跳到主要內容

臺灣博碩士論文加值系統

::: 網站導覽| 首頁| 關於本站| 聯絡我們| 國圖首頁| 常見問題| 操作說明
English |FB 專頁 |Mobile
  • 一般民眾
  • 研究人員
  • 校院系所及研究生

    功能切換導覽列

  • 論文查詢
  • 排行榜
  • 影音圖像
  • 主題館(另開新視窗)
  • 我的研究室
  • NDLTD查詢(另開新視窗)
(216.73.216.176) 您好!臺灣時間:2025/09/08 18:12
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示
第一頁 上一頁 下一頁 最後一頁
/1
: 
twitterline
研究生:張國昭
研究生(外文):Kuo-Chao Chang
論文名稱:D3OS分散式阻斷服務攻擊之防禦系統
論文名稱(外文):Defence System of D3OS Denial of Service Attack
指導教授:劉惠英劉惠英引用關係
指導教授(外文):Huey-Ing Liu
學位類別:碩士
校院名稱:輔仁大學
系所名稱:電子工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2009
畢業學年度:97
語文別:中文
論文頁數:62
中文關鍵詞:分散式阻斷服務攻擊防禦系統
外文關鍵詞:DDoSDefence System
相關次數:
  • 被引用被引用:0
  • 點閱點閱:288
  • 評分評分:
  • 下載下載:15
  • 收藏至我的研究室書目清單書目收藏:0
阻斷式服務攻擊/分散式阻斷服務攻擊DoS/DDoS(Denial of Service/Distributed Denial of Service)目前是網際網路安全上嚴重的問題。如何有效的抵抗DoS/DDoS攻擊已經變成是網路安全上重要議題之一。本篇論文探討一種非入侵式的DoS/DDoS攻擊,該攻擊是利用協定上的漏洞來對伺服器進行攻擊,攻擊者藉由一些特殊的服務需求(request)使得伺服器的資源耗竭。本篇論文提出一種可以有效防禦這種攻擊的架構。該架構藉由估量每個用戶(client)的特性(例如:平均封包量packet per second - pps、平均資料量bit per second - bps或服務成本等)來進行服務排程的選擇以及是否啟動防禦機制的決策,藉由此架構(稱為D3OS: Defense Distributed Denial of Service)可以有效抑制DoS/DDoS攻擊效果,使伺服器在接受攻擊下仍可以正常運作。此架構能夠保證當在攻擊中,伺服器所花費的服務資源能夠集中在合法使用者上,而不會把服務資源花費在惡意使用者上。
Denial of Service/Distributed Denial of Service(DoS/DDoS) attacks become serious problems of network security. How to defeat DoS/DDoS attacks effectively is a important issue of network security. This thesis studies a non-intrude DoS/DDoS attack, which attacks system by exploits holes of network protocols. An attacker sends some special requests to exhaust the resources of the victim. This thesis proposes a system to effectively prevent these non-intrude attacks. The proposed system evaluates the attributes of clients (such as packet per second – pps bit per second and – bps or service load) for scheduling, and decide whether start the defence mechanisms or not. This system (denote as D3OS: Defence Distributed Denial of Service) can mitigate DoS/DDoS attacks effectively, therefore server can operate normally, even server is under attack. This system promises most server’s resources are used for normal clients event under attack.
目錄

