跳到主要內容

臺灣博碩士論文加值系統

(44.220.247.152) 您好!臺灣時間:2024/09/12 05:26
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳韋佑
研究生(外文):Wei-Yu Chen
論文名稱:在移動目標防禦下基於機器學習之DDoS攻擊偵測機制
論文名稱(外文):Machine Learning-based DDoS Attacks Detection for Moving Target Defense Networks
指導教授:周立德周立德引用關係
指導教授(外文):Li-Der Chou
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2019
畢業學年度:107
語文別:中文
論文頁數:109
中文關鍵詞:分散式阻斷服務攻擊軟體定義網路移動目標防禦機器學習NetFlow
外文關鍵詞:Distributed Denial-of-ServiceSoftware-defined NetworkingMoving Target DefenseMachine LearningNetFlow
相關次數:
  • 被引用被引用:0
  • 點閱點閱:337
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
近幾年來,物聯網(Internet of Things, IoT)技術急速發展,據估計,2020年具有聯網功能的物聯網設備將高達數百億,由於大部分物聯網設備運算能力較低,因此大都缺乏完善的安全機制,這也導致基於物聯網的殭屍網路(Botnet)數量快速增長。網路技術的進步與物聯網產業的盛行,使駭客的攻擊手法變得多元,且常利用不安全的物聯網設備所建立的殭屍網路進行分散式阻斷服務攻擊(Distributed Denial-of-Service, DDoS)藉此破壞網通設備以及消耗伺服器資源。因此本論文運用機器學習(Machine Learning)以及透過CIDDS-001資料集訓練智慧型訊務分類器用來偵測DDoS攻擊以及辨識用戶端。其中能夠為了有效解決傳統網路防禦上易攻難守的問題,採用了新型的網路架構以及防禦策略,例如:軟體定義網路(Software-defined Networking, SDN)透過控制層集中化管理特性,來讓網路架構易於管理且靈活;移動目標防禦(Moving Target Defense, MTD) 透過變換欲防禦之目標資訊,來達到混淆攻擊者並轉移攻擊流量的概念。
本論文提出的ATBM是一種在SDN環境下的MTD機制,透過智慧型訊務分類器對用戶端訊務進行惡意訊務偵測與行為分析,可有效偵測DDoS攻擊以及識別合法與惡意用戶。為了驗證智慧型訊務分類器之穩健性,本論文使用20%的 CIDDS-001資料集數據作為Testing Data,其分類器的F1-Score評估高達99.1%。 此外,本論文也實作一套基於ATBM機制的安全系統並利用Docker來模擬多台殭屍設備對本系統之Master Server進行DDoS攻擊,根據實驗結果顯示可阻擋98.11%來自TCP SYN Flooding攻擊流量與96.44%來自UDP Flooding攻擊流量進入本系統,其運用了移動目標防禦讓惡意訊務無法攻擊本系統之Master Server,使合法用戶不被DDoS攻擊影響能正常存取Master Server的資源。
In recent years, the Internet of Things (IoT) technology has developed rapidly. By 2020, it is expected that more than ten billion IoT devices surf on the Internet. Due to the low processing capabilities of IoT devices, the vulnerabilities of security mechanism cause the rapid growth of IoT-based botnets such as Mirai and Torii. Botnets are often used to implement Distributed Denial-of-Service (DDoS) attacks. The advancement of the Internet technology has made it easy for hackers to control a large of zombie devices and launch DDoS attacks. (TCP Flooding, UDP Flooding, HTTP Flooding, etc.) According to the above, how to effectively detect and defense DDoS attacks is an important research topic.
In order to solve the problem of defense of the network security, the new network architecture and defense strategy is adopted, such as software-defined network (SDN), the network architecture is easy to manage and flexible through the centralized management of the control layer; Moving Target Defense (MTD) achieves the concept of confusing attackers and redirecting abnormal traffic by transforming the target information to be defended.
The proposed ATBM is an MTD based mechanism in the SDN environment. It performs abnormal traffic detection and behavior analysis of network traffic by the abnormal traffic classifier, which can detect DDoS attacks and identify legitimate and malicious clients. In order to verify the stability of the abnormal traffic classifier, this paper uses 20% of the CIDDS-001 dataset as testing data. The evaluation of abnormal traffic classifier’s F1-Score is 99.1%. In addition, this paper implemented an ATBM based security system and simulated 100 zombie devices performing DDoS attacks to the Master Server of the ATBM system. The proposed mechanism can effectively protect legitimate clients and the Master Server from DDoS attacks with MTD approach. According to the experimental results, it shows that the proposed mechanism is able to prevent 98.11% of abnormal traffic from TCP SYN Flooding attacks and 96.44% of abnormal traffic from UDP Flooding attacks to the ATBM system.
