跳到主要內容

臺灣博碩士論文加值系統

(18.204.48.64) 您好!臺灣時間:2021/08/03 11:32
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:黃敏政
研究生(外文):Ming-Cheng Huang
論文名稱:利用探針封包來修補IPTraceback的不完全路徑
論文名稱(外文):Using Probing Packets to Repair The Incomplete IP Traceback
指導教授:謝文雄謝文雄引用關係
學位類別:碩士
校院名稱:國立中山大學
系所名稱:資訊工程學系研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:43
中文關鍵詞:網路攻擊網路安全
外文關鍵詞:DoSIP traceback
相關次數:
  • 被引用被引用:0
  • 點閱點閱:102
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
本篇論文推薦一個改良PPM的方法,來改進PPM需要每個router都支援的弱點,就是說,如果PPM系統中有一個router不支援,PPM便沒有辦法執行。
  文中我們首先討論一個和兩個router不支援的情形:使用演算法來解決。三個和四個router不支援的情形:使用RR選項來解決。五個以上:使用Loosen Source Routing解決,文中router使用temp table來記錄不支援的router的路徑,以便PPM系統開始作用時可以使用,另外router也使用hop table以避免不同路徑封包的混淆。hop table 也可以用來暫存一些封包,以避免覆蓋到之前router的PPM封包。
An enhancement of probability packet marking (PPM) used to trace back the DoS attacker is proposed by this paper. Our work is based on the probabilistic packet marking algorithm by Savage[1] in which an attack graph can be reconstructed by a victim site. Furthermore, we discuss some routers which do not support PPM in attacked path called non-PPM router. We use algorithm to recover one and two successive non-PPM routers. Recover three and four successive non-PPM routers by using IP RR (record routing) option. Five successive non-PPM routers and above are between two PPM routers, we discuss about Loosen Source Routing that record all traveled IP addresses into IP header. The temp table record edges which produced by proposed algorithm. And the hop table records which path the packet come from. Before the PPM system run, routers send probe packets we proposed above to recover the incomplete attack path.
Abstract
Chapter One: Introduction…..………………..……….…………........1
1-1 Background…………………………………………..………1
1-2 Motives and Objectives……..……..………..…………….....3
1.3 Types of Dos attack…………………………………………..4
1-3-1 TCP -SYN attack:……………………………………………….5
1-3-2 Flooding attack:………………………………………….……..7
Chapter Two: Related work...................................................................8
2-1 Ingress filtering..…………..……………….………………..8
2-2 Link Testing….. ……………………………………………..9
2-2-1 Logging and Controlled flooding…………………...…………10
2-3 ICMP traceback messages………………………………..12
Chapter Three: Development……........................................................16
3-1 Node Append …………..……………..………….…………16
3-2 Node Sampling ……………………..…………….………...17
3-2 Edge Sampling ……………………..………….…………...17
Chapter Four: The PPM with probing packets ……..........................22
4-1 To change the marking procedure………..………………..26
4-2 The PPM with probing packets………..……………….…..29
4-3 The temp table………………………..………………….….33
4-4 The hop table…………..…………………………………....35
4-5 More non-PPM routers………..……………………………35
Chapter Five: Conclusion……..............................................................41
References………………………………………………………………42
[1] S. Savage, D.Wetherall, A. Karlin, and T. Anderson. Practical network support for ip traceback. In Proceedings of the 2000 ACMSIGCOMMConference, pages 295 – 306, Stockholm,Sweden, August 2000.

[2] S. M. Bellovin. ICMP Traceback Messages. Work in Progress, Internet Draft draft-bellovin-itrace-00.txt,March 2000.

[3] D. X. Song and A. Perrig. Advanced and authenticated marking schemes for ip traceback. In Proceedings of IEEE INFOCOM ’01, April 2001.

[4] E. Steven M. Bellovin. Icmp traceback messages, internet draft: draft-bellovin-itrace-00.txt. submitted Mar. 2000, expiration date Sep. 2000.

[5] S. F. Wu, L. Zhang, D. Massey, and A. Mankin. Intentiondriven icmp trace-back, internet draft: draft-wu-itraceintention-00.txt. submission date Feb. 2001, expiration date Aug. 2001.

[6] G. Sager, “Security Fun with OCxmon and cflowd,” presented at the Internet 2 Working Group, Nov. 1998.

[7] R. Stone, “CenterTrack: An IP overlay network for tracking DoS floods,” in Proc. 2000 USENIX Security Symp., July 2000, pp.199–212.

[8] Stefan Savage, David Wetherall, Member, IEEE, Anna Karlin, and Tom Anderson Network Support for IP Traceback IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 9, NO. 3, JUNE 2001.

[9] Hassan Aljifri University of Miami, published by the IEEE computer society, IP Traceback: A New Denial-of-Service Deterrent? 1540-7993/03/2003 IEEE, IEEE security and privacy.

[12]. W. Lee and K. Park, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack,” Proc. IEEE INFOCOM, IEEE CS Press,2001, pp. 338–347.


[13]. M. Adler, “Tradeoffs in Probabilistic Packet Marking for IP Traceback,” Proc. 34th ACM Symp. Theory of Computing, ACM Press, 2002, pp. 407–418.

[14]. S.Savage et al., “Network Support for IP Traceback,”IEEE/ACM Trans. Networking, vol. 9, no. 3, 2001, pp.226–237.

[15]. M. Waldvogel, “GOSSIB vs. IP Traceback Rumors,”Proc. 18th Ann. Computer Security Applications Conf.(ACSAC 2002), 2002, pp. 5–13.

[16]. D. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” Proc. IEEE INFOCOM, IEEE CS Press, 2001, pp. 878–886.

[17]. D. Dean, M. Franklin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Trans. Information and System Security, vol. 5, no. 2, 2002, pp.119–137.

[18]. M. Goodrich, “Efficient Packet Marking for Large-Scale IP Traceback,” Proc. 9th ACM Conf. Computer and Communication Security, ACM Press, 2002, pp. 117–126.

[19]. H. Aljifri, M. Smets, and A. Pons, “IP Traceback Using Header Compression,” Computers & Security, vol. 22, no.2, 2003, pp. 136–151.

[20] Yoohwan Kim, ju-yeon Jo, H.Jonathan Chao and Frank Merat,”High-Speed Router Filter for Blocking TCP Flooding under DDoS Attack” Electrical and Computer Engineering Department Polytechnic university, Brooklyn, NY 11201

[21] Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao”Dectecting Distributed Denial of Service Attacks Using Source IP Address Monitoring” ARC Special Research Center for Ultra-Broadband Information Networks Department of Electrical and Electronic Engineering, The University of Melbourne, Victoria 3010, Australia
[22]D. Moore, G. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity” Proc. 10th USENIX Sec. Symp.,2001
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top