以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：13

、訪客IP：3.142.131.51

姓名	朱以誠(Yi-Cheng Zhu)  查詢紙本館藏	畢業系所	軟體工程研究所
論文名稱	IDSPS: 應用在即時流量轉移機制下的入侵偵測系統 (IDSPS: An Intrusion Detection System for Real-time Path Transmission of TCP Connections)
相關論文	★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm ★ Discoverer- Rootkit即時偵測系統 ★ 一項Android手機上詐騙簡訊的偵測與防禦機制 ★ SRA系統防禦ARP欺騙劫持路由器 ★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines ★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統 ★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統 ★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection ★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks ★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection ★ Shark: Phishing Information Recycling from Spam Mails ★ FFRTD: Beat Fast-Flux by Response Time Differences ★ Antivirus Software Shield against Antivirus Terminators ★ MAC-YURI : My ACcount, YoUr ResponsIbility ★ KKBB: Kernel Keylogger Bye-Bye ★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2025-6-30以後開放)
摘要(中)	分散式阻斷攻擊（DDoS attack, Distributed Denial of Service attack）為網路上多年來盛行的一種攻擊方式，也發展出各式各樣的防禦機制，本篇論文針對 DDoS 防禦機制「即時流量轉移機制」，為 proxy 端建立一套入侵偵測系統（IDS, Intrusion Detection System），透過建立 IP 地址白名單並嘗試去除潛藏在轉移流量當中的攻擊者來保護 被轉移的連線。
摘要(英)	DDoS (Distributed Denial of Service) attack has been prevalent on the Internet for many years and various defense mechanisms have emerged against DDoS attack. This thesis aims at building an IDS (Intrusion Detection System) for the proxy side of the DDoS defense mechanism “Real-time path transmission of TCP connections”. We protect the transmitted TCP connections by building an IP allow list and trying to detect and remove the attackers that hidden in the transmitted TCP connections.
關鍵字(中)	★ 分散式阻斷攻擊 ★ 即時流量轉移機制 ★ 入侵偵測系統	關鍵字(英)	★ DDoS Attack ★ Real-time Path Transmission of TCP Connections ★ Intrusion Detection System
論文目次	摘要....................................................i Abstract...............................................ii 誌謝..................................................iii 圖目錄.................................................vi 表目錄.................................................ix 第1章　緒論..............................................1 第2章　背景介紹..........................................3 　2.1　及時流量轉移機制...................................3 　2.2　入侵偵測系統......................................5 　2.3　應用在即時流量轉移機制下的入侵偵測系統...............6 第3章　系統架構..........................................8 　3.1　Proxy封包處理流程.................................8 　3.2　IDSPS系統架構.....................................9 　3.3　iptables Controller.............................10 　3.4　Traffic Controller..............................11 第4章　實驗結果及分析....................................15 　4.1　有效性驗證.......................................15 　4.2　iperf3介紹.......................................20 　4.3　系統效能分析.....................................21 　4.4　DDoS攻擊防禦實驗.................................23 第5章　討論.............................................31 　5.1　硬體防火牆.......................................31 　5.2　XDP軟體防火牆....................................31 第6章　相關研究.........................................33 　6.1　三大防禦機制.....................................33 　6.2　其他防禦機制.....................................33 第7章　結論.............................................35 參考文獻................................................36
參考文獻	[1] S. T. Zargar, J. Joshi and D. Tipper, “A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks,” IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069, 2013. [2] J. Mikovic and P. Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms,” ACM SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-53, 2004. [3] T. Peng, C. Leckie and K. Ramamohanarao, “Survey of network-based defense mechanisms countering the DoS and DDoS problems,” ACM Computing Surveys, vol. 39, no. 1, article 3, 2007. [4] C. Douligeris, and A. Mitrokotsa, “DDoS attacks and defense mechanisms: classification and state-of-the-art,” Computer Networks, vol. 44, no. 5, pp. 643-666, 2004. [5] S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, “DDoS-resilient scheduling to counter application layer attacks under imperfect detection,” In Proc. IEEE INFOCOM ’06, 2006. [6] S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly, “DDoS-Shield: DDoS-resilient scheduling to counter application layer attacks,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 26-39, 2009. [7] Fu-Hau Hsu, Chia-Hao Lee and Chia-Jung Wu, “Packet transmission method and system thereof,” Taiwan Patent I701920, 11 Aug., 2020. [8] Fu-Hau Hsu, Tzung-Ting Lin, Wei-Tai Cai and Chiao-Hao Lee, “Method for live migrating virtual machine,” Taiwan Patent I552077, 1 Oct., 2016. [9] Fu-Hau Hsu, Tzung-Ting Lin, Wei-Tai Cai and Chiao-Hao Lee, “Method for live migrating virtual machine,” U.S. Patent 9,898,319, 20 Feb., 2018. [10] H. Debar, “An introduction to intrusion-detection systems,” In Proc. Connect 2000, 2000. [11] H. Eychenne, “iptables(8) - Linux man page,” [Online]. Available: https://linux.die.net/man/8/iptables. [Accessed May 20, 2021]. [12] J. Dugan, S. Elliott, B. A. Mah, J. Poskanzer and K. Praghu, “iPerf - The TCP, UDP and SCTP,” [Online]. Available: https://iperf.fr. [Accessed: May 22, 2021]. [13] S. Sanfilippo, “hping3(8) - Linux man page,” [Online]. Avaialble: https://linux.die.net/man/8/hping3. [Accessed May 22, 2021]. [14] T. Høiland-Jørgensen, J. D. Brouer, D. Borkmann, J. Fastabend, T. Herbert, D. Ahern and D. Miller, “The eXpress Data Path: Fast programmable packet processing in the operating system kernel,” In Proc. ACM CoNEXT ’18, 2018, pp 54-66. [15] Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “PacketScore: A statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141-155, 2006. [16] Cloudflare, “What is Anycast? | How does Anycast work? | Cloudflare,” [Online]. Available: https://www.cloudflare.com/zh-tw/learning/cdn/glossary/anycast-network. [Accessed: Jun. 8, 2021]. [17] Cloudflare, “What is a CDN? | How do CDNs work? | Cloudflare,” [Online]. Available: https://www.cloudflare.com/learning/cdn/what-is-a-cdn. [Accessed: Jun. 8, 2021]. [18] B. S. Singh, A. Bala, “A review of bot protection using CAPTCHA for web security,” IOSR Journal of Computer Engineering, vol. 8, issue 6, pp. 36-42, 2013. [19] D. J. Bernstein, “SYN cookies,“ [Online]. Available: http://cr.yp.to/syncookies.html. [Accessed Jun. 10, 2021].
指導教授	許富皓(Fu-Hau Hsu)	審核日期	2021-7-15
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare