論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus:開放下載的時間 available 2025-09-29
校外 Off-campus:開放下載的時間 available 2025-09-29
論文名稱 Title |
虛擬化物聯網誘捕系統之研究 A Study of Virtualization for IoT Honeypot |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
67 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2020-09-04 |
繳交日期 Date of Submission |
2020-09-29 |
關鍵字 Keywords |
ELK Stack、物聯網、誘捕系統、虛擬化 Honeypot, Virtualization, ELK Stack, Internet of Things |
||
統計 Statistics |
本論文已被瀏覽 459 次,被下載 0 次 The thesis/dissertation has been browsed 459 times, has been downloaded 0 times. |
中文摘要 |
資訊與網路技術發展迅速,物聯網趨勢將產生更多智慧化應用商機的崛起, 從日常家庭個人到工業自動化,以及城建交通到軍事防恐等。預計 2020 年市面上 將有 500 億物聯網設備連接到網際網路,根據調查研究,目前仍有 70%物聯網設 備存在著安全性問題。開放一個服務通訊埠就是一個入侵通道,而最容易遭受攻 擊的服務通訊埠以 Telnet 居冠,在日益嚴重的危害下,需要積極收集更多攻擊資 訊。 誘捕系統可以欺騙駭客試圖獲得未經授權的系統訪問權限,並研究駭客們與 弱系統之間的互動,有助於了解目前最新攻擊策略。為了服務簡易性以及維護方 便性,大多數的雲端服務平台使用虛擬化技術作為服務架構基礎。強大的日誌分 析平台來專門收集和處理不同資料來源的資料,並提供一組資料分析的工具。 因此,本研究運用這些開放原始碼軟體建置一套高互動型誘捕系統,它可針 對目前正在運作的服務通訊埠做監測,利用設置的誘捕系統所擷取到的資料,以 分析來自駭客的相關資訊。 實驗環境歷經 2 個月的運作,總共收集約 146,440 筆 session 活動紀錄、126 個來源國家、73 組登入嘗試帳號、284 組登入嘗試密碼,以及 2,655 筆指令操作紀 錄。分析系統利用 Cowrie 收集的活動紀錄資料,經過資料清洗,Logstash 對資料 類別進行過濾及分類,依不同的分類輸出至 Elasticsearch 資料庫,最後由 Kibana 設定資料搜尋條件及呈現圖表樣式,以協助資訊安全人員、網路管理者等資料收 集的負擔及分析惡意程式或惡意指令參考之依據。 |
Abstract |
Because the development of information technology and network technology advanced very quickly in recent years, the IoT development will generate more intelligent application and business opportunities, e.g. family life, industrial automation, transportation and military. It is estimated that the world will see 50 billion IoT devices by 2020 to connect Internet. A recent study showed that 70 percent of IoT devices contain serious security problems. When you enable a service port, it means you enable an intrusion channel. And the most vulnerable service port is Telnet service. More and more the IoT security issues, it needs to collect more attack information actively. A honeypot can deceive attackers trying to gain unauthorized access to a system. And studying their interactions with vulnerable networks helps better understand their tactics. For the simple service and effective maintenance, most of the cloud service platforms usually adopt virtualization technology to construct the infrastructure of the platforms. A powerful log analysis platform that collects and processes data from multiple data sources, and that provides a set of tools to analyze the data. Therefore, in this paper is totally based on open source software to deploy the high-interaction honeypots environment, it can monitor the service port number currently for running, and try to collect data by the honeypots, then analyze more information motivation from attackers. iv After 2 months of operation, we collected a total of about 146,440 session activity records, 126 source countries, 73 user accounts, 284 user passwords, and 2,655 command operation records. The analysis system using the Cowrie to get data, and reads the cleaned data via Logstash. Combine Logstash to filter the data category. Export to the Elasticsearch database and index it. Finally, Kibana shows the results of the analysis. It could help engineers to burden of data collect and easy to analysis data of malicious programs or malicious commands. |
目次 Table of Contents |
論 文 審 定 書........................................................................................................i 誌 謝 ...............................................................................................................................ii 摘 要 ............................................................................................................................. iii Abstract ............................................................................................................................iv 目 錄..............................................................................................................................vi 圖 目 錄 ................................................................................................................... viii 表 目 錄 ....................................................................................................................... x 第一章 緒論.....................................................................................................................1 第一節 研究背景與動機 .............................................................................................1 第二節 研究目的與貢獻 .............................................................................................5 第三節 論文架構 .........................................................................................................6 第二章 文獻探討.............................................................................................................7 第一節 VIRTUALIZATION..............................................................................................7 第二節 ELK STACK....................................................................................................10 第三節 HONEYPOT......................................................................................................12 第三章 研究方法...........................................................................................................16 第一節 系統規劃設計 ...............................................................................................16 第二節 系統架構 .......................................................................................................17 第三節 系統環境建置 ...............................................................................................19 第四章 系統評估...........................................................................................................28 第一節 KIBANA 操作畫面..........................................................................................28 第二節 誘捕系統活動紀錄 .......................................................................................30 第三節 誘捕系統內操作紀錄 ...................................................................................34 第四節 查詢攻擊來源 ...............................................................................................38 第五節 解釋一現象 ...................................................................................................39 第五章 結論與未來方向...............................................................................................43 參考文獻 ......................................................................................................................... 