跳到主要內容

臺灣博碩士論文加值系統

(35.175.191.36) 您好!臺灣時間:2021/07/31 00:49
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:余清溪
研究生(外文):Ching-Hsi Yu
論文名稱:以自治式防禦系統防治分散式阻斷服務攻擊
論文名稱(外文):AS-Base Defense System Against Distributed DOS Attack
指導教授:歐陽彥杰
學位類別:碩士
校院名稱:國立中興大學
系所名稱:電機工程學系所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:中文
論文頁數:62
中文關鍵詞:分散式阻斷服務攻擊追蹤攻擊源自治系統潰洪攻擊
外文關鍵詞:Distributed Denial of Service (DDoS)IP TracebackAutonomous System (AS)Flooding Attack
相關次數:
  • 被引用被引用:1
  • 點閱點閱:174
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
『阻斷服務攻擊(Denial of Service, DoS)』或『分散式阻斷服務攻擊(Distributed Denial of Service, DDoS)』等網路犯罪行為,儼然已成為網際網路資訊安全方面最嚴厲的威脅之一,無論是網路的可用度或網路服務的可靠性都將因為這樣的攻擊行為而遭受嚴重的打擊與破壞。分散式阻斷服務攻擊是公認最難以防範的網路犯罪行為,因為這樣的攻擊行為讓事先擄獲為數眾多的網路電腦共同參與了網路攻擊行動,面對這樣的分散式攻擊,不僅難以預防也難以防治。雖然有許多的學者專家相繼提出了防禦的機制與措施想克服此難題,但還是難以抵禦分散式的潰洪攻擊(Flooding attacks)行動。
在過去,追蹤攻擊源的相關研究均希望能迅速找出攻擊源,並適時予於抵禦或阻擋。但實際上攻擊源數量的成長速度遠快於追蹤的效率,讓追蹤攻擊源IP位址的追蹤方法無法有效地運用於現實的環境之中,因此本論文提出以『自治系統(AS)』為追蹤與防禦的基礎,並輔以自動化的分散式防禦協定,以期能快速有效地防禦網路攻擊,以提高網際網路的安全性。
The increasing denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are severe treats for internet service. Internet connections or victims were jammed by many useless packets that were sent from a large number of compromised hosts caused by DDoS attacks. Although many techniques have been proposed to defend from the DDoS attacks, they are still hard to respond the flooding-based DDoS attacks. These attacks are launched from a large number of infected hosts. Those infected hosts are simple to implement but difficult to prevent, therefore hard to trace. In this thesis, we propose a new defending system called autonomous system (AS) based defense system to countermeasure the flooding-based DoS/DDoS attacks. The defend system can replace the value in ID field of the IP packet by an autonomous system number (ASN) so that it can be efficiently recognized. Based on the design, this system can resolve the troublesome caused by the flooding-based DoS/DDoS attacks and provide better internet security.
第一章 緒論 1
1.1研究動機 1
1.2研究目標 3
1.3論文架構 4
第二章 網路攻擊行為介紹 5
2.1 攻擊行為分類 5
2.2 防禦攻擊的相關研究 11
第三章 分散式防禦系統 16
3.1 AS-Base追蹤攻擊源 23
3.2分散式防禦協定(DDP) 33
3.3 Border-Marking and Edge-Marking 36
第四章 實驗結果與分析 40
4.1 分散式攻擊的模擬實驗 45
4.2 ACL阻擋攻擊的模擬實驗 51
4.3 AS-Base防禦之模擬實驗 54
第五章 結論與未來工作 58
5.1 結論 58
5.2 未來工作 58
參考書目 60
[1] “DNS Distributed Denial of Service”, SSAC Advisory SAC008, March 2006.
[2] G. Lawton, “Stronger Domain Name System Thwarts Root-Server Attacks”, IEEE Computer, vol. 40, Issue 5, May 2007, pp. 14~17.
[3] D. Moore, G. M. Voelker, and S. Savage, “Inferring Internet denial-of-service
activity." , Proceedings of the 10th USENIX Security Symposium, August 2001.
[4] L. Garber, “Denial-of-service attacks rip the Internet.", IEEE Computer, vol. 33,
no. 4, April 2000, pp. 12~17.
