跳到主要內容

臺灣博碩士論文加值系統

(98.80.143.34) 您好!臺灣時間:2024/10/04 16:29
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:李國瑋
研究生(外文):Kou-Wei Li
論文名稱:低儲存量單一封包回溯機制
論文名稱(外文):Hybrid IP Traceback Scheme with Efficient Packet Logging
指導教授:楊明豪楊明豪引用關係
指導教授(外文):Ming-Hour Yang
學位類別:碩士
校院名稱:中原大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2010
畢業學年度:98
語文別:英文
論文頁數:24
中文關鍵詞:封包標記機制封包轉存機制複合IP回溯機制IP位址偽裝分散式阻斷服務攻擊
外文關鍵詞:Hybrid IP tracebackDoS/DDoS attackIP spoofingpacket loggingpacket marking
相關次數:
  • 被引用被引用:0
  • 點閱點閱:154
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著網際網路已經廣泛地應用在各種領域之中,越來越多的網路安全性議題開始浮現並受到人們所重視。但是攻擊者可以藉由IP位址偽裝來隱藏自己的來源位置並發動攻擊。由於這個原因,已經有許多的研究提出多種的回溯機制來追蹤攻擊者的來源位置。其中部份的封包轉存機制只需要一個封包就可以追蹤攻擊者來源。另外有結合封包標記與封包轉存的複合IP回溯機制所需的儲存量較上述機制低但是需要更長的搜尋時間。在本篇論文中,在複合IP回溯機制中我們提出一個有效率的封包轉存機制以降低其儲存量、更快速的重建路徑與避免誤判的發生。除此之外,我們可以利用封包的標記欄位來判斷攻擊流量。最後,我們模擬與分析我們的機制,並在儲存量、計算量與準確度的觀點上與其他相關的研究做比較。
Because the Internet has been widely applied in various fields, more and more network security issues emerge and catch people’s attention. However, adversaries often hide themselves by spoofing their own IP address and then launch attacks. For this reason, researches have proposed a lot of traceback schemes to trace the source of these attacks. Some use only one packet in their packet logging schemes to achieve IP tracking. Others combine packet marking with packet logging and therefore create hybrid IP traceback schemes demanding less storage but requiring longer search. In this paper, we propose a new scheme for efficient packet logging in hybrid IP traceback aiming to fix our storage requirement (under 320K bytes, according to CAIDA’s skitter dataset) in packet logging without the need to refresh the logged tracking information; and to achieve zero false positive and false negative in attack-path reconstruction. Besides, we use a packet’s marking field to censor attack traffic on its upstream routers. Last, we simulate and analyze our scheme, in comparison with other related researches, in the following aspects, storage requirement, computation, and accuracy.
摘要 I
Abstract II
目錄 III
圖目錄 IV
表目錄 V

1. Introduction 1
2. Related work 3
3. RIHT 5
3.1. Marking and logging scheme 6
3.2. Path Reconstruction 8
4. Performance evaluation and analysis 11
4.1. Simulation environment and data set 11
4.2. Computation Analysis 11
4.3. Storage requirement 15
4.4. False positive and false negative rate 16
4.5. Packet identity 16
5. Conclusion 17
6. Reference 18

Figure 1. Example of traceback schemes that marks router interfaces. 4
Figure 2. Network topology 5
Figure 3. The field of an IP packet. We use the gray field to be the marking field. 5
Figure 4. Example of RIHT‘s marking and logging. 8
Figure 5. Example of RIHT’s path reconstruction. 10
Figure 6. Distribution of path length. 10
Figure 7. Expected numbers of probes. 12
Figure 8. Computing time of hash functions with different input length. 13
Figure 9. Computing time of logging schemes using MurmurHash2. 13
Figure 10. Computing time of logging schemes using FNVHash. 13
Figure 11. Computing time of logging schemes using MD5. 14

