(3.235.245.219) 您好!臺灣時間:2021/05/07 21:29
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:段光秦
研究生(外文):Kuang-Chin Tuan
論文名稱:可防治分散式阻絕服務攻擊之IP封包標記法
論文名稱(外文):A TTL-Included IP Marking Scheme Against DDoS Attack
指導教授:雷欽隆雷欽隆引用關係
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:電機工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:38
中文關鍵詞:存活時間封包標記分散式阻絕服務攻擊
外文關鍵詞:TTLDDoS attacksIP marking
相關次數:
  • 被引用被引用:0
  • 點閱點閱:231
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
分散式阻絕服務攻擊對於今日的網際網路是一項很大的威脅,由於網際網路本身在傳遞過程中並不會紀錄中間過程的狀態,如果攻擊者想要隱藏本身的位址,對於想要利用接收到的封包來找出這個封包的實際來源而言,是一件很困難的事。為了要明確這些攻擊的責任,每個封包的來源必須被找出來,這一類的問題就叫做 IP 追蹤回溯問題。在本論文中,提出了一個包含TTL 值之驗證版本封包標記方法以及重建攻擊路徑的演算法,這演算法是根據 TTL 值來計算經過的路由數目,進而重建攻擊路徑,找到攻擊來源。本論文的方法改善了Savage 等人所提出的方法,對於分散式阻絕服務攻擊能提供更強的適用性,來找出封包的實際來源。除此之外,本論文的方法使用訊息驗證碼 (MAC)來當作封包的標記,並且將其放入 IP 標頭中的識別欄位。如此一來,提供了對於封包標記本身的驗證,使得攻擊者無法偽冒或更改封包標記,而不被發現。
Distributed Denial of Service (DDoS) Attacks are a great threat to today’s Internet. Due to the stateless nature of the Internet, it is difficult to accurately determine the true source of an IP packet if the attacker wishes to conceal it. To institute responsibility for these attacks, the source of individual packets must be identified. This kind of problem is called IP traceback problem. In this paper, a TTL (time-to-live) value including authentication version of marking scheme and an algorithm of reconstruction using TTL-based hop count computation[5] are proposed. The proposed scheme is aim to rebuild the attack path and trace the true source of attack even under DdoS attacks. The proposed scheme improve Savage et al.’s scheme[3] that is vulnerable to DDoS attacks. Furthermore, the proposed scheme uses Message Authentication Code (MAC) as marking and put it in the IP identification field. This provides authentication to the marking of the packet. Nobody can forge or tamper the marking of the packet evading the authentication.
LIST OF FIGURES vii
CHINESE ABSTRACT viii
ENGLISH ABSTRACT ix

CHAPTER 1 INTRODUCTION 1
1.1 Motivation 1
1.2 Related Concept 3
1.2.1 IP traceback 3
1.2.2 False Positive and False Negative 4
1.3 Topics to be Studied 5
CHAPTER 2 PRELIMINARIES 7
2.1 Related Research 7
2.2 Edge Sampling IP Marking Scheme 9
2.3 Encoding and Path Reconstruction 11
2.4 Limitation and Challenge of Encoded Edge Fragment Sampling 13
CHAPTER 3 THE PROPOSED SCHEMES 15
3.1 Assumptions 15
3.3 The Marking Procedure 17
3.3.1 The Authenticated Version of Advanced Marking Scheme 18
3.3.2 The TTL Value Including Marking Scheme 19
3.4 The Path Reconstruction Procedure 21
3.4.1 TTL-Based Hop-Count Computation 21
3.4.2 Building IP to Hop-Count Mapping Table 23
3.4.3 The Preliminary Setup 23
3.4.4 The Proposed Reconstruction Algorithm 24
CHAPTER 4 ANALYSIS 27
4.1 Robustness 28
4.2 Security 28
4.2.1 Authentication 28
4.2.2 Security of Time-Released Key 29
4.2.3 Detection of Spoofed IP Packet 30
4.3 Deployment 31
4.4 Expected Packet Number 31
CHAPTER 5 CONCLUSION 33
BIBLIOGRAPHY 35
[1]Computer Emergency Response Team, CERT Advisory CA-2000-01: Denial-of-Service Developments,” http://www.cert.org/advisories/CA-2000-01.html, 2000.
[2]S.M. Bellovin, M.D Leech, and T. Taylor, “ICMP traceback message,” Internet-Draft, draft-ietf-itrace-01.txt, 2001.
[3]Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, “Practical network support for IP traceback,” in Proceedings of the 2000 ACM SIGCOMM Conference, August 2000.
[4]D. Song and A. Perrig, “Advanced and Authenticated Marking Scheme,” in Proceedings of the Infocom, April 2001.