[5] R. Richardson, “2007 CSI COMPUTER CRIME AND SECURITY SURVEY”, 2007
[6] S. M. Specht, R. B. Lee , “Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures”, Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems, 2004 International Workshop on Security in Parallel and Distributed Systems, pp. 543-550, September 2004
[7] J. Mirkovic, S. Dirtrich, D. Dittrich, P. Reiher, “Internet Denial of Service attack and defence mechanisms”, Prentice Hall 2005, ISBN 0-13-147573-8
[8] D. Dittrich, “The DoS Project’s Trinoo Distributed Denial of Service Attack Tool”, October 1999, http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt
[9] D. Dittrich, “The Tribe Flood Netowkr Distributed Denial of Service Attack Tool”, October 1999, http://staff.washington.edu/dittrich/misc/tfn.analysis.txt
[10] D. Dittrich, “The Stacheldraht Distributed Denial of Service Attack Tool”, December 1999, http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt
[11] S. Dietrich, N. Long, D. Dittrich, “Analyzing Distributed Denial of Service Attack Tool: The Shaft Case”, Proceedings of 14th USENIX Systems Administration Conference (LISA 2000), December 2000, pp. 329-339, http://www.adelphi.edu/~spock/lisa2000-shaft.pdf
[12] CERT Coordination Center, “Rusults of the Distributed-Systems Intruder Tools Workshop”, December 1999, http://www.cert.org/reports/dsit_workshop.pdf
[13] R. Mahajan, S.M. Bellovin, S. Floyd, J.Ioannidis, V. Paxson, S. Shenker, “Controlling High Bandwidth Aggregates in the Networks”, ACM SIGCOMM Computer Communications Review, Vol. 32, no. 3, July 2002, pp. 62-73
[14] J. Ioannidis, S.M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks”, Proceedings of Network and Distributed System Security Symposium (NDSS), February 2002, The Internet Society.
[15] S. Savage, D. Wetherall, A. Karlin , T. Anderson, “Practical Network Support for IP Traceback”, Proceedings of ACM SIGCOMM 2000, August 2000, pp. 295~306
[16] A. Belenky, N. Ansari, “IP Traceback With Deterministic Packet Marking”, IEEE Communications Letters, Vol. 7, NO. 4, April 2003, pp. 162~164
[17] C. Shannon, D. Moore, and K. Claffy, “Characteristics of fragmented IP traffic on internet links,” in Proc. SIGCOMM, 2001, pp. 83–97.
[18] X. Yang, W. Zhou, “A Defense System Against DDoS Attacks by Large-Scale IP Traceback”, Third International Conference on Information Technology and Application (ICITA), 2005,
[19] H. K. Ryu, S. Chong, “Deterministic Packet Marking for Max-Min Flow Control”, IEEE communications Letters, VOL. 9, NO. 9, September 2005
[20] G. Jin and J. Yang, “Deterministic Packet Marking based on Redundant Decomposition for IP Traceback”, IEEE Communications Letters, VOL. 10, NO. 3, March 2006
[21] V. A. Siris, I. Stavrakis, “Provider-Based Deterministic Packet Marking against Distributed DoS Attacks”, 19th IEEE International Parallel and Distributed Processing Symposium (IDPDS’05), 2005
[22] A. Belenky, N. Ansarl, “On IP Traceback”, IEEE Communications Magzaine, July 2003
[23] W. Hardaker, D. Kingdred, R. Ostrenga, D. Sterne, R. Thomas, “Justification and Requirements for a National DDoS Defense Technology Evaluation Facility”, Network Associates Laboratories Report #02-052, July 2002
[24] 曾昱國, “網路攻擊路徑追蹤之研究”, 國立中山大學資訊工程學系博士論文, 2004
[25] IANA, http://www.iana.org/assignments/as-numbers
[26] ISI, http://www.isi.edu/nsnam/ns/ns-build.html
[27] IETF, http://www.ietf.org/rfc/rfc2827.txt
[28] CAIDA, http://www.caida.org/tools/measurement/skitter/router_topology/
[29]NS2使用說明, http://hpds.ee.ncku.edu.tw/~smallko/ns2/ns2.htm
[30]柯志亨,程榮祥,謝錫堃,黃文祥, “計算機網路實驗,以NS2模擬工具實作”, 學貫行銷股份有限公司, 2005
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top