跳到主要內容

臺灣博碩士論文加值系統

(44.192.49.72) 您好!臺灣時間:2024/09/14 07:05
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:李明舫
研究生(外文):Ming-fang Lee
論文名稱:以倒傳遞類神經網路防禦應用層之分散式阻斷攻擊之整體架構
論文名稱(外文):A Framework for Defending Application Layer DDoS Attacks Using a Back-Propagation Neural Network
指導教授:嚴威嚴威引用關係
指導教授(外文):Wei Yen
學位類別:碩士
校院名稱:大同大學
系所名稱:資訊工程學系(所)
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2006
畢業學年度:94
語文別:英文
論文頁數:58
中文關鍵詞:應用層分散式阻斷攻擊人工智慧類神經網路倒傳遞演算法
外文關鍵詞:Application layer DDoS AttackArtificial Intelligence (AI)Back-Propagation AlgorithmNeural Network
相關次數:
  • 被引用被引用:2
  • 點閱點閱:385
  • 評分評分:
  • 下載下載:83
  • 收藏至我的研究室書目清單書目收藏:1
本論文研究應用層分散式服務阻斷攻擊問題。攻擊者使用隨機服務請求攻擊,服務請求是來自預先定義的字辭集,用以攻擊搜尋引擎一類的網頁伺服器。如果缺乏防禦的機制,伺服器將變慢。我們建議兩個提案來解決此問題。然後,我們以誤判陰性比率(false negative ratio)、誤判陽性比率(false positive ratio)及誤判率(error ratio)來討論效能。
我們提出一運用人工智慧為基礎的演算法(AI-based algorithm)─以倒傳遞類神經網路(back-propagation neural network)為架構的機制,並與我們之前提出的以統計為基礎的演算法(statistical algorithm)比較。前者解決此類攻擊問題時,分為兩個階段。在第一個階段中,我們模擬攻擊樣本與正常樣本,並用來訓練這個類神經網路。之後第二個階段,我們使用這訓練後的類神經網路來分類所有的使用者。
而在統計演算法中,此問題則使用利用三個階段解決。第一個階段使用重複的元素當作特徵,來從所有的使用者中決定嫌疑者。第二個階段是從所有嫌疑犯中,使用他們的記錄來選取真正的攻擊者。之後第三階段,使用辨識出來的攻擊者的歷史資料,來分類所有的使用者,是否為合法使用者與非法使用者。
此二提案可以被建立在防火牆或伺服器上,以避免有限字辭集的應用層分散式服務阻斷攻擊。如我們的結果所展現的,此兩提案有著相近的正確率,其平均正確率大約百分之八十六。然而它們的實踐與運作的成本是有所不同的,其所需的分類時間與需要的處理程序上相異。
The paper studies the application layer DDoS attack problem. The attackers use random requests from a predefined word pool to a web server as a search engine. The server will be slowed, if there is no defending mechanism. We evaluate two approaches to overcome the problem. Then, we discuss the performance with the false negative ratio, false positive ratio, and error ratio.
We propose the artificial intelligence(AI)-based algorithm which is based on the back-propagation neural network. Then, we compare it with the statistical algorithm what we proposed previously. The former solves DDoS attacks with two phases. In the first phase, we train the neural network with the samples. Then, we use the trained neural network to separate all users in the second phase.
In the statistical approach, three phases are employed to solve the DDoS attack problem. The first phase uses the repeated elements as the signature to decide the suspects from all users. The second phase is to identify an attacker among all suspects using their request logs. Then, the third phase uses the history of the identified attacker to classify all users into legitimate users and attackers.
The two approaches can be built on either firewall or server to prevent the application layer DDoS attack with a limited pool. As our simulation results show the two approaches share approximately the same accuracy rate which is about 86%. However, their implementation and operational costs are somehow different. They are indicated as that classification times and needing phases are different.
ACKNOWLEDGMENTS iii
ABSTRACT iv
TABLE OF CONTENTS vi
LIST OF FIGURES viii
LIST OF TABLES ix
CHAPTER 1 INTRODUCTION 1
CHAPTER 2 EXISTING WORKS 3
2.1 Denial of Service 3
2.1.1 Denial of Service 3
2.1.2 Distributed Denial of Service 5
2.1.3 Network layer (D)DoS Attack 9
2.1.4 Application layer DDoS Attack 10
2.2 Defending Methods 12
2.2.1 IP Trace-back 12
2.2.2 Connection Authentication 17
2.2.4 System Modification 17
2.2.5 Packet Filtering 18
2.2.6 Quality of Service Based Service Policies 18
2.3 Neural Network Configuration 19
2.3.1 Back-Propagation 20
CHAPTER 3 PROBLEMS DEFINITIONS AND SOLUTIONS 24
3.1 Problem Definitions 24
3.2 Solutions 26
3.2.1 Artificial Intelligence-based Approach 26
3.2.2 Statistical Approach 28
3.3 Preprocessing 32
CHAPTER 4 PERFORMANCE EVALUATION 33
4.1 Overview 33
4.2 Comparison 33
4.2.1 Performance Evaluation Parameters 33
4.2.2 Classification Times 34
4.2.3 Needing Parameters 35
4.2.4 Performance 35
CHAPTER 5 CONCLUSIONS AND FUTURE WORKS 42
5.1 Conclusions 42
5.2 Future Works 43
REFERENCE 44
VITA 48
[1]CNN, “DDoS attacks on Yahoo, Buy.com, eBay, Amazon, Datek,. E Trade”, CNN Headline News,. Feb. 7–11, 2000.
[2]CERT Coordination Center, "Code Red II," http://www.cert.org/incident_notes/IN-2001-09.html
[3]CERT Coordination Center, "Nimda worm," http://www.cert.org/advisories/CA-2001-26.html
