動態資訊安全聯防架構之適決策研究

A Study of Optimal Decision for Dynamic

Information Security Joint Framework

郭木興

加拿大維多利亞大學醫療資訊系

mh.kuo@hotmail.com

陳良駒

國防大學管理學院資訊管理學系

nctuhorse@gmail.com

張志豪

陸軍七三資電群

nokiach@gmail.com

誌瑋

國防大學管理學院資訊管理學系

chihwei00@gmail.com

摘要

    本研究針對企業組織成員間資訊資源及能力不均衡的現象,建構一個整合性的資安防護中心架構及演算流程,將公司間彼此的防護力量作進一步結合。在防禦能力方面,藉由區域聯防方式,能有效提供群組內聯防成員充分且準確的預警資訊;在決策支援方面,藉由模擬方式比較貝氏決策、改良式貝氏決策和馬可夫決策三種模式主動提供聯防成員採取防禦行動的準則,以預期的最小損失值作為下次防禦行動的參考建議。

最後針對所建構的資安防護中心架構探討其模擬結果,結果顯示以馬可夫決策模式為基礎的預測結果,較貝氏決策與改良式貝氏決策模式提供更為有效及穩定的決策支援,協助聯防成員維持正常的資訊能量,並降低攻擊威脅所帶來的損失。

關鍵詞:馬可夫決策、貝氏決策、資安防護中心、代理人

Abstract

        The purpose of this study is to build an integrated security operation center (SOC) framework including mathematical calculation that combines the whole resources among the members. In the way of defense energy, the framework can provide the joint members an early, adequate, and accurate warning. In the dimension of decision support, we compare the Bayes’ decision, the improved Bayes’ decision and the Markov decision by the method of system simulation. Then we select the optimal decision providing members the defending rule actively and help them to make the next buckler with the lowest cost.

        Finally, in our SOC framework, the effect of Markov decision on forecast an attack event is better than the Bayes’ decision and improved Bayes’ decision. This framework helps the members to maintain the optimal information strength, and diminishes the damage caused by the attack events.

Keywords: Markov Decision, Bayes’ Decision, Security Operation Center, Agent