摘要 i
Abstract ii
誌謝 iv
目錄 v
圖目錄 viii
表目錄 xi
第一章 緒論 1
1.1 概要 1
1.2 研究動機 2
1.3 研究目的 3
1.4 章節架構 4
第二章 背景知識與相關研究 5
2.1 分散式阻斷服務攻擊 5
2.2 移動目標防禦 8
2.3 軟體定義網路 11
2.4 NetFlow 15
2.5 機器學習 18
2.6 相關研究比較 23
第三章 研究方法 25
3.1 系統架構與設計 25
3.1.1 Dataset Handler模組 27
3.1.2 Feature Selection模組 29
3.1.3 ML Algorithm模組 30
3.1.4 Traffic Collector模組 31
3.1.5 NetFlow Handler模組 31
3.1.6 NetFlow Classification模組 32
3.1.7 Classification Collector模組 32
3.1.8 Abnormal Traffic Detection模組 33
3.1.9 Behavior Analysis模組 33
3.1.10 DstServer Selection模組 34
3.1.11 DDoS Decision模組 34
3.1.12 Flow Rule Manager模組 34
3.2 系統運作流程與機制 35
3.2.1 系統定義與假設 35
3.2.2 系統資料符號表 36
3.2.3 系統運作流程 41
3.2.4 Training Modules運作流程 43
3.2.5 Classification Modules運作流程 45
3.2.6 Attack Detection Modules運作流程 46
3.2.7 SDN MTD Modules運作流程 48
3.3 系統實作 49
第四章 實驗與討論 55
4.1 情境一:SDN移動目標防禦系統評估與測試 55
4.1.1 實驗一:DNS服務之功能驗證 56
4.1.2 實驗二:SDN移動目標防禦系統之功能驗證 57
4.1.3 實驗三:SDN移動目標防禦系統之網路效能分析 60
4.2 情境二:機器學習之智慧型訊務分類器分析與評估 63
4.2.2 實驗四:多層感知機分析與比較 64
4.2.1 實驗五:監督式機器學習分析與比較 67
4.2.3 實驗六:遞歸式特徵消除演算法分析與比較 70
4.3 情境三:ATBM機制評估與討論 75
4.3.1 實驗七:辨識合法用戶與惡意用戶 75
4.3.2 實驗八:DDoS攻擊之減緩與討論 78
4.3.3 實驗九:預防伺服器蒐集攻擊與討論 83
第五章 結論與未來研究 85
5.1 結論 85
5.2 研究限制 86
5.2 未來工作 87
參考文獻 89
[1] Wikipedia, Denial of Service attack [Online]. Available: https://en.wikipedia.org/wiki/Denial_of_Service_attack.
[2] Wikipedia, Intrusion detection system [Online]. Available: https://en.wikipedia.org/wiki/Intrusion_detection_system.
[3] Botnet - Definition - Trend Micro USA [Online]. Available: https://www.trendmicro.com/vinfo/us/security/definition/botnet.
[4] Introduction DDoS Attacks [Online]. Available: http://www.cc.ntu.edu.tw/chinese/epaper/0026/20130920_2606.html.
[5] GitHub survived the biggest DDoS attack ever recorded [Online]. Available: https://www.wired.com/story/github-ddos-memcached/.
[6] R. Zhuang, S. Zhang, A. Bardas, S. A. DeLoach, X. Ou, and A. Singhal, "Investigating the application of moving target defenses to network security," in 2013 6th International Symposium on Resilient Control Systems (ISRCS), 2013: IEEE, pp. 162-169.
[7] R. Zhuang, A. G. Bardas, S. A. DeLoach, and X. Ou, "A theory of cyber attacks: A step towards analyzing MTD systems," in Proceedings of the Second ACM Workshop on Moving Target Defense, 2015: ACM, pp. 11-20.
[8] C. Guilin, W. Baosheng, W. Tianzuo, L. Yuebin, W. Xiaofeng, and C. Xinwu, "Research and development of moving target defense technology," Journal of Computer Research and Development, vol. 53, no. 5, pp. 968-987, 2016.
[9] S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, Moving target defense: creating asymmetric uncertainty for cyber threats. Springer Science & Business Media, 2011.
[10] M. Azab, R. Hassan, and M. Eltoweissy, "ChameleonSoft: a moving target defense system," in 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2011: IEEE, pp. 241-250.
[11] Address space layout randomization [Online]. Available: https://en.wikipedia.org/wiki/Address_space_layout_randomization.
[12] A. K. Bangalore and A. K. Sood, "Securing web servers using self cleansing intrusion tolerance (scit)," in 2009 Second International Conference on Dependability, 2009: IEEE, pp. 60-65.