[5]Chen Jin, Haining Wang and Kang G. Shin, “Hop-Count Filtering: An Effective Defense Against Spoofed DdoS Traffic,” in Proceedings of the ACM CCS”03, October 2003.
[6]V. Paxson, “End-to-End Routing Behavior in the Internet,” IEEE/ACM Transactions on Networking, vol. 5, pp.601-615, October 1997.
[7]Adrian Perrig, Ran Canetti, Dawn Songand Doug Tygar, “Efficient and Secure Source Authentication for Multicast,” in Proceedings of Network and Distributed system Security Symposium, NDSS’01, February 2001.
[8]The Swiss Education and Research Network, ”Default TTL Values in TCP/IP,” http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html, 2002.
[9]B. Cheswick, H. Burch and S. Branigan, “Mapping and Visualizing the Internet,” in Proceedings of USENIX Annual Technical Conference’2000, June 2000.
[10]H. Krawczyk, M. Bellare and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication, “ Internet RFC 2104, February 1997.
[11]David L. Mills, “Network Time Protocol (Version 3) Specification, Implementation and analysis,” Internet Request for Comments, March 1992.
[12]H. Burch and B. Cheswick, “Tracing anonymous packets to their approximate source,” in Proceedings of Usenix LISA 2000, December 2000.
[13]D. Dean, M. Franklin, and A. Stubblefield, “An algebraic Approach to IP Traceback,” in Proceedings of NDSS 2001, pp.3–12, February 2001.
[14]T. Doeppner, P. Klein, and A. Koyfman, “Using Router Stamping to Identify the Source of IP Packets,” in Proceedings of ACM CCS-7, pp.184–189, November 2000.
[15]A. Snoeren, C. Partridge, et al. “Hash-Based IP Traceback,” in Proceedings of ACM Sigcomm’2001, August 2001.
[16]S. Bellovin, “Internet Draft: ICMP Traceback Message,” technical report, Network Working Group, March 2000.
[17]K. Park and H. Lee, “On the Effectiveness of Probabilistic packet marking for IP Traceback Under Denial of Service Attack,” in Proceedings of IEEE INFOCOM, April 2001
[18]D. Moore, G. M. Voelker and S. Savage, “Inferring Internet Denial of Service Activity,” in Proceedings of USENIX Security Symposium, August 2001.
[19]Computer Emergency Response Team, CERT Advisory CA-1999-17: Denial-of-Service Tools,” http://www.cert.org/advisories/CA-1999-17.html, December 1999.
[20]D. Dittrich, “The DoS Project’s “Trinoo” Distributed Denial of Service Attack Tool,” http://staff.washington.edu/dittrich/misc/trinoot.analysis.txt, October 1999.
[21]D. Dittrich, “The “Stacheldraht” Distributed Denial of Service Attack Tool,” http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt, December 1999.
[22]M. Adler, “Tradeoffs in Probabilistic Packet Marking for IP Traceback,” in Proceedings of 34th ACM Symposium on Theory of computing (STOC), May 2002.
[23]A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent and W. T. Strayer, “Single-Packet IP Traceback,” IEEE/ACM Transactions on Networking, vol.10, no.6, pp.721-734, December 2002.
[24]R. T. Morris, “A weakness in the 4.2BSD Unix TCP/IP Software,” Technical Report Computer Science #117, AT&T Bell Labs, February 1985.
[25]S. M. Bellovin, “Security Problems in the TCP/IP Protocol Suite,” ACM Computer Communications review, vol. 19, no.2, pp.32-48, April 1989.
[26]L. T. Heberlein and M. bishop, “Attack Class: Address Spoofing,” in Proceedings of 1996 National Information Systems Security Conference, pp.371-378, October 1996.
[27]M. Vivo, E.Carrasco, G.Isern and G. O. Vivo, “A Review of Port Scanning Techniques,” ACM Computer Communications Review, vol.29, no.2, pp.41-48, April 1999.
[28]Internet Mapping, http://research.lumeta.com/ches/map/, 2002
[29]Caida Skitter, http://www.caida.org/tools/measurement/skitter/, 2000.
[30]J. Mogul and S. Deering, “Path MTU Discovery,” RFC 1191, November 1990.
[31]Associated Press, “Internet Attack was Much Worse than Anticipated,” Foxnews.com, http://www.foxnews.com/story/0,2933,76804,00.html, January 2003.
[32]W. Feller, “An Introduction to Probability Theory and Its Applications,” second edition, vol.1, Wiley and Sons, 1996.
[33]R. L. Carter and M. E. Crovella, “Dynamic Server Selection Using Dynamic Path Characterization in Wide-Area Network,” in Proceedings of the 1997IEEE INFOCOM Conference, April 1997.
[34]W. Theilmann and K. Rothermel, “Dynamic Distance Maps of the Internet,” in Proceedings of the 2000IEEE INFOCOM Conference, March 2000.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