of advanced persistent threats”. IEEE Security & Privacy Magazine 99, pp.54-61, 2012.
[15] C.Wu, “認識進階持續性滲透攻擊”, Retrieved from:, 2015.
[16] Z. Pawlak “Rough Set”, International Journal of Computer and Information Sciences, Vol. 11, No. 5, pp.341-356, 1982.
[17] 溫坤禮、永井正武、張廷政、溫惠筑, “粗糙集入門與應用”,五南出版社, 2008.
[18] T. F. Fan, D. R. Liu, and G. H. Tzeng, “Rough Set-based Logics for Multicriteria decision analysis”, European Journal of Operational Research, Vol. 182, no.1, pp.340-355, 2007.
[19] A. K. A. Salam, and A. V. Deorankar, “Assessment on Brain Tumor Detection using Rough Set Theory”, International Journal of Advance Research in Computer Science and Management Studies, Vol. 3(1), pp.240-244, 2015.
[20] G. H. Lai, C. W. Chou, C. M. Chen and Y. H. Ou, “Anti-Spam Filter Based on Data Mining and Statistical Test”, Studies in Computational Intelligence_Computer and Information Science 2009, Vol. 208, pp. 179-192, 2009.
[21] S. Thaseen, and C. A. Kumar, “Intrusion Detection Model Using Fusion of Chi-Square 4 Feature Selection and Multi Class SVM”, Journal of King Saud University - Computer and Information Sciences, 2016.
[22] Y. Li, X. B. Liu, and J. Yu, “A Bayesian Chi-squared Test for Hypothesis Testing”, Journal of Econometrics, Vol.189, pp.54-69, 2015.
[23] L. D. Prochazkova, and M. Hromada, “The Security Risks Associated with Attacks on Soft Targets of State”, Published in: Military Technologies (ICMT), 2015 International Conference on, pp.1-4, 2015.
[24] X. Kong, X. Liu, R. Shi, and K. Y. Lee, “Wind Speed Prediction Using Reduced Support Vector Machines With Feature Selection” Neurocomputing, Vol. 169, pp.449-456, 2015.
[25] N. Wang, S. Wang, and Q. Jia, “The Method to Reduce Identification Feature of Different Voltage Sag Disturbance Source Based on Principal Component Analysis” Published in: Transportation Electrification Asia-Pacific (ITEC Asia-Pacific), 2014 IEEE Conference, pp.1-6, 2014.
[26] TREND LABS 趨勢科技全球技術支援與研發中心,” APT 攻擊有何變化?政府機關依然是APT 攻擊最愛,台灣列入熱門目標”, Retrieved from:
[27] M. Rouse, “Watering Hole Attack”, TechTarget, Retrieved from:,2015.
[28] J. Gardiner, M. Cova, and S. Nagaraja, “Command & Control: Understanding, Denying and Detecting”, Centre for the Protection of National Infrastructure, 2014.
電子全文 Fulltext
論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available

紙本論文 Printed copies
開放時間 available 已公開 available

QR Code