跳到主要內容

臺灣博碩士論文加值系統

(44.200.27.215) 您好!臺灣時間:2024/04/13 17:59
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳志蔚
研究生(外文):Chih-Wei Chen
論文名稱:透過增量式分群過濾脈衝式阻斷服務攻擊
論文名稱(外文):Efficient Filtering of Pulsing DDoS using Incremental Clustering
指導教授:蕭旭君
指導教授(外文):Hsu-Chun Hsiao
口試委員:鄭欣明黃俊穎黃世昆
口試委員(外文):Shin-Ming ChengChun-Ying HuangShih-Kun Huang
口試日期:2016-07-26
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2016
畢業學年度:104
語文別:英文
論文頁數:26
中文關鍵詞:阻斷服務攻擊低速率攻擊脈衝式攻擊布隆過濾器
外文關鍵詞:DDoSpulsing attacklow rate attackbloom filter
相關次數:
  • 被引用被引用:0
  • 點閱點閱:89
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
低速分散式阻斷服務攻擊是一種具有隱蔽地攻擊性的網際網路攻擊手法。其中一種又稱之為脈衝分散式阻斷服務攻擊,這種攻擊的原理為利用 TCP 擁塞控制的弱點,只需要傳輸少於傳統的洪水型分散式阻斷服務攻擊的惡意流量,就能達到攻擊合法的 TCP 流量。它可以透過大量卻只維持短暫時間的流量來使目標網路暫時性地被中斷,導致合法的使用者發生封包遺失而無法順暢地連接。這種狡猾地攻擊難以被現今的防禦機制偵測。

本論文方法使用漸進式分群來處理網路流量,因為其資料形式為封包依序進入。透過漸進式分群我們可以對各個使用者做分群依據擁塞時所傳送的行為。透過布隆過濾器 (Bloom Filter) 我們可以有效率地儲存在分群時所需要的資料。在分群之後,我們可以依群組做排序並動態地計算出閥值。透過閥值,可以增加小流量的 TCP 使用者通過的機會同時處理惡意的流量透過阻擋具有大流量的使用者。

The Low-rate Distributed Denial-of-Service (LDDoS) attack is a network attack technique which can be harmful but stealthy. One type of the LDDoS attack, called pulsing DDoS attack, leverages the adaptive nature of the TCP congestion control mechanism. Pulsing DDoS attacks can suppress legitimate
TCP traffic by sending fewer packets than traditional flooding DDoS attack. With a short period burst traffic, the pulsing DDoS attack aims to interrupt the target network temporarily and thus packet drop occurs, which makes the users unable to access the network. This kind of attack is crafty and hard to be detected efficiently by existing defensive approaches.

In this thesis, we propose an efficient LDDoS defense mechanism using incremental clustering. Instead of keeping per-flow state, which is too heavy-weight for core routers, we classify flows according to the amount of traffic they sent during the congestion periods. Groups with larger flows get a lower priority and will be blocked ealier during congestion. With such, we increase the probability of small TCP traffic to pass the link and block the huge flows which most of them are malicious. In addition, we record the data which is necessary for the clustering and other related work in Bloom filters to keep up with high-speed per-packet processing.

口試委員會審定書 ...................... iii
誌謝 .................................. v
Acknowledgements ...................... vii
摘要 .................................. ix
Abstract .............................. xi
1 Introduction ........................ 1
2 Background .......................... 3
2.1 Background ........................ 3
2.1.1 Pulsing Denial of Service ....... 3
2.1.2 Bloom Filter .................... 3
2.1.3 Spectral Bloom Filter ........... 4
2.1.4 Incremental Clustering .......... 5
2.2 Related Work ...................... 5
2.2.1 Defense on Mechanism ............ 5
2.2.2 Difference of Behavior .......... 5
3 Problem Definition .................. 7
4 Proposed Solution ................... 9
4.1 Concept ........................... 9
4.2 Workflow .......................... 11
5 Evaluation .......................... 15
5.1 Analysis .......................... 15
5.2 Experiment Environment ............ 16
5.2.1 Abstraction of Reality .......... 16
5.2.2 Experiment Setup ................ 16
5.3 Result ............................ 17
5.4 Discussion ........................ 21
6 Conclusion .......................... 23
Bibliography .......................... 25

[1] M. Ackerman and S. Dasgupta. Incremental clustering: The case for extra clusters. In Advances in Neural Information Processing Systems, pages 307–315, 2014.

[2] A. Broder and M. Mitzenmacher. Network applications of bloom filters: A survey. Internet mathematics, 1(4):485–509, 2004.

[3] S. Cohen and Y. Matias. Spectral bloom filters. In Proceedings of the 2003 ACM SIGMOD international conference on Management of data, pages 241–252. ACM, 2003.

[4] Y.-M. Ke, C.-W. Chen, H.-C. Hsiao, A. Perrig, and V. Sekar. Cicadas: Congesting the internet with coordinated and decentralized pulsating attacks. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pages 699–710. ACM, 2016.

[5] A. Kuzmanovic and E. W. Knightly. Low-rate tcp-targeted denial of service attacks: the shrew vs. the mice and elephants. In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, pages 75–86. ACM, 2003.

[6] S. J. Templeton and K. E. Levitt. Detecting spoofed packets. In DARPA Information Survivability Conference and Exposition, 2003. Proceedings, volume 1, pages 164–175. IEEE, 2003.

[7] H. Wang, C. Jin, and K. G. Shin. Defense against spoofed ip traffic using hop-count

filtering. IEEE/ACM Transactions on Networking (ToN), 15(1):40–53, 2007.

[8] A. Yaar, A. Perrig, and D. Song. Stackpi: New packet marking and filtering mechanisms for ddos and ip spoofing defense. IEEE Journal on Selected Areas in Communications, 24(10):1853–1863, 2006.

[9] C. Zhang, Z. Cai, W. Chen, X. Luo, and J. Yin. Flow level detection and filtering of low-rate ddos. Computer Networks, 56(15):3417–3431, 2012.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top