(3.210.184.142) 您好!臺灣時間:2021/05/13 18:33
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

: 
twitterline
研究生:林宜廷
研究生(外文):LIN, YI-TING
論文名稱:在SYN Flood攻擊中有效檢測排除惡意封包之方法研究
論文名稱(外文):An Effective Method for Detecting and Filtering Malicious Packets in TCP SYN Flood Attack
指導教授:施釗德施釗德引用關係
指導教授(外文):SHIN, JAU-DER
口試委員:吳庭育王朱福
口試委員(外文):WU, TING-YUWANG, CHU-FU
口試日期:2017-06-26
學位類別:碩士
校院名稱:國立屏東大學
系所名稱:資訊科學系碩士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2017
畢業學年度:105
語文別:中文
論文頁數:44
中文關鍵詞:DDoSSYN Flood攻擊檢測SYN佇列
外文關鍵詞:DDoSSYN FloodAttack detectionSYN queue
相關次數:
  • 被引用被引用:1
  • 點閱點閱:291
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:1
  • 收藏至我的研究室書目清單書目收藏:1
在過去幾年中,分散式阻斷服務(DDoS)攻擊被認為是網際網路的一個嚴重問題,在網際網路系統中,例如資料庫服務器、Web服務器與雲端計算服務器等,在現今網路發達環境中受到網路攻擊的情況是常見的,而DDoS攻擊是網際網路中常見的攻擊,阻斷服務會導致用戶和服務提供商都產生問題而無法正常運作,DDoS攻擊目的在於通過惡意封包造成惡意流量來耗盡網路的通信和計算能力,基於DDoS的洪水攻擊是通過向目標受害者發送大量的惡意封包來攻擊受害者的網路資源。為了提供有效的服務,在正常用戶訪問攻擊者的目標之前,必須快速檢測和緩解DDoS攻擊。
本論文提出一個即時性的分析伺服器的狀態,並判斷伺服器是否正受到SYN Flood攻擊的方法。此方法使用一個衡量伺服器當前是否受到攻擊的特徵值來偵測是否正受到攻擊者攻擊,如果判斷為SYN Flood攻擊期間將進行過濾惡意封包動作,阻止重複傳送相同來源IP的SYN/ACK封包,避免佔用佇列資源,最後也在模擬結果呈現出成功檢測且排除惡意封包,當受到攻擊時,過濾惡意封包的效果與其他文獻方法相較之下有效許多。

In the past few years, the Distributed Denial of Service (DDoS) attacks are considered a serious problem in the Internet. In the internet systems, such as data server, web server and cloud computing server, the network attack in these systems is more often than other systems. The DDoS attacks cause problem for both users and service providers in normal data transmission process. It aims at exhausting network resources by sending malicious packets. A flooding-based DDoS attack sends excessive malicious packets to the victim. In order to provide an effective service, DDoS attacks must be quickly detected before target users are attacked.
This thesis propose a method to analyze the server status and detect whether the server is being attacked with a SYN Flood attack. The method uses a feature value to detect whether the server is currently being attacked. If the server is attacked, the system will filter the malicious packet to prevent the repeated transmission packets of SYN / ACK from the same source IP. Finally, the simulation results show that our method can detect and filter the malicious packets, and the detection rate is much more effective than previous results.