[13] H. Okhravi, A. Comella, E. Robinson, and J. Haines, "Creating a cyber moving target for critical infrastructure applications using platform diversity," International Journal of Critical Infrastructure Protection, vol. 5, no. 1, pp. 30-39, 2012.
[14] P. Wood, C. Gutierrez, and S. Bagchi, "Denial of service elusion (DoSE): Keeping clients connected for less," in 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS), 2015: IEEE, pp. 94-103.
[15] Wikipedia, Content Delivery Network [Online]. Available: https://en.wikipedia.org/wiki/Content_delivery_network.
[16] Wikipedia, Internet Engineering Task Force [Online]. Available: https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force.
[17] Wikipedia, Software-defined networking [Online]. Available: https://en.wikipedia.org/wiki/Software-defined_networking.
[18] Wikipedia, Open Networking Foundation [Online]. Available: https://en.wikipedia.org/wiki/Open_Networking_Foundation.
[19] N. McKeown et al., "OpenFlow: enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008.
[20] Ryu component-based software defined networking framework [Online]. Available: https://github.com/osrg/ryu.
[21] J. H. Jafarian, E. Al-Shaer, and Q. Duan, "Openflow random host mutation: transparent moving target defense using software defined networking," in Proceedings of the first workshop on Hot topics in software defined networks, 2012: ACM, pp. 127-132.
[22] 黃柏勝, "基於SDN、NFV與移動目標防禦之分散式阻斷服務攻擊防禦機制," 碩士, 資訊工程學系, 國立中央大學, 桃園縣, 2017.
[23] Wikipedia, NetFlow [Online]. Available: https://en.wikipedia.org/wiki/NetFlow.
[24] H. BENADDI, K. IBRAHIMI, and A. BENSLIMANE, "Improving the Intrusion Detection System for NSL-KDD Dataset based on PCA-Fuzzy Clustering-KNN," in 2018 6th International Conference on Wireless Networks and Mobile Communications (WINCOM), 2018: IEEE, pp. 1-6.
[25] M. Ring, S. Wunderlich, D. Grüdl, D. Landes, and A. Hotho, "Flow-based benchmark data sets for intrusion detection," in Proceedings of the 16th European Conference on Cyber Warfare and Security. ACPI, 2017, pp. 361-369.
[26] OpenStack [Online]. Available: https://www.openstack.org/.
[27] KDD Cup 1999 Dataset [Online]. Available: http://kdd.ics.uci.edu/databases/kddcup99/.
[28] NSL-KDD dataset [Online]. Available: https://www.unb.ca/cic/datasets/nsl.html.
[29] The CTU-13 Dataset. A Labeled Dataset with Botnet, Normal and Background traffic [Online]. Available: https://www.stratosphereips.org/datasets-ctu13.
[30] V. Jyothi, X. Wang, S. K. Addepalli, and R. Karri, "Brain: Behavior based adaptive intrusion detection in networks: Using hardware performance counters to detect ddos attacks," in 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), 2016: IEEE, pp. 587-588.
[31] M. Zekri, S. El Kafhali, N. Aboutabit, and Y. Saadi, "DDoS attack detection using machine learning techniques in cloud computing environments," in 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), 2017: IEEE, pp. 1-7.
[32] Snort - Network Intrusion Detection & Prevention System [Online]. Available: https://www.snort.org.
[33] Technical Report CIDDS-001 data set [Online]. Available: https://www.hs-coburg.de/fileadmin/hscoburg/Forschung/WISENT_cidds_Technical_Report.pdf.
[34] Wikipedia, Activation function [Online]. Available: https://en.wikipedia.org/wiki/Activation_function.
[35] Ryu SDN Framework [Online]. Available: https://osrg.github.io/ryu/.
[36] Open vSwitch [Online]. Available: https://www.openvswitch.org/.
[37] Docker: Enterprise Application Container Platform [Online]. Available: https://www.docker.com/.
[38] NGINX | High Performance Load Balancer, Web Server, & Reverse Proxy [Online]. Available: https://www.nginx.com/.
[39] Bmon: bandwidth monitor and rate estimator [Online]. Available: https://github.com/tgraf/bmon.
[40] Softflowd: A flow-based network traffic analyser capable of Cisco NetFlow data export software [Online]. Available: https://github.com/irino/softflowd.
[41] iPerf - Download iPerf3 and original iPerf pre-compiled binaries [Online]. Available: https://iperf.fr/iperf-download.php.
[42] hping3 | Penetration Testing Tools [Online]. Available: https://tools.kali.org/information-gathering/hping3.
[43] cURL [Online]. Available: https://en.wikipedia.org/wiki/CURL.
[44] Tcpreplay - Pcap editing and replaying utilities [Online]. Available: https://tcpreplay.appneta.com/.
[45] Hydra: Penetration testing tool [Online]. Available: https://github.com/vanhauser-thc/thc-hydra.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