針對EDoS攻擊偵測及防禦之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：23

、訪客IP：18.118.166.98

姓名

賴映岑(Ying-Cen Lai) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

針對EDoS攻擊偵測及防禦之研究
(A Study of Detection and Defense for EDoS Attack)

相關論文

★ 無線行動隨意網路上穩定品質服務路由機制之研究	★ 應用多重移動式代理人之網路管理系統
★ 應用移動式代理人之網路協同防衛系統	★ 鏈路狀態資訊不確定下QoS路由之研究
★ 以訊務觀察法改善光突發交換技術之路徑建立效能	★ 感測網路與競局理論應用於舒適性空調之研究
★ 以搜尋樹為基礎之無線感測網路繞徑演算法	★ 基於無線感測網路之行動裝置輕型定位系統
★ 多媒體導覽玩具車	★ 以Smart Floor為基礎之導覽玩具車
★ 行動社群網路服務管理系統－應用於發展遲緩兒家庭	★ 具位置感知之穿戴式行動廣告系統
★ 調適性車載廣播	★ 車載網路上具預警能力之車輛碰撞避免機制
★ 應用於無線車載網路上之合作式交通資訊傳播機制以改善車輛擁塞	★ 智慧都市中應用車載網路以改善壅塞之調適性虛擬交通號誌

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

在雲端運算蓬勃發展下，彈性雲之營運方式被廣泛使用，透過根據用戶服務級別協議（SLA）提供 QoS，使服務更能按需求部署及彈性擴展。然而此種營運機制可能會受到針對雲服務之 Economic Denial of Sustainability（EDoS）攻擊，表面上對服務提出合法請求，利用服務自動擴展機制，造成系統持續擴展資源，讓用戶需要支付龐大的資源使用費。而本論文提出一個機制，利用基於 Dynamic Time Warping 的 K-means 分群演算法對用戶流量進行分群，並分析服務資源使用率和用戶流量之間的時間分布，來區分合法用戶及惡意用戶，並限制惡意用戶存取服務，來達到偵測 Yo-Yo 攻擊以及防禦之效果。

摘要(英)

As development of cloud computing grows rapidly, the operation with Elastic Cloud is widely used. By providing QoS according to the user service level agreement (SLA), the service can be deployed and expanded flexibly on demand. However, this kind of operation may suffer Economic Denial of Sustainability (EDoS) attacks against cloud services. On the surface, legal requests are sent to the service, cause the system to continue to expand resources with auto-scaling mechanism. Let users need to pay for a huge usage fee. This paper proposes a mechanism that uses the K-means clustering algorithm based on Dynamic Time Warping to cluster users’ traffic, and analyzes the time distribution between system resource usage and user traffic to distinguish legitimate users from malicious users. Then restrict malicious users to access the Service. Keep the service from the threat of Yo-Yo attack.

關鍵字(中)

★ EDoS攻擊
★ Yo-Yo攻擊
★ 流量分析
★ K-means clustering
★ Dynamic Time Warping

關鍵字(英)

★ EDoS attack
★ Yo-Yo attack
★ Traffic analysis
★ K-means clustering
★ Dynamic Time Warping

論文目次

摘要 i
Abstract ii
目錄 iv
圖目錄 vi
表目錄 viii
第一章緒論 1
1.1. 概要 1
1.2. 研究動機 2
1.3. 研究目的 3
1.4. 章節架構 4
第二章背景知識與相關研究 5
2.1. 雲端運算（Cloud Computing） 5
2.1.1. 自動擴展（Auto Scaling） 6
2.2. Distributed Denial of Service （DDoS）攻擊 7
2.2.1. Economic Denial of Sustainability（EDoS）攻擊 8
2.2.2. Yo-Yo 攻擊 8
2.3. 入侵偵測系統（Intrusion Detection System） 9
2.4. 相關研究 11
第三章研究方法 15
3.1. 系統架構與設計 15
3.1.1. Traffic Monitor Module 17
3.1.2. Resource Orchestrator Module 18
3.1.3. Detection Module 20
3.1.4. Agent Management Module 28
3.1.5. 系統運作流程與機制 29
3.2. 系統實作 30
第四章實驗與討論 33
4.1. 偵測Yo-Yo攻擊機制之功能性驗證 33
4.1.1. 實驗一：DUCDA的閥值制定及驗證 34
4.1.2. 實驗二：分群機制對於DUCDA表現之驗證 37
4.1.3. 實驗三：使用不同度量分群對於DUCDA表現之驗證 41
4.2. Yo-Yo攻擊之偵測與防禦機制 43
4.2.1. 實驗四：防禦系統偵測Yo-Yo攻擊之結果 43
4.2.2. 實驗五：服務部署防禦系統之成果 45
4.2.3. 實驗六：採樣時間與偵測表現相關性比較 48
4.3. 與其他機制之比較 50
4.3.1. 實驗七：與其他機制之表現比較 50
4.3.2. 實驗八：與其他機制偵測攻擊所花費成本之比較 53
第五章結論與未來研究方向 55
5.1. 結論 55
5.2. 研究限制 56
5.3. 未來研究方向 56
參考文獻 59

