隨著資訊技術的發展與網路服務型態的改變，加上雲端虛擬化技術趨於成熟，資訊安全領域的培訓平台，得以從傳統的實體架構轉向雲端虛擬化架構發展。採用雲端虛擬化架構設計的培訓平台，不僅可以改善實體架構的許多缺點，使用者更具備快速佈署各種不同的作業系統及建置不同場景的攻防演練環境之優勢，因此培訓平台也很適合作為資安競賽的平台。本論文探討如何利用雲端平台建構一個多態樣的資安演練場域，以及如何有效的利用有限的資源建構一個擬真企業網路場域，讓從事資訊及資安相關的人員，可以從中獲取有關弱點掃描、滲透測試等資訊安全實務技術，並且也實際用於一場國內資安攻防競賽。

With the development of Information technology and the changes of internet services, cloud computing and virtualization technology are reshaping the face of information security training platform, from physical to cloud infrastructure. A cloud and virtualization based platform not only improves the weakness of physical infrastructure, but also brings flexibility and efficiency for multiple operation systems deployment to fit various purposes of cyber exercises. The goal of this research is to build a cyber security exercise platform with cloud computing and virtualization technology, and to support enterprise network emulation with limited resources for information security specialists/trainees to acquire practical cyber security skills like vulnerability scanning and penetration test. The proposed system was used to serve as the planform for two national security contests.

[1] 蘇文彬, "漁船槍擊事件引爆台、菲網路攻擊", https://www.ithome.com.tw/node/80286 ,(accessed 10.11.2018)
[2] iThome , "一銀ATM遭駭事件大剖析", https://www.ithome.com.tw/article/107291 ,(accessed 10.11.2018)
[3] 王宏仁, "Wana Cry", https://www.ithome.com.tw/news/114147 ,(accessed. 10.11.2018)
[4] 王宏仁, "TSMC", https://www.ithome.com.tw/news/125098 ,(accessed 10.11.2018)
[5] Pang-Wei Tsai, Yu-Ting Lai, Pei-Wen Cheng, Mon-Yen Luo and Chu-Sing Yang, "Design and Development of a Cloud-based Testbed for Researches of Network and Network Security based on Virtualization Technologies," in Proc. of 2013 Taiwan Academic Network Conference (TANet), pp.119-126, 2013.
[6] Pang-Wei Tsai, Yu-Ting Lai, Pei-Wen Cheng, Chu-Sing Yang and Mon-Yen Luo, "Design and Develop an OpenFlow Testbed within Virtualized Architecture," in Proc. of the 15th Asia-Pacific Network Operations and Management Symposium, pp.1-3, 2013.
[7] P.-W. Tsai and C.-S. Yang, "Testbed@TWISC: A Network Security Experiment. Platform," Proc. of International Journal of Communication Systems, vol. 31, no. 2, pp. 1-18, 2018.
[8] Defcon, "Defcon", https://www.defcon.org/ ,(accessed 10.11.2018)
[9] Lucas McDaniel ,Erik Talvi ,Brian Hay ,"Capture the Flag as Cyber Security. Introduction" Proc. of 2016 49th Hawaii International Conference on System Sciences (HICSS) , pp. 5479-5486, Kauai, Hawaii
[10] 洪海and曹志華and 鮑旭華, DDoS分散式阻斷服務攻擊深度解析, 碁峰,2014 , 9789863472001
[11] Sean Bodmer and Dr. Max Kilger and Gregory Carpenter and Jade Jones ,Reverse. Deception: Organized Cyber Threat Counter-Exploitation, McGraw-Hill Education, 2012 , ISBN: 9780071772495
[12] HITCON, "HITCON", https://hitcon.org/ ,(accessed 10.11.2018)
[13] 周峻佑, "面臨日漸嚴重的資安威脅，政府將打造資安學院培養人才，以架構更健全的臺灣資安生態 ", https://www.ithome.com.tw/news/124845 ,(accessed 10.11.2018)
[14] Wiki, "虛擬化", https://zh.wikipedia.org/wiki/虛擬化 ,(accessed 10.11.2018)
[15] Amazon, "AWS EC2", https://aws.amazon.com/tw/ ,(October,10,2018)
[16] Lindo, "Linode ", https://www.linode.com/ ,(accessed 10.11.2018)
[17] Microsoft, "Azure", https://azure.microsoft.com/zh-tw/ ,(accessed 10.11.2018)
[18] OpenNebula, "OpenNebula Documentation ", http://docs.opennebula.org/5.6/ ,(accessed 10.11.2018)
[19] Ben Silverman and Michael Solberg, Openstack Handbook for. Architects ,Createspace Independent Pub,2017 , ISBN-9781788624510
[20] Marian Marinov,Comparison of Foss Distributed Storage ,Open Source Summit. Europe 2017
[21] Gluster, "Gluster", https://www.gluster.org/ ,(accessed 10.11.2018)
[22] Ceph, "Ceph", https://ceph.com/ ,(accessed 10.11.2018)
[23] MooseFS, "MooseFS", https://moosefs.com/ ,(accessed 10.11.2018)
[24] Wiki, "LXC", https://zh.wikipedia.org/zh-tw/LXC ,(accessed 10.11.2018)
[25] 楊保華 and 戴王劍 and 曹亞侖 , Docker入門與實戰第二版, 碁峰,2017, ISBN: 9789864764860
[26] Zenko and Micah ,Red Team Red Team: How to Succeed by Thinking Like the. Enemy, Brilliance Audio ,2015 , ISBN:9781501274879
[27] Don and Murdoch,Blue Team Handbook: Incident Response Edition: A. Condensed Field Guide for the Cyber Security Incident Responder, CreateSpace Independent Publishing Platform,2014 , ISBN: 9781500734756
[28] Offensive Security, "Kali", Linux https://www.kali.org/,(accessed 10.11.2018)
[29] BackBox, "BackBox", https://www.backbox.org/ ,(accessed 10.11.2018)
[30] J.G.Barahona,"The Quantitative State of the Open Cloud", Proc. of OSCON. (O’Reilly Open Source Convention), pp. 2014
[31] The Hacker News , "The Hacker News ", https://thehackernews.com/ ,(accessed. 10.11.2018)
[32] 電週文化事業股份有限公司, "iThome", https://www.ithome.com.tw/ ,(accessed 10.11.2018)
[33] freebuf , "freebuf ", http://www.freebuf.com/,(accessed 10.11.2018)
[34] MITRE ,"CVE", https://cve.mitre.org/ ,(accessed 10.11.2018)
[36] Offensive-Security , "exploit-db", https://www.exploit-db.com/ ,(accessed. 10.11.2018)
[36] irongeek , " King of the Hill ", https://www.irongeek.com/i.php?page=security/network-king-of-the-hill-write-ups ,(accessed 10.11.2018)
[37] NCCST , "CVE-2017-5638 (S2-045). ",https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1052 ,(accessed 10.11.2018)
[38] MITRE , "CVE-2017-5638", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638 ,(accessed 10.11.2018)
[39] MITRE , "CVE-2015-3306", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3306 ,(accessed 10.11.2018)
[40] MITRE , "CVE-2015-3306", https://www.softbanktech.jp/information/2015/20150430-01/,(accessed 10.11.2018)
[41] MITRE , "CVE-2017-7494", https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1062 ,(accessed 10.11.2018)
[42] MITRE , "CVE-2017-7494", https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7494 ,(accessed 10.11.2018)
[43] Chee Keong NG, Lei Pan and Yang Xiang, Honeypot Frameworks and Their. Applications: A New Framework ,Springer-Verlag New York Inc , 2018 , ISBN: 9789811077388
[44] MushMush, "Glastopf", http://mushmush.org/ ,(accessed 10.11.2018)
[45] MITRE , "CVE-2017-16995", https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16995 ,(accessed 10.11.2018)
[46] Abraham Silberschatz,Operating System Concepts, 9/e ,John Wiley,2012 , ISBN:1118093755
[47] 許清雄、潘怡倫、葉永信 "應用國網中心Ezilla建置資安教學環境(Cyber Defense Exercise) , " TANET 2016 臺灣網際網路研討會, 2016/11/01, pp 1001-1004, 2016.
[48] Manuel Sanchez Rubio ,German Lopez Civera, Jose Javier Martinez Herraiz, "Automatic Generation Of Virtual Machines For Security Training",IEEE Latin America Transactions, VOL. 14, NO. 6, pages 2795
[49] Harsa Wara Prabawa, Enjun Junaeti, and Yana Permana "Using Capture the Flag. in Classroom: Game-based Implementation in Network Security Learning", Proc. of 2017 3rd International Conference on Science in Information Technology (ICSITech), pp. 690-695
[50] Michael Lehrfeld,and Phillip Guest,"Building an Ethical Hacking Site for Learning. and Student Engagement", Proc. of IEEE SoutheastCon 2016, pp. 1-6
[51] Gary M. Deckard, and L. Jean Camp,"Measuring Efficacy of a Classroom Training.Week for a Cybersecurity Training Exercise", Proc. of 2016 IEEE Symposium on Technologies for Homeland Security (HST) , pp. 1-6
[52] Haomiao Huang ,Jerry Ding ,Wei Zhang , and Claire J. Tomlin,"Automation-Assisted Capture-the-Flag: A Differential Game Approach" IEEE Transactions on Control Systems Technology ( Volume: 23 , Issue: 3 , May 2015 )
[53] NCHC, "CDX", https://cdx.nchc.org.tw/download/CDX教學手冊.zip ,(accessed. 12.12.2018)
[54] 陳明照 , Kali Linux滲透測試工具 第二版, 9789863478393,碁峰,2015 , ISBN: 9789863478393
[55] W. Felter, A. Ferreira, R. Rajamony and J. Rubio, "An updated performance comparison of virtual machines and Linux containers," 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Philadelphia, PA, 2015, pp. 171-172.