抵擋傳輸協議洪流攻擊方法

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：42

、訪客IP：18.118.154.230

姓名

黃建鴻(Jian-Hong Huang) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

抵擋傳輸協議洪流攻擊方法

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2027-6-30以後開放)

摘要(中)

在過去的幾十年中，DDoS 攻擊繼續成為計算機和網絡世界的主要威脅。儘管已經在這個安全領域投入了大量的研究工作，但有效的解決方案仍然沒有出現在現實世界中。造成這一結果的一個主要原因是 DDoS 攻擊不斷發展。最近，一種新的 DDoS 攻擊形式，Connection flood的DDoS 攻擊，將俄羅斯最大的互聯網公司給攻陷時引起關注。Connection flood與選定目標建立許多 TCP/IP 連線，以至於普通新用戶無法與目標建立 TCP/IP 連線。隨著許多物聯網設備的控制變得容易，攻擊者很容易發起連接洪水攻擊。在本論文中，我們計劃開發一種可以監控服務器每一條 TCP/IP 連接的吞吐量的機制。當新用戶無法與服務器建立 TCP/IP 連線時，我們的系統將檢查每一條 TCP/IP 連線的吞吐量，並在吞吐量低於閾值的情況下斷開所有 TCP/IP 連接。同時，低吞吐量連接中涉及的主機將被列入黑名單，避免它們進一步發起攻擊。實驗結果表明，我們的系統可以有效地保護我們的系統再次受到connection flood攻擊。

摘要(英)

In the past several decades, DDoS attacks continue being a major threat to the computer and network world. Even though many research efforts have been invested in this security threat, effective solutions still do not appear in the real world. One major reason of this result is that DDoS attacks continue evolving. Recently, one new form of DDoS attacks, connection flood DDoS attack, catches people’s eyes when it shut down Russia’s largest Internet company. Connection flood attacks establish many TCP/IP connections with a chosen target to a degree that no normal new user can establish a TCP/IP connection with the target. With the easiness to grab the control of many IoT devices, it is easy for an attacker to launch connection flood attacks nowadays. In this thesis, we plan to develop a mechanism that can monitor the throughput of every TCP/IP connection of a server. When a new user is not able to establish a TCP/IP connection with the server, our system will check the throughput of every TCP/IP connection and disconnect all TCP/IP connection with throughput which is under a threshold. Meanwhile, the hosts involved in the low throughput connections will be put into a black list to avoid them launch further attacks. Experimental results show that our system can effectively protect our system again Connection flood attacks.

關鍵字(中)

★ 分散式阻斷服務攻擊
★ 半連接攻擊
★ 全連接攻擊

關鍵字(英)

★ DDoS
★ SYN flood
★ Connection flood
★ GET/POST flood

論文目次

Abstract ii
中文摘要 iii
致謝 iv
第 1 章緒論 1
1.1 動機 1
1.2 論文架構 1
1.3 論文貢獻 2
第 2 章背景 2
2.1 TCP SYN Flood 3
2.2 TCP Connection Flood 4
2.3 GET/POST Flood 5
2.4 Connection Tracking 6
第 3 章相關文獻探討 7
3.1 SYN Cookie [4] [5] [6] 7
3.2 RST Cookie [7] 8
3.3 Intentional Drop SYN [8] 10
3.4 Deferred Accept 11
第 4 章方法設計 13
4.1 方法介紹 13
4.2 系統架構 14
4.3 延遲連線 14
4.4 執行流程 15
第 5 章實驗結果及分析 17
5.1 實驗環境 17
5.2 有效性驗證 18
第 6 章討論及未來研究 20
第 7 章結論 21
參考文獻 22

參考文獻

[1] 1990. [Online]. Available: https://www.netfilter.org/. [Accessed 10 July 2022].
[2] "Rfc 793. Transmission Control Protocol," September 1981. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc793. [Accessed 10 July 2022].
[3] O. Yoachimik, "blog.cloudflare.com," cloudflare, 6 July 2022. [Online]. Available: https://blog.cloudflare.com/ddos-attack-trends-for-2022-q2/. [Accessed 10 July 2022].
[4] C. D. Team, "DDoS Attack Trends for Q1 2022," cloudflare, 12 April 2022. [Online]. Available: https://radar.cloudflare.com/notebooks/ddos-2022-q1. [Accessed 10 July 2022].
[5] K. E. Hickman, "The SSL Protocol," Netscape Communications Corp, April 1995. [Online]. Available: https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00. [Accessed 10 July 2022].
[6] P. Goldschmidt, "TCP Reset Cookies – a heuristic method for TCP," in Excel@FIT, Brno, 2019.
[7] D. J. Bernstein, "SYN cookies," 17 March 2013. [Online]. Available: http://cr.yp.to/syncookies.html. [Accessed 10 July 2022].
[8] "tcp(7) — Linux manual page," [Online]. Available: https://man7.org/linux/man-pages/man7/tcp.7.html. [Accessed 10 July 2022].
[9] "Rfc 4987. Flooding Attacks and Common Mitigations," August 2007. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc4987. [Accessed 10 July 2022].
[10] B. Al-Duwairi; G. Manimaran, "Intentional dropping: a novel scheme for SYN flooding mitigation," in Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies, 2005.

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2022-7-20

推文