45 附錄 ................................................................................................................................. 48 A. 本研究實驗環境安裝套件執行檔 ..................................................................... 48 vi B. 配置 NTP ............................................................................................................ 50 C. 配置 LOGSTASH...................................................................................................51 D. 配置 COWRIE ....................................................................................................... 52 E. 誘捕虛擬機器範本安裝套件執行檔 ................................................................. 53 F. 誘捕虛擬機器範本設計之系統權限.................................................................55 G. 誘捕虛擬機器範本設計之指令限制表 ............................................................. 55 |
參考文獻 References |
1. Cisco, S.J. Fog Computing and the Internet of Things: Extend the Cloud to Where the Things Are. White Paper (2015) [cited 2019 09/10]; Available from: https://www.cisco.com/c/dam/en_us/solutions/trends/iot/docs/computing-overvi ew.pdf. 2. Enterprise, H.P. HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack. (2014) [cited 2019 09/20]; Available from: https://www8.hp.com/us/en/hp-news/press-release.html?id=1744676. 3. Wikipedia. Password strength. ([2019]) [cited 2019 09/27]; Available from: https://en.wikipedia.org/wiki/Password_strength. 4. Symantec. Linux Worm Targeting Hidden Devices (2013) [cited 2019 09/28]; Available from: https://community.broadcom.com/symantecenterprise/communities/community- home/librarydocuments/viewdocument?DocumentKey=6cc8a697-5c01-45ba-ad 5c-599eee0a4678&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&t ab=librarydocuments. 5. NASA, Cybersecurity Management and Oversight at the Jet Propulsion Laboratory: IG-19-022. 2019. 6. Talos. New VPNFilter malware targets at least 500K networking devices worldwide. (2018) [cited 2019 10/05]; Available from: https://blog.talosintelligence.com/2018/05/VPNFilter.html. 7. Labs, M., McAfee Labs Threats Report. 2019. 8. Angrishi, K., Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets. 2017. 9. Kolias, C., A. Stavrou, and J. Voas, Securely Making "Things" Right. 2015. 10. F-Secure, ATTACK LANDSCAPE H1 2019. 2019. 11. Wikipedia. Hypervisor. (2019) [cited 2019 10/07]; Available from: https://en.wikipedia.org/wiki/Hypervisor. 12. KVM. (2019) [cited 2019 10/11]; Available from: https://www.linux-kvm.org/page/Main_Page. 13. Nanda, S. and T.-c. Chiueh, A Survey on Virtualization Technologies. 2005. 14. Kusnetzky, D., Virtualization: A Manager’s Guide. 2011: O’Reilly. 15. Wikipedia. QEMU. (2019) [cited 2019 10/15]; Available from: https://en.wikipedia.org/wiki/QEMU. 16. Wikipedia. Libvirt. (2019) [cited 2019 10/15]; Available from: https://wiki.libvirt.org/page/Main_Page. 45 17. website, L.o. The libvirt API concepts. (2019) [cited 2019 10/20]; Available from: https://libvirt.org/api.html. 18. Elastic. ELK Stack. (2019) [cited 2019 10/29]; Available from: https://www.elastic.co/. 19. Gormley, C. and Z. Tong, Elasticsearch: The Definitive Guide: A Distributed Real-Time Search and Analytics Engine. 2015: O'Reilly Media. 20. Wikipedia. Representational state transfer. (2019) [cited 2019 11/02]; Available from: https://en.wikipedia.org/wiki/Representational_state_transfer. 21. Wikipedia. JSON. (2019) [cited 2019 11/10]; Available from: https://en.wikipedia.org/wiki/JSON. 22. Lahmadi, A. and F. Beck, Powering Monitoring Analytics with ELK stack. 2015. 23. Kononenko, O., et al., Mining modern repositories with elasticsearch. 2014: p. 328–331. 24. Reelsen, A., Using elasticsearch, logstash and kibana to create realtime dashboards. 2014. 25. Xu, X., et al., Detecting cloud provisioning errors using an annotated process model. 2013. 26. Elastic. Kibana: explore, visualize, discover data. (2019) [cited 2019 11/20]; Available from: https://www.elastic.co/kibana. 27. Spitzner, L., Honeypots: Tracking Hackers. 2002: Addison Wesley. 28. Wikipedia. Snort (software). (2019) [cited 2019 12/02]; Available from: https://en.wikipedia.org/wiki/Snort_(software). 29. Spitzner, L. The Value of Honeypots, Part One: Definitions and Values of Honeypots. (2001) [cited 2019 12/13]; Available from: http://www.symantec.com/connect/articles/value-honeypots-part-one-definitions -and-values-honeypots. 30. Mokube, I. and M. Adams, Honeypots: Concepts, Approaches, and Challenges. 2007. 31. Mairh, A., et al., Honeypot in Network Security: A Survey. 2011. 32. Oosterhof, M. GitHub Cowrie. (2018) [cited 2019 12/23]; Available from: https://github.com/cowrie/cowrie. 33. McCaughey and R. J, Deception Using an SSH Honeypot. 2017. 34. Oosterhof, M. Cowrie’s documentation. (2018) [cited 2020 01/10]; Available from: https://cowrie.readthedocs.io/en/latest/. 35. Genshen. GitHub ssh-web-console. (2018) [cited 2020 01/27]; Available from: https://github.com/genshen/ssh-web-console. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:自定論文開放時間 user define 開放時間 Available: 校內 Campus:開放下載的時間 available 2025-09-29 校外 Off-campus:開放下載的時間 available 2025-09-29 您的 IP(校外) 位址是 18.97.14.81 現在時間是 2024-12-08 論文校外開放下載的時間是 2025-09-29 Your IP address is 18.97.14.81 The current date is 2024-12-08 This thesis will be available to you on 2025-09-29. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 2025-09-29 |
QR Code |