[4]B. Young, “MyDoom a Taste of Viruses to Come, Says Security Analyst,” Reuters, Feb, 2004.
[5]The Trustees of Indiana University, “DDoS Resources”, http://www.anml.iu.edu/ddos/types.html.
[6]CERT Coordination Center, “CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks,” Sep. 1996, http://www.cert.org/advisories/CA-1996-21.html.
[7]CERT Coordination Center, “CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack”, February 8, 1996, http://www.cert.org/advisories/CA-1996-01.html.
[8]Internet Relay Chat (IRC) help archive, “Denial of Service or "Nuke" Attacks”, February 8, 1996, http://www.irchelp.org/irchelp/nuke/info.html.
[9]Insecure, “More Ping of Death information”, 21 October 1996, http://www.insecure.org/sploits/ping-o-death.html.
[10]CERT Coordination Center, “CERT CA-1997-28 IP Denial-of-Service Attacks”, December 16, 1997, http://www.cert.org/advisories/CA-1997-28.html.
[11]Rocky K. C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine, pp.42-51, Oct. 2002
[12]N. Daswani and H. Garcia-Molina, “Query-Flood DoS Attacks in Gnutella,” in the Proc. of CCS ’02, Washington, U.S.A., Nov. 2002, pp. 181-192.
[13]“The Economic Impacts of Unacceptable Web-Site Download Speeds,” white paper, Zona Research Inc., Apr. 1999. http://www.keynote.com/resources/resource_library.html
[14]Andrey Belenky and Nirwan Ansari, "On IP traceback", IEEE Communications Magazine, vol. 41, no. 7, Jul 2003 pp. 142-153.
[15]S. M. Bellovin, “ICMP Traceback Messages,” IETF draft, 2000; http://www.research.att.com/smb/papers/draftbellovin-itrace-00.txt.
[16]S. F. Wu et al., “On Design and Evaluation of ‘Intention-Driven’ ICMP Traceback,” Proc. 10th Int’l. Conf. Comp. Commun. and Nets., 2001, pp. 159–65.
[17]S. Savage et al., “Network Support for IP Traceback,” IEEE/ACM Trans. Net., vol. 9, no. 3, June 2001, pp. 226–37.
[18]Abraham Yaar et al., “Pi: A Path Identification Mechanism to Defend against DDoS Attacks,” in Proceedings of the IEEE Symposium on Security and Privacy 2003, 2003.
[19]Manhee Lee et al., “A Source Identification Scheme against DDoS Attacks in Cluster Interconnects,” ICPP Workshops 2004: 354-361.
[20]R. Stone, “Centertrack: An IP Overlay Network for Tracking DoS Floods,” Proc. 9th USENIX Sec. Symp., 2000, pp. 199–212.
[21]A. C. Snoeren et al., “Single-Packet IP Traceback,” IEEE/ACM Trans. Net., vol. 10, no. 6, Dec. 2002, pp. 721–34.
[22]H.Y. Chang et al., “Deciduous: Decentralized Source Identification for Network-Based Intrusions,” Proc. 6th IFIP/IEEE Int’l. Symp. Integrated Net. Mgmt., 1999.
[23]H. Burch and B. Cheswick, “Tracing Anonymous Packets to Their Approximate Source,” Proc. USENIX LISA, 2000, pp. 319–27
[24]J. Xu and W. Lee, “Sustaining Availability of Web Services under Distributed Denial of Service Attacks,” IEEE Transactions on Computers, Vol. 52, No. 2, pp. 195-208, Feb. 2003.
[25]P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing,” May 2000, RFC 2827.
[26]K. Park and H. Lee, “On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets,” in the Proc. of Sigcomm ’01, San Diego, California, USA Aug. 27-31, 2001, pp. 15-26.
[27]T. Fukuda and T. Shibata, “Theory and applications of neural networks for industrial control systems”, Industrial Electronics, IEEE Transactions on, Volume 39, Issue 6, Dec. 1992 Page(s):472 – 489
[28]王進德 蕭大全, 類神經網路與模糊控制理論入門, 全華科技圖書股份有限公司, Sep. 2003.
[29]W. Yen, "On Application-Level DDoS Attacks and Countermeasures," 2004 Symposium on Digital Life and Internet Technologies, Jun. 2004.
[30]W. Yen and M. F. Lee, "Defending Application DDoS with Constraint Random," 2005 Asia-Pacific Conference on Communications, Oct. 2005, Perth, Western Australia, EI, Oct. 2005.
[31]Christos Siaterlis and Vasilis Maglaris, “Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics”, Computers and Communications, 2005. ISCC 2005. Proceedings. 10th IEEE Symposium on
27-30, Page(s):469 – 475, June 2005

[32]R. Poli. Tournament selection, iterated coupon-collection problem, and backward-chaining evolutionary algorithms. In Proceedings of the Foundations of Genetic Algorithms Workshop (FOGA 8), 4th January 2005.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top