English  |  正體中文  |  简体中文  |  Items with full text/Total items : 25831/26425 (98%)
Visitors : 8048189      Online Users : 523
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ksu.edu.tw/handle/987654321/25151


    Title: BigSA:應用巨量資料分析技術至資安分析之設計與開發
    其他題名: BigSA:Design and development of an information security analysis platform on big data analytics
    Authors: 王英傑
    Wang, Ying-Jie
    指導教授: 周志學;曾龍
    Jhih-Syue Jhou;Lung Tseng
    Keywords: 巨量資料;資安分析;資訊安全;分散式系統
    Big Data;Security Analytics;Information Security;Distributed system
    Date: 2015
    Issue Date: 2016-03-23 15:18:08 (UTC+8)
    Abstract: 在邁向高速網路紀元,對於骨幹100G/區域10G的網路所湧出的巨量資料(Big Data),不僅資料量達PB等級且有許多非結構化資料,其高速網路時代的資安事件,如近年400Gbps的DDOS攻擊其龐大訊息也造成資安分析的重大挑戰。在高速骨幹網路上進行流量偵測及資安分析是一個新興挑戰性課題,不論是資料量或資料類型已無法透過既有技術完善處理偵測,需要藉由新興科技如雲端運算與其它IT技術來加以解決。本論文提出利用巨量資料分析技術進行高速網路下巨量資料資安分析平台之研發,本文提出的架構具備巨量資料儲存、可動態擴充、高效率分散式運算等特點,可用來處理高速網路的流量分析與監控等應用。本平台整合架構涵蓋第三方相關開放原始碼套件Logstash,Elasticsearch及Redis NoSQL資料庫技術,在透過Logstash採集資料源並將各種不同結構資料經篩選後轉化為結構資料,並借助Elasticsearch快速搜尋資料及自動索引功能達到即時之效果,Redis則是以RAM為儲存媒介的資料庫,並且以key-value為儲存型態,透過In-memory架構快速且穩定儲存資料,本文並整合Kibana進行資料視覺化的呈現。本文所研發的系統已布署至台灣學術網路TANet的MiniSoc系統環境內,初步的資料顯示其對於邁向骨幹100G/區域10G的台灣學術網路之資安分析有著莫大助益,透過偵測系統所產生的龐大警報所呈現的資安分析都顯示本平台適合提供給大型企業及政府環境進行高速網路環境下的資安分析。
    The threat of the endless information security incidents continuously expand due to the development of internet. All kinds of information security incidents ranging from Openssl heartbleed to Bash Shellshock seriously impact the computer operations of the enterprises and governments. Under the circumstances of big data times incurred by the popularity of internet, this paper proposes the BigSA massive analysis of information security framework by integrating various massive data analysis technologies to meet the requirement for the high speed network. The proposed BigSA framework is implemented by integrating several related open sources of information security, such as logstach, Elasticsearch and Redis NoSQL database technologies. A prototype has been deployed in TANet, Taiwan Academic Network. For TANet with the orientation of 100Gbps backbone and 10Gbps regional network, the preliminary data shows an enormous improvement in the information security analysis. Both of the alarm resulting from the detection system and the information from Netflow indicate that the BigSA framework meet the requirements of the information security analysis in high speed network, regardless of huge enterprises and governments. The ‎robustness and flexibility are also discussed in the end of this paper.
    Appears in Collections:[資訊工程系所] 博碩士論文

    Files in This Item:

    File SizeFormat
    103KSUT0115012-001.pdf5311KbAdobe PDF93View/Open


    All items in KSUIR are protected by copyright, with all rights reserved.


    本網站之所有圖文內容授權為崑山科技大學圖書資訊館所有,請勿任意轉載或擷取使用。
    ©Kun Shan University Library and Information Center
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback