設計與實作基於Zabbix網路監控平台之自動化路由黑洞機制

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：65

、訪客IP：3.139.90.131

姓名

張家樺(Chia-Hua Chang) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

設計與實作基於Zabbix網路監控平台之自動化路由黑洞機制
(Design and Implementation of Automated Route Blackholing on Zabbix Platform)

相關論文

★ 於軟體定義網路環境中基於信任度演算法實現可信工控物聯網之建置	★ 設計與實作結合Kubernetes應用之多執行緒連線負載平衡器
★ 智慧共同照護之實現: 以資料驅動為基礎之 AI 糖尿病個案管理模式	★ 設計與實作基於驗證路由資訊一致性之自動化 BGP 路由過濾策略與安全機制

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2027-8-17以後開放)

摘要(中)

隨著現代科技的不斷進步與發展，網路已不僅僅是滿足早期軍事通訊需求的工具，而是透過先進的雲端技術和物聯網技術將各種資源、服務與應用整合於網路中，形成了一個複雜度高、數量大的異質系統。而現代網路中的管理人員為了減少負擔，快速的在問題發生時即時回應，因此紛紛採用了網路監控系統來減輕負擔。Zabbix網路監控工具透過開源的特性以及強大的社群支援，可以有效偵測並管理因系統不穩、效能瓶頸或網路等問題造成的系統中斷，確保網路和服務具備高可用度，為組織及企業提供一個穩定的基礎設施管理方法。
　　在眾多網路威脅之中，Distributed Denial of Service（DDoS）攻擊是導致網路和服務不可用的重要因素，由於其變化性高以及難以溯源的特性，至今仍缺乏一個完整的解決方案，並隨著殭屍網路數量增加以及DDoS工具的廣泛流傳，使攻擊者進行DDoS攻擊的成本大幅降低，甚至出現了以DDoS攻擊為服務的供應商。相反的，對於一般的使用者而言，網路的重要性卻是正在快速攀升，這樣的反差，使得DDoS攻擊在近年來仍不斷肆虐，企業及組織的基礎設施仍暴露於DDoS攻擊的風險之中，因此擁有DDoS攻擊防禦手段是必要的。現今的防禦手段大多需要額外的軟硬體支援或是購買服務，於是對於DDoS攻擊的防禦力決定於各企業組織的口袋深度，這對於中小企業來講無疑是一大困境，使其需要在經濟壓力與網路安全之間做出抉擇。在這種背景下，發展出易於佈署、經濟負擔不會過大、能成功緩解DDoS攻擊的防禦策略是必要的。
　　本研究首先提出基於Zabbix網路監控工具的自動化路由黑洞機制，該方案透過本研究所提之UDP Reflection Amplification（URA）偵測模組來偵測新興DDoS攻擊以及使用自動化Remote Trigger Blackhole（RTBH）模組來對邊界路由器上的路由進行控制，進而觸發自動化路由黑洞機制，緩解新興DDoS攻擊所帶來的影響。

摘要(英)

As modern technology advances, the Internet has evolved beyond its initial purpose as a military communication tool. It now integrates resources, services, and applications using advanced cloud and IoT technologies, creating a complex, heterogeneous system. Network administrators, in response to demands for efficient system management and timely issue resolution, have adopted network monitoring systems. Among these, the Zabbix network monitoring tool, notable for its open-source nature and strong community support, effectively detects and manages system outages caused by instability, performance bottlenecks, or networking challenges. This tool ensures a high level of network and service availability, providing organizations with a stable approach to infrastructure management.
　　DDoS attacks are powerful threats that can make networks and services unavailable. Due to their high variability and difficulty in tracing, there still lacks a comprehensive solution to handle. The increasing number of botnets and widespread distribution of DDoS tools have significantly reduced the cost for attackers to launch DDoS attacks. On the contrary, for general users, the importance of the network is rapidly rising. This contrast makes DDoS attacks happens a lot in recent years. Most current defense methods require additional software, hardware support, or the acquisition of services. Therefore, defending against DDoS attacks often depends on the financial capacity of each enterprise or organization.
　　In this study, utilizing Zabbix as a monitoring tool, we propose an automated route blackholing mechanism to counter DDoS attacks. We introduce the UDP Reflection Amplification (URA) detection module to detect DDoS activities, and we implement the automated Remote Trigger Blackhole (RTBH) module to mitigate the impact of such attacks. This approach offers a cost-effective solution specifically for alleviating the effects of DDoS attacks

