跳到主要內容

臺灣博碩士論文加值系統

(3.236.124.56) 您好!臺灣時間:2021/07/30 05:58
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:謝彥偉
研究生(外文):Yen-Wei Hsieh
論文名稱:分散式阻斷服務下之過載保護機制
論文名稱(外文):An Overload Protection Mechanism Under DDoS Attack
指導教授:曾黎明曾黎明引用關係
指導教授(外文):Li-Ming Tseng
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:中文
論文頁數:51
中文關鍵詞:分散式阻斷服務過載保護路由器壅塞
外文關鍵詞:DDoSoverload protectionroutercongestion
相關次數:
  • 被引用被引用:2
  • 點閱點閱:147
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
近年來許多的網路攻擊突顯出網際網路上諸多的弱點,其中造成損害最大的可謂為分散式阻斷服務(DDoS),對於許多既存的防禦方法來說分散式的攻擊很難去防止。隨著網際網路的普及,在網路上愈來愈容易找到含有弱點的主機,有心的攻擊者可利用這些主機的弱點,來攻擊其它特定的網路主機,造成一般正常的使用者無法使用該主機的服務。
由於分散式阻斷服務有著壅塞和連續的特性,因此常常會因路由器的負載過重而造成封包無法正常傳遞。大多數的防禦機制都很難在壅塞的網路上做通訊,更遑論在發生攻擊時,再來做防禦。有鑑於此,本文提出分散式阻斷服務下之過載保護機制,可在攻擊發生時迅速且確實的將攻擊封包加以分流,並予以阻擋流量過大的來源,並將路由器的負載降低,以提供其它正常使用者的封包得以順利傳遞,並可配合其它的異常流量偵測演算法加強防禦的效果。
我們藉由建立實體的測試網路來實驗在受到分散式阻斷服務攻擊時,本文所提的方法之成效。實驗結果證明採用這套方法後可以在受到攻擊時能有效的減輕攻擊所造成的影響。
Many attacks on the internet reveal much vulnerability in recent years; causing the largest damage among them we called DDoS. For much existent defense strategies, the DDoS is hard to prevent. With the popularity of the internet, it is more and more easily to find vulnerable server; some intent attacker will use these weakness to attack the particular server that the service can’t be available to the legitimate user .
Due to DDoS has characteristic of congestion and continuity, so that the packet can’t be forwarded normally because of router-overloading. Most defense mechanism can’t communicate through the congested network; it is unnecessary to say that if attacks occur, other protection mechanism will work.
In view of this, this paper proposed the overload protection mechanism under DDoS that it can bypass the attacking packet quickly and precisely also defend large source and decrease loading of router when attacks occur in order to transmit packet fluently for other legitimate user. Moreover, it can work with other defense mechanism to enhance the performance of protection mechanism.
We use the physical topology to simulate the performance of our protection mechanism under DDoS attack. The result of our experiment evidenced that overload protection mechanism is practical and decreases the influence effectively.
摘要
Abstract
目錄
圖目錄
表目錄
第一章 緒論
1-1研究動機
1-2論文架構
第二章 相關研究
2-1分散式阻斷服務
2-2攻擊工具
2-3 分散式阻斷服務的分類
2-4 現有的防禦策略
2-4-1 PUSHBACK
2-4-2 D-WARD
2-4-3 Overlay Network
第三章 系統架構
3-1 Bypass Guardian架構
3-2 Bypass Guardian
3-3流量記錄收集模組
3-4 資料存取模組
3-5 分流轉向模組
3-6 異常偵測模組
3-7 攻擊分析模組
3-8 過載保護機制
第四章 系統實作
4-1 功能模組
4-2 實作方法
4-3 測試環境
4-4 測試流程
4-5 未防禦之攻擊場景
4-6 有過載保護之攻擊場景
第五章 結論與未來工作
5-1 結論
5-2 未來研究
參考文獻
[1]http://www.cert.org/
[2]http://www.sans.org/
[3]http://www.insecure.org
[4]http://www.securityfocus.com/
[5]Microsoft Security Home Page http://www.microsoft.com/security/default.mspx
[6]DDoS attack tool timeline http://staff.washington.edu/dittrich/talks/sec2000/timeline.html
[7]Tfn attack tool analysis
http://staff.washington.edu/dittrich/misc/tfn.analysis.txt
[8]stacheldraht attack tool analysis
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt
[9]TFN2k attack tool analysis http://packetstormsecurity.com/distributed/TFN2k_Analysis-1.3.txt
[10]shaft attack tool analysis
http://home.adelphi.edu/~spock/shaft_analysis.txt

[11]Jelena Mirkovic, Janice Martin and Peter Reiher “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms” Computer Science Department University of California, Los Angeles
[12]Alefiya Hussain John Heidemann Christos Papadopoulos “A Framework for Classifying Denial of Service Attacks”
[13]Ratul Mahajan,Steven M. Bellovin,Sally Floyd,John Ioannidis, Vern Paxson, and Scott Shenker “Aggregate-Base Congestion Control” ICSI Center for Intenet Research(ICIR) AT&T Labs Research
[14]John Ioannidis, Steven M.Bellovin “Implementing Pushback: Router-Based Defense Against DDoS Attack” AT&T Labs Research
[15]Peter Reiher, Gregory Prier, Scott Michael, and Jun Li D-WARD: DDoS Network Attack Recognition and Defense home page “http://www.lasr.cs.ucla.edu/ddos/”
[16]J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source”, Proceedings of ICNP 2002, pp. 312-321, Paris, France, November 2002.
[17]Ju Wang Linyuan Lu Andrew A. Chien “Tolerating Denial of Service Attacks Using Overlay Networks ­Impact of Topology” Department of Computer Science and Engineering University of California, San Diego
[18]Ju Wang and Andrew A.Chien “An Analysis of Using Overlay Networks to Resist Distributed Denial-of-Service Attacks” Department of Computer Science and Engineering University of California,San Diego
[19]Angelos D. Keromytis Vishal Misra Dan Rubenstein “SOS:Secure Overlay Services” Department of Computer Science Department of Electrical Engineering Columbia University
[20]Hun-Jeong Kang, Seung-Hwa Chung, Seong-Cheol Hong, Myung-Sup Kim and James W. Hong “Towards Flow-based Abnormal Network Traffic Detection” DP&NM Lab.
[21]Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones ,Fabrice Tchakountio “Hash-Based IP Traceback”
[22]Bao-Tung Wang, Henning Schulzrinne “An IP Traceback Mechanism for Reflective DoS Attacks” Department of Computer Science, Columbia University
[23]Rocky K.C.Chang “Defending against Flooding-Based Distributed Denial-of-Service Attacks:A Tutorial The Hong Kong Polytechnic University
[24]Udaya Kiran Tupakula,Vijay Varadharajan “A Practical Method to Couteract Denial of Service Attacks” Information and Networked System Security Research Division of Information and Communication Sciences Macquarie University Sydney,Australia
[25]William G.Morein, Angelos Stavrou, Debra L.Cook,etc... ”Using Graphic Turing Tests To Counter Automated DDoS Attacks Against Web Servers” Department of Computer Science ,Department of Electical Engineering Columbia University in the City of New York
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top