參考文獻

[1] “Elastic cloud storage”, Accessed on: Jun 7, 2021. [Online] Available: https://en.wikipedia.org/wiki/Elastic_cloud_storage
[2] “State-of-the-cloud-2021”, Accessed on: Jul 3, 2021. [Online]. Available: https://resources.flexera.com/web/pdf/report-cm-state-of-the-cloud-2021.pdf
[3] “Global Cloud Index Projects Cloud Traffic to Represent 95 Percent of Total Data Center Traffic by 2021”, Accessed on: Jun 19, 2021. [Online]. Available: https://newsroom.cisco.com/press-release-content?articleId=1908858
[4] Chowdhury, Fahad Zaman, et al. "Economic denial of sustainability (EDoS) mitigation approaches in cloud: Analysis and open challenges." 2017 International Conference on Electrical Engineering and Computer Science (ICECOS). IEEE, 2017.
[5] “k-means clustering”, Access on: May 17, 2021. [Online]. Available: https://en.wikipedia.org/wiki/K-means_clustering
[6] “Cloud Computing” Accessed on: May 8, 2021 [Online] Available: https://en.wikipedia.org/wiki/Cloud_computing
[7] Jothy Rosenberg and Arthur Mateos, “The Cloud at Your Service”, Accessed on: Jun 28, 2021. [Online]. Available: https://livebook.manning.com/book/the-cloud-at-your-service/chapter-1/11
[8] “Introduction to the world of cloud computing”, 2020. Accessed on: May 10, 2021. [Online]. Available: https://wakeupcoders.medium.com/introduction-to-the-world-of-cloud-computing-61ebcef86318
[9] “Autoscaling” , Accessed on: May 12, 2021. [Online]. Available: https://en.wikipedia.org/wiki/Autoscaling
[10] “Scaling Horizontally vs. Scaling Vertically” , Accessed on: May 12, 2021. [Online]. Available: https://www.section.io/blog/scaling-horizontally-vs-vertically/
[11] “Denial-of-service attack”, Accessed on: May 2, 2021. [Online]. Available: https://en.wikipedia.org/wiki/Denial-of-service_attack
[12] David Warburton, “DDoS Attack Trends for 2020”, 2021. Accessed on: Jun 3, 2021. [Online]. Available: https://www.f5.com/labs/articles/threat-intelligence/ddos-attack-trends-for-2020
[13] “Impact of DDoS on Enterprise Organizations” Accessed on: Jul 3, 2021. [Online] https://go.corero.com/hubfs/3.%20Website%20Content/1.%20Asset%20Downloads/5.%20Infographics/Impact-DDoS-On-Enterprise-Infographic.pdf
[14] Chowdhury, Fahad Zaman, et al. "Economic denial of sustainability (EDoS) mitigation approaches in cloud: Analysis and open challenges." 2017 International Conference on Electrical Engineering and Computer Science (ICECOS). IEEE, 2017.
[15] Yaniv Yagolnitzer, “"Yo-Yo" DDoS Attacks: How to Defeat Them”, 2020. Accessed on: May 10, 2021. [Online]. Available: https://www.reblaze.com/blog/yo-yo-ddos-attacks-how-to-defeat-them/
[16] “intrusion detection system (IDS)”, Accessed on: May 10, 2021. [Online]. Available: https://searchsecurity.techtarget.com/definition/intrusion-detection-system
[17] “intrusion detection system”, Accessed on: May 10, 2021. [Online]. Available: https://en.wikipedia.org/wiki/Intrusion_detection_system
[18] Bhingarkar, A. Sukhada, and B. Deven Shah. "A survey: Securing cloud infrastructure against edos attack." Proceedings of the International Conference on Grid, Cloud, and Cluster Computing (GCC). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 2015.
[19] Sqalli, Mohammed H., Fahd Al-Haidari, and Khaled Salah. "Edos-shield-a two-steps mitigation technique against edos attacks in cloud computing." 2011 Fourth IEEE international conference on utility and cloud computing. IEEE, 2011.
[20] Morein, William G., et al. "Using graphic turing tests to counter automated ddos attacks against web servers." Proceedings of the 10th ACM conference on Computer and communications security. 2003.
[21] Guide, Developer. "Amazon CloudWatch." (2009).
[22] Kumar, Madarapu Naresh, et al. "Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service." 2012 Fourth international conference on computational intelligence and communication networks. IEEE, 2012.
[23] Cho, Hark Su, and Young Kook Noh. "System for preventing normal user being blocked in network address translation (NAT) based web service and method for controlling the same." U.S. Patent No. 8,434,141. 30 Apr. 2013.
[24] Bhargrava, Krishna, Douglas Brewer, and Kang Li. "A study of URL redirection indicating spam." CEAS (July 2009) (2009).
