現今網路資訊安全問題日趨嚴重，IBM 2015年威脅情報報告指出，內部威脅為所有攻擊類型的首位，55%的攻擊來自有權限存取組織系統的內部人員。Cybersecurity Insiders組織於2018年發表「內部威脅」報告，亦指出現今最具破壞性的威脅並非來自惡意的外部人員或惡意軟體，而是來自受信賴的內部，但卻有惡意的或是疏忽的人員。因此，如何建立一個以存取控制紀錄為基礎的多層次防護機制，透過自動化的方式掌握內部網路的安全狀況，降低來自網際網路及內部網路的安全威脅風險，提升企業內部的資安防護能力是值得探討的議題。本論文期以資安監控中心為基礎整合閘道端資安防護系統及內部網路用戶端系統日誌方式，建構出一套防禦架構，透過本論文實驗驗證，確實可以自動化方式偵測及阻絕內部威脅，降低資安風險，達到提升企業內部資安防護能力及降低資訊人員負荷。

Network security issues are getting worse now. IBM 2015 Threat Intelligence report stated that internal threats are the first of all types of attacks, and 55% of attacks come from insiders who have access to the organization’s systems. Cybersecurity Insiders published the “Internal Threats” report in 2018, which also pointed out the fact that the most of damaging threats today are not from outsiders or malicious software, but from trusted internal malicious employees and negligent employees. Therefore, it is a worthy exploration issue that how to establish a multi-level protection mechanism with access control records; this multi-level protection mechanism can grasp the security situation of the internal network automatically to reduce the security threat risk from the Internet and internal networks and improve the internal security capabilities for an enterprise. This study based on a security monitoring center to implement a defense architecture with integrating a security protection system in a gateway and client systems’ logs in an internal network. Through the experimental verification of this study, it is indeed possible to detect and block internal threats automatically to reduce the risk of security and to improve the internal security protection capabilities, and reduce the workload of information personnel in an enterprise.