中文摘要………………………………………………………………………………....i
英文摘要………………………………………………………………………………...ii
誌謝………………………………………………………………………………......iii
目錄……………………………………………………………………………….......iv
表目錄………………………………………………………………………………......vi
圖目錄………………………………………………………………………………...…vii
1.緒論……………………………………………………………………………….1
1.1 研究背景……………………………………………………………….1
1.2 研究動機……………………………………………………………….2
1.3 論文架構……………………………………………………………….3
2.相關研究……………………………………………………………………........4
2.1 分散式阻斷服務攻擊………………………………………......….4
2.1.1.分散式阻斷服務攻擊的種類………………………………..5
2.1.2. 分散式阻斷服務攻擊的步驟與方式………………..…..9
2.2 現有的防禦策略………………………………………………...….10
2.3 現有的防禦系統………………………………………………….….12
2.3.1. D-WARD………………………………………………..…12
2.3.2. 流量控制服務…...…….………………....…………13
2.3.3. 重疊網路防禦系統…………………………………...…15
2.3.4. WebSOS………………………………………….…....15
2.3.5. Move………..………………….……………………..16
2.3.6. PUSHBACK……………………………...…........17
2.3.7. DRS…………………………………………….......19
2.4 現有防禦系統的分析…………………………………......…...21
2.4.1. D-WARD分析………………..……...………….……21
2.4.2. 流量控制服務系統分析……..…………………………22
2.4.3. 重疊網路系統分析………………………………………22
2.4.4. WebSOS系統分析………………..………………….…23
2.4.5. Move系統分析……………………………...………..23
2.4.6. PUSHBACK系統分析………………....……...…...23
2.4.7. DRS系統分析……………………….………........24
3. D3OS防禦系統架構……………………………………………………….……25
3.1 系統架構…..………………………………………………….……25
3.2 系統模組………………………………………………………….…25
3.3 出入過濾器……………………………………………………………26
3.4 異常驗證器……………………………………………………………27
3.4.1初階分析過濾…………………………….......……....28
3.4.2 計分機制…..……………………………………………….29
3.5. 比例限制器…….…………….……………………...………...31
3.6. 排程器……………..………………………………………………….32
4. 系統效能……..………………………………………………………………..…36
5. 結論…………………………………………………………………………..……48
參考文獻……………………………………………………………………………….49
[1]Web Claw, http://www.rohitab.com/discuss/index.php?showtopic=4708, 2008.
[2]J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defence Mechanisms,” ACM SIGCOMM Computer Communication Review, pp. 39-53, Apr. 2004.
[3]R. K. C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communication Magazine, pp. 42-51, Oct. 2002.
[4]A. Belenky and N. Ansari, “On IP Traceback,” IEEE Communication Magazine, pp. 142-153, July 2003.
[5]Z. Gao and N. Ansari, “Traceing Cyber Attacks from the Practical Perspective,” IEEE Communications Magazine, pp. 123-131, May 2005.
[6]A. Hussain, J. Heidemann, and C. Papadopolous, “A Framework for Classifying Denial of Service Attacks,” ACM SIGCOMM, pp. 99-110, Aug. 2003.
[7]W32/Blaster, http://www.multipro.com/mblaster.htm, 2008.
[8]T. Dubendorfer, M. Bossardt, and B. Plattner, “Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation,” 19th IEEE Intermational Parallel and Distributed Processing Symposium, pp. 1-8, Apr. 2005.
[9]Mirkovic and J. Reiher, “D-WARD: a Source-end Defense against Flooding Denial-of-Service Attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 3, pp. 216-232, Sept. 2005.
[10]R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregate in the Network,” ACM SIGCOMM Computer Communication Review, vol. 32, pp. 62-73, July 2002.
[11]A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure Overlay Services,” ACM SIGCOMM, pp. 61-72, Aug. 2002.
[12]陳俊傑,楊宏昌,林宏達,游秉賢,曾黎明,「以重疊網路防禦分散式阻斷服務攻擊」,台灣網際網路研討會,2005。
[13]D. L. Cook, W. G. Morein, A. D. Keromytis, V. Misra, and D. Rubenstein,“WebSOS: Protecting Web Servers from DDoS Attacks,” 11th IEEE International Conference On Networks(ICON), pp. 461-466, Aug. 2003.
[14]A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: An Architecture for Mitigating DDoS Attacks,” IEEE Journal on Selected Areas Communications, vol. 22, no. 1, Jan. 2004.
[15]Ju Wang, L. Lu, and A. A. Chien, “Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology,” ACM SSRS, pp. 43-52, Oct. 2003.
[16]A. Stavrou, A. D. Keromytis, J. Nieh, V. Misra, and D. Rubenstein, “MOVE: An End-to-End Solution To Network Denial of Service,” Internet Society NDSS’05, pp. 5-21, Feb. 2005.
[17]J. Ioannidis and S. M. Bellovin, “Implementating PUSHBACK: Router-Based Defence against DDoS Attack,” Network and Distributed System Security Symposium, pp. 6-14, Feb. 2002.
[18]R. Mahajanm, S. Bellvin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. “Controlling High Bandwidth Aggregates,” Netwrok Computer Communications Review, pp. 32-33, July 2002.
[19]K. Park and H. Lee, “On the Effectiveness of Router-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets,” ACM SIGCOMM 2001, pp. 15-26, Oct. 2001.
[20]J. Ioannidis and S. M. Bellovin, “PUSHBACK:Router-Based Defence Against DDoS Attacks,”NDSS 2002, pp. 6-22, Feb. 2002.
[21]DDoS, http://www.study-area.org/tips/syn_flood.htm, 2008.
[22]S. Ranjan, R. Swaminathan, M. Uysal, and E. W. Knightly, ”DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection,” IEEE INFOCOM, pp. 1-13, Apr. 2006.
[23]T. Anderson, T. Roscoe, and D. Wetherall, “Preventing Internet Denial-of-Service with Capabilities,” HotNet II 2003, pp. 1-6, Nov. 2003.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
  簡易查詢 | 進階查詢 | 熱門排行 | 我的研究室
本系統(Web1)共收集:論文已授權全文:797995 筆、書目與摘要:1499506
目前上線人數:13732 / 訪客人次(自99年6月):736695478 / 檢索次數(自99年6月):6450732523 / 指導單位: 教育部
國家圖書館著作權聲明 Copyright © 2010 All rights reserved.
本館地址:100201 臺北市中山南路20號 電話:02-2361-9132 (本系統服務窗口請轉分機 172、870)
本網站最佳瀏覽解析度為 1600 x 900
無障礙網站