致謝 i
摘要 ii
Abstract iii
目錄 iv
圖目錄 iv
表目錄 vii

第一章 緒論 1
第一節 研究背景 2
第二節 研究動機 3
第三節 論文架構 4

第二章 相關文獻探討 5
第一節 問題描述 5
第二節 入侵偵測系統 13
第三節 相關研究 19

第三章 方法描述 25
第一節 EMDFMP系統設計說明 25
第二節 EMDFMP演算法 28

第四章 效能評估 30
第一節 實驗模擬環境與參數設定 30
第二節 模擬結果與分析 31
第三節 閾值的設定 33
第四節 方法分析與比較 37

第五章 結論 42

參考文獻 43

[1]S. H. C. Haris; R. B. Ahmad; M. A. H. A. Ghani, “Detecting TCP SYN Flood Attack Based on Anomaly Detection”, 2010 Second International Conference on Network Applications, Protocols and Services, pp.240-244, 2010.
[2]Opeyemi. A. Osanaiye; Mqhele Dlodlo, “TCP IP Header Classification for Detecting Spoofed DDoS Attack in Cloud Environment”, IEEE EUROCON 2015 - International Conference on Computer as a Tool (EUROCON), pp.1–6, 2015.
[3]Sandeep Singh; R. A. Khan; Alka Agrawal, “Prevention Mechanism for Infrastructure based Denial-of-Service attack over Software Defined Network”, International Conference on Computing, Communication & Automation, pp.348-353, 2015.
[4]E.Ilavarasan; K.Muthumanickam, “A Survey on Host-Based Botnet Identification”, 2012 International Conference on Radar, Communication and Computing (ICRCC), pp.166-170, 2012.
[5]M. H. Bhuyan; A. Kalwar; A. Goswami; D. K. Bhattacharyya; J. K. Kalita, "Low-rate and High-rate Distributed DoS Attack Detection Using Partial Rank Correlation", 2015 Fifth International Conference on Communication Systems and Network Technologies, pp.706-710, 2015.
[6]A Hadoop Based Analysis and Detection Model for IP Spoofing Typed DDoS Attack Jian Zhang; Pin Liu; Jianbiao He; Yawei Zhang, “A Hadoop based analysis and detection model for IP Spoofing typed DDoS attack”, 2016 IEEE Trustcom/BigDataSE/ISPA, pp.1976-1983, 2016.
[7]J. Udhayan; R. Anitha, “Demystifying and Rate Limiting ICMP hosted DoS/DDoS Flooding Attacks with Attack Productivity Analysis”, 2009 IEEE International Advance Computing Conference, pp.558-564, 2009.
[8]Yuxuan Gao; Yaokai Feng; Junpei Kawamoto; Kouichi Sakurai,”A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation”, 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), pp.80–86, 2016.
[9]Chang Liu; Gang Xiong; Jie Liu; Gaopeng Gou, “Detect the Reflection Amplification Attack Based on UDP Protocol”, 2015 10th International Conference on Communications and Networking in China (ChinaCom), pp.260-265, 2015.
[10]邱志仁, “非法下載IP來源分析-以BitTorrent為例”, 國立屏東教育大學資訊科學系, 碩士論文, 2011.
[11]Upma Goyal; Gayatri Bhatti; Prabhdeep Singh, “A Novel Framework for Mitigating the DDoS attacks”, International Journal of Scientific & Engineering Research, 2013.
[12]Chi-Chun Lo; Chun-Chieh Huang; Joy Ku, “A Cooperative Intrusion Detection System Framework for Cloud Computing Networks”, 2010 39th International Conference on Parallel Processing Workshops, pp.280–284, 2010.
[13]Hongbin Yim; Taewon Kim; Jaeil Jung, “Probabilistic Route Selection Algorithm to Trace DDoS Attack Traffic Source Visualization”, 2011 International Conference on Information Science and Applications, pp.1-8, 2011.
[14]David Freet; Rajeev Agrawal, “A Virtual Machine Platform and Methodology for Network Data Analysis with IDS and Security Visualization”, SoutheastCon 2017, pp.1-8, 2017.
[15]S. H. C. Haris; R. B. Ahmad; M. A. H. A. Ghani; Ghossoon M. Waleed, “TCP SYN Flood Detection based on Payload Analysis”, 2010 IEEE Student Conference on Research and Development (SCOReD), pp.149 – 153, 2010 .
[16]C. Sun; C. Hu; B. Liu, “Effective SYN flood detection against skillful spoofs”, IET Information Security, pp.149-156, 2012.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
系統版面圖檔 系統版面圖檔