關鍵字(中)

★ 自動化路由黑洞
★ 網路監控
★ 分散式阻斷服務攻擊
★ 遠端觸發黑洞

關鍵字(英)

★ Automated Route Blackholing
★ Network Monitoring
★ DDoS
★ Zabbix
★ RTBH

論文目次

摘要 i
Abstract ii
致謝辭 iii
目錄 iv
圖目錄 vi
表目錄 ix
一、緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 研究目的與貢獻 4
1.4 論文架構 5
二、相關文獻 6
2.1 Distributed Denial of Service 6
2.2 流量監控與異常行為分析 10
2.3 Zabbix網路監控工具 12
2.4 邊界閘道通訊協定 14
2.5 Remote Triggered Blackhole 17
2.6 DDoS情境模擬與攻擊工具 18
2.7 討論 19
三、系統設計 20
3.1 系統架構 20
3.2 系統模組及元件說明 21
3.3 攻擊流量與模組訊息流向 31
四、實驗設計 34
4.1 軟硬體資訊與實驗拓撲 34
4.2 DDoS攻擊流量產生方式 39
4.3 實驗流程 42
4.4 實驗結果 43
五、結論 64
六、未來研究 65
參考文獻 66

參考文獻

[1] S. Lee et al. "Network monitoring: Present and future," Computer Networks, pp. 84-98, 2014.
[2] J. Hernantes et al. "IT Infrastructure-Monitoring Tools," IEEE Software, vol. 32, no. 4, pp. 88-93, 2015.
[3] S. T. Zargar et al. "A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks," IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069, 2013.
[4] NETSCOUT, "DDoS THREAT INTELLIGENCE REPORT 2022," [Online]. Available: https://www.netscout.com/threatreport/global-highlights/ [Accessed 10 Aug. 2023].
[5] Cloudflare, "Cloudflare DDoS threat report 2022 Q3," [Online]. Available: https://blog.cloudflare.com/cloudflare-ddos-threat-report-2022-q3/ [Accessed 10 Aug. 2023].
[6] Microsoft, "2022 in review: DDoS attack trends and insights," [Online]. Available: https://www.microsoft.com/en-us/security/blog/2023/02/21/2022-in-review-ddos-attack-trends-and-insights/ [Accessed 10 Aug. 2023].
[7] Wikipedia, "2022 Ukraine cyberattacks," [Online]. Available: https://en.wikipedia.org/wiki/2022_Ukraine_cyberattacks [Accessed 10 Aug. 2023].
[8] VentureBeat, "DDoS attack was largest ever in Ukraine," [Online]. Available: https://venturebeat.com/security/ddos-attack-was-largestever- in-ukraine-russia-suspected/ [Accessed 10 Aug. 2023].
[9] A. Zand et al., "Demystifying DDoS as a Service," IEEE Communications Magazine, vol. 55, no. 7, pp. 14-21, 2017.
[10] R. Kumar et al.,"Detecting Denial of Service Attacks in the Cloud," 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, pp. 309-316, 2016.
[11] J. Hu et al., "A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection," IEEE Network, vol. 23, no. 1, pp. 42-47, 2009.
[12] S. Kaur and T. Sharma, "Efficient load balancing using improved central load balancing technique," 2018 2nd International Conference on Inventive Systems and Control, pp. 1-5, 2018.
[13] M. S. Elsayed and M. A. Azer, "Detection and Countermeasures of DDoS Attacks in Cloud Computing," 2018 Tenth International Conference on Ubiquitous and Future Networks, pp. 708-713, 2018.
[14] K. Giotis et al., "Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks," 2014 Third European Workshop on Software Defined Networks, pp. 85-90, 2014.
[15] F. Ö. Sönmez and B. G. Kılıç, "A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions," IEEE Transactions on Network and Service Management, vol. 18, no. 3, pp. 3260-3279, 2021.
[16] S. Dong, K. Abbas and R. Jain, "A Survey on Distributed Denial of Service (DDoS) Attacks in SDN and Cloud Computing Environments," IEEE Access, vol. 7, pp. 80813-80828, 2019