Table 1. Notations. 6


[1]A. Appleby. (2010). Murmurhash. [Online]. Available: http://sites.google.com/site/murmurhash/.
[2]A.Belenky and N. Ansari, “IP traceback with deterministic packet marking,” IEEE Communications Letters, vol. 7, no. 4, pp. 162–164, April 2003.
[3]A.Belenky and N. Ansari, “Tracing multiple attackers with deterministic packet marking (DPM),” in Proc. IEEE PACRIM’03, Victoria, BC, Canada, Aug. 2003, pp. 49–52.
[4]A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent, and W. T. Strayer, “Single-packet IP traceback,” IEEE/ACM Transactions on Networking, vol. 10, no. 6, pp. 721–734, Dec. 2002.
[5]A. Hussain, J. Heidemann, and C. Papadopoulos, “A Framework for Classifying Denial of Service Attacks,” in Proc. ACM SIGCOMM ’03, Karlsruhe, Germany, Aug. 2003, pp. 99-110.
[6]A. Yaar, A.Perrig, and D.Song, “FIT: Fast Internet Traceback,” in Proc. IEEE INFOCOM2005, Miami, FL, USA, Mar. 2005, pp. 1395–1406.
[7]B. Al-Duwari and M. Govindarasu, “Novel hybrid schemes employing packet marking and logging for IP traceback,” IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 5, pp. 403-418, May 2006.
[8]CAIDA. (2010). CAIDA’s skitter project. [Online]. Available: http://www.caida.org/tools/skitter/.
[9]C. Gong and K. Sarac, “A More Practical Approach for Single-Packet IP Traceback Using Packet Logging and Marking,” IEEE Transactions on Parallel and Distributed Systems, vol. 19, no. 10, pp.1310-1324, Oct. 2008.
[10]D. E. Knuth, The art of computer programming, volume 3: (2nd ed.) sorting and searching, Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, 1998, pp. 513–558.
[11]D. X. Song and A. Perrig, “Advanced and authenticated marking schemes for IP traceback,” in Proc. IEEE INFOCOM2001, Anchorage, Alaska, USA, Apr. 2001, pp. 878-886.
[12]H. Burch and B. Cheswick, “Tracing anonymous packets to their approximate source,” in Proc. USENIX LISA 2000, New Orleans, USA, Dec. 2000, pp. 319–327.
[13]I. Stocia and H. Zhang, “Providing guaranteed services without peer flow management,” in Proc. ACM SIGCOMM’99, Boston, MA, USA, Sept. 1999, pp. 81-94.
[14]K. H. Choi and H. K. Dai, “A Marking Scheme Using Huffman Codes for IP Traceback,” in Proc. The 7th International Symposium on Parallel Architectures, Algorithms and Networks (SPAN’04), Hong Kong, SAR, China, May 2004, pp. 421-428.
[15]L. C. Noll (2010). FNV Hash. [Online]. Available: http://www.isthe.com/chongo/tech/comp/fnv/index.html.
[16]L. Zhang and Y. Guan, ”TOPO: A Topology-aware Single Packet Attack Traceback Scheme,” in Proc. IEEE International Conference on Security and Privacy in Communication Networks (SecureComm 2006), Baltimore, Maryland, USA, Aug. 2006, pp. 1-10.
[17]S. Malliga and A. Tamilarasi, “A hybrid scheme using packet marking and logging for IP traceback,” International Journal of Internet Protocol Technology, vol.5, no. 1/2, pp.81-91, Apr. 2010.
[18]S. Malliga and A. Tamilarasi, “A proposal for new marking scheme with its performance evaluation for IP traceback,” WSEAS Transactions on Computer Research, vol.3, no. 4, pp.259-272, Apr. 2008.
[19]S. M. Bellovin, M. D. Leech, and T. Taylor, “ICMP Traceback Messages,” Internet Draft: draft-ietf-itrace-04.txt, Feb. 2003.
[20]S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Practical Network Support for IP Traceback” in Proc. ACM SIGCOMM2000, Stockholm, Sweden, Aug. 2000, pp. 295-306.
[21]The MD5 Message-Digest Algorithm, IEFT RFC 1321, 1992.
[22]X. J. Wang and Y. L. Xiao, “IP Traceback Based on Deterministic Packet Marking and Logging,” in Proc. SCALCOM-EMBEDDEDCOM'09, Dalian, China, Sept. 2009, pp.178-182.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top