姓名 |
陳建欣(Jian-Xin Chen)
查詢紙本館藏 |
畢業系所 |
資訊工程學系 |
論文名稱 |
驗證SYN 洪水攻擊防禦方式之平台
|
相關論文 | |
檔案 |
[Endnote RIS 格式]
[Bibtex 格式]
[相關文章] [文章引用] [完整記錄] [館藏目錄] 至系統瀏覽論文 (2027-6-30以後開放)
|
摘要(中) |
近年來隨著科技的發展各式各樣的設備皆可上網對人們的生活帶來許多便利,但相對的也產生了一些資安上的隱憂,如電視、冰箱、監視器等可連網IoT設備可能會被駭客入侵進而被用於惡意的目的上,而其中又以分散式阻斷式服務攻擊(Distributed Denial of Service,DDoS)最為常見也最具攻擊之效果,由於DDoS的目的在於癱瘓某一正常運作之服務使得正常使用者無法存取到該服務,進而造成對方嚴重的損失。
DDoS的種類又分成許多種,其中又以SYN flood以及UDP flood最常為駭客所使用,本論文主要專注於TCP中的SYN flood,SYN flood之目的在於佔用伺服器之資源使得正常使用者無法與伺服器建立連線進而造成服務癱瘓,而本論文目的在於探討現行已發展出各種抵禦Syn flood之防禦方式,分析其各種防禦方式之成效與其優缺點。 |
摘要(英) |
Nowadays, technology brings many conveniences to our life, but it also leads to some issues about information security. For example, some IoT devices like webcam, television or refrigerator can be used by some hacker. DDoS (Distributed Denial of Service) is the most important one, it can make normal user can’t access the service and make the service and client lost a lot.
There are lots of kinds of DDoS. SYN flood and UDP flood is the most common DDoS used by attackers, and this paper will focus on SYN flood attack. The main purpose of SYN flood is run out most of server’s resources and make normal user can’t use this service. The purpose of this paper is that discuss the SYN flood mitigations which have been released in public and analyze advantages and disadvantages of each method by the result. |
關鍵字(中) |
★ 分散式阻斷服務攻擊 ★ 阻斷服務攻擊 ★ 洪水攻擊 |
關鍵字(英) |
★ DDoS ★ Distributed Denial of Service ★ SYN flood |
論文目次 |
中文摘要 i
Abstract ii
圖目錄 v
表目錄 vi
第 1 章 緒論與背景介紹 1
1-1 DDoS介紹 2
1-2 各式DDoS攻擊介紹 3
1-2-1 網路層 (Layer 3) 3
1-2-2 傳輸層 (Layer 4) 3
1-2-3 表達層 (Layer 6) 4
1-2-4 應用層 (Layer 7) 4
第 2 章 現行SYN flood之防禦手法 6
2-1 SYN proxy介紹 7
2-2 RST authentication介紹 9
2-2-1 RST authentication mode 1 9
2-2-2 RST authentication mode 2 11
2-3 Drop first SYN 13
第 3 章 系統架構介紹 15
3-1 防護機制實作介紹 16
第 4 章 實驗結果與分析 19
4-1 實驗環境 19
4-2 有效性驗證 22
4-3 效能測試 24
第 5 章 結論 30
參考文獻 31 |
參考文獻 |
[1] “DDoS Attack Trends for Q4 2021” https://radar.cloudflare.com/notebooks/ddos-2021-q4
[2] “Exponential growth in DDoS attack volumes” https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks
[3] Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern and David Miller. The eXpress data path: fast programmable packet processing in the operating system kernel. In ACM CoNEXT ’18, Heraklion, Greece, December 04 – 07, 2018.
[4] Patrik Goldschmidt. TCP Reset Cookies – a heuristic method for TCP SYN Flood mitigation. In Excel@Fit 2019.
[5] Dang Van Tuyen, Truong Thu Huong, Nguyen Huu Thanh, Pham Ngoc Nam, Nguyen Ngoc Thanh1 and Alan Marshall. SDN-based SYN Proxy - A solution
to enhance performance of attack mitigation under TCP SYN flood. In The Computer Journal Volume: 62 Issue: 4. |
指導教授 |
許富皓(Fu-Hau Hsu)
|
審核日期 |
2022-7-19 |
推文 |
facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu
|
網路書籤 |
Google bookmarks del.icio.us hemidemi myshare
|