[25] Shawahna, Ahmad, et al. "EDoS-ADS: an enhanced mitigation technique against economic denial of sustainability (EDoS) attacks." IEEE Transactions on Cloud Computing 8.3 (2018): 790-804.
[26] Xu, Xiaoqiong, et al. "Towards Yo-Yo attack mitigation in cloud auto-scaling mechanism." Digital Communications and Networks 6.3 (2020): 369-376.
[27] Somani, Gaurav, et al. "DARAC: DDoS mitigation using DDoS aware resource allocation in cloud." International conference on information systems security. Springer, Cham, 2015.
[28] Masood, Muddassar, et al. "Edos armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments." INMIC. IEEE, 2013.
[29] Thapngam, Theerasak, et al. "Discriminating DDoS attack traffic from flash crowd through packet arrival patterns." 2011 IEEE conference on computer communications workshops (INFOCOM WKSHPS). IEEE, 2011.
[30] Berndt, Donald J., and James Clifford. "Using dynamic time warping to find patterns in time series." KDD workshop. Vol. 10. No. 16. 1994.
[31] “Comparison-of-Euclidean-Distance-Measurements-and-DTW” , Access on: Jun 15, 2021. [Online]. Available: https://www.researchgate.net/figure/Comparison-of-Euclidean-Distance-Measurements-and-DTW_fig4_318229494
[32] Van Der Vlist, Rik, Cees Taal, and Richard Heusdens. "Tracking recurring patterns in time series using dynamic time warping." 2019 27th European Signal Processing Conference (EUSIPCO). IEEE, 2019.
[33] Wang, Weizeng, et al. "Time series clustering based on dynamic time warping." 2018 IEEE 9th international conference on software engineering and service science (ICSESS). IEEE, 2018.
[34] Hong, Jae Yeol, Seung Hwan Park, and Jun-Geol Baek. "Segmented dynamic time warping based signal pattern classification." 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). IEEE, 2019.
[35] “Docker”, Access on: May 1, 2021. [Online]. Available: https://www.docker.com/
[36] “What is a Container? | App Containerization | Docker”, Access on: May 1, 2021. [Online]. Available: https://www.docker.com/resources/what-container
[37] “Requests: HTTP for Humans” , Access on: May 8, 2021. [Online]. Available: https://docs.python-requests.org/en/master/
[38] “Python Scapy” , Access on: May 1, 2021. [Online]. Available: https://scapy.readthedocs.io/en/latest/introduction.html
[39] “Rand Index” , Access on: Aug 20, 2021. [Online]. Available: https://en.wikipedia.org/wiki/Rand_index
[40] “Mutual Information” , Access on: Aug. 20, 2021. [Online]. Available: https://en.wikipedia.org/wiki/Mutual_information
[41] “Silhouette (clustering)” , Access on: Aug. 20, 2021. [Online]. Available: https://en.wikipedia.org/wiki/Silhouette_(clustering)
[42] “Amazon EC2 On-Demand Pricing”, Access on: Aug. 20, 2021. [Online]. Available: https://aws.amazon.com/ec2/pricing/on-demand
[43] “Geekbench 5”, Access on: Aug. 29, 2021. [Online]. Available: https://www.geekbench.com/
[44] “innotek GmbH VirtualBox”, Access on: Aug. 29, 2021. [Online]. Available: https://browser.geekbench.com/v5/cpu/9587105?fbclid=IwAR1ss5LuwLXVjCPLzujiKlv9nFB4-md8ftW-YFXzEkEcLZgZ9H_w-pZD9W8
[45] “AWS Lightsail - General Xen HVM domU”, Access on: Aug. 29, 2021. [Online]. Available:https://browser.geekbench.com/v5/cpu/8861505?fbclid=IwAR2dt7ihW3ewqTwBRHB1GCfQ89xbQ0zdgoCkHFLqwdxIXpg_KND6t4tDTe4
[46] “Pearson correlation coefficient”, Access on: May 17, 2021. [Online]. Available: https://en.wikipedia.org/wiki/Pearson_correlation_coefficient
[47] Santhosh, K. R., and C. Fancy. "A dedicated setup to identify spoofing via IP-traceback." 2017 International Conference on Intelligent Sustainable Systems (ICISS). IEEE, 2017.
[48] Lema, Hussein, Fatuma Simba, and Abdulla Ally. "Preventing utilization of shared network resources by detecting IP spoofing attacks through validation of source IP address." 2018 IST-Africa Week Conference (IST-Africa). IEEE, 2018.
[49] Kavisankar, L., and C. Chellappan. "A Mitigation model for TCP SYN flooding with IP Spoofing." 2011 International Conference on Recent Trends in Information Technology (ICRTIT). IEEE, 2011.
[50] “What is reinforcement learning? The complete guide” , Access on: May 1, 2021. [Online]. Available: https://deepsense.ai/what-is-reinforcement-learning-the-complete-guide/

指導教授

周立德

審核日期

2021-9-2

推文