[17] D. Yin, L. Zhang and K. Yang, "A DDoS Attack Detection and Mitigation With Software-Defined Internet of Things Framework," IEEE Access, vol. 6, pp. 24694-24705, 2018
[18] M. A. Aladaileh et al., " Detection Techniques of Distributed Denial of Service Attacks on Software-Defined Networking Controller–A Review" IEEE Access, vol. 8, pp. 143985-143995, 2020.
[19] J. Mirkovic et al., "Source-end DDoS defense," Second IEEE International Symposium on Network Computing and Applications, 2003.
[20] R. R. Brooks et al., "Distributed Denial of Service (DDoS): A History," in IEEE Annals of the History of Computing, vol. 44, no. 2, pp. 44-54, 2022.
[21] C. Liu et al., "Detect the reflection amplification attack based on UDP protocol," International Conference on Communications and Networking, pp. 260-265, 2015.
[22] Wikipedia, "memcached", [Online]. Available:https://en.wikipedia.org/wiki/Memcached.
[23] Cloudflare, "What is a memcached DDoS attack?," [Online]. Available: https://www.cloudflare.com/learning/ddos/memcached-ddos-attack/ [Accessed 10 Aug. 2023].
[24] Cloudflare. "Memcrashed - Major amplification attacks from UDP port 11211," [Online]. Available: https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/ [Accessed 10 Aug. 2023].
[25] Cloudflare: "Understanding and mitigating NTP-based DDoS attacks," [Online]. Available: https://blog.cloudflare.com/understanding-and-mitigating-ntp-based-ddos-attacks/ [Accessed 10 Aug. 2023].
[26] Akamai: "What Is a CLDAP Reflection DDoS Attack?" [Online]. Available: https://www.akamai.com/glossary/what-is-a-cldap-reflection-ddos-attack/ [Accessed 10 Aug. 2023].
[27] P. Blazek et al., "Scalable DDoS Mitigation System," 2019 42nd International Conference on Telecommunications and Signal Processing, 2019, pp. 617-620
[28] Chang Liu et al., " Detect the reflection amplification attack based on UDP protocol," 2015 10th International Conference on Communications and Networking, 2015, pp. 260-265
[29] S. Mescheryakov et al., "Adaptive control of cloud computing resources in the Internet telecommunication multiservice system," 2014 6th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops, pp. 287-293, 2014.
[30] RFC Editor, "BGP RFC 4271," [Online]. Available: https://www.rfc-editor.org/rfc/rfc4271 [Accessed 10 Aug. 2023].
[31] Cisco, "BGP Best Path Selection Algorithm," [Online]. Available: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html [Accessed 10 Aug. 2023].
[32] RFC Editor, "Remote Triggered Black Hole Filtering 5635," [Online]. Available: https://www.rfc-editor.org/rfc/rfc5635 [Accessed 10 Aug. 2023].
[33] "remotely triggered black hole filtering - destination based and source based", [Online]. Available: https://www.cisco.com/c/dam/en_us/about/security/intelligence/blackhole.pdf [Accessed 10 Aug. 2023].
[34] TRex, [Online]. Available: https://trex-tgn.cisco.com/ [Accessed 10 Aug. 2023].
[35] OffensivePython/Saddam: DDoS Amplification Tool - GitHub, [Online]. Available: https://github.com/OffensivePython/Saddam [Accessed 10 Aug. 2023].
[36] "Saddam-new is a simple reflection and amplification DoS attack tool based on Saddam," [Online]. Available: https://github.com/S4kur4/Saddam-new [Accessed 10 Aug. 2023].
[37] "The BIRD Internet Routing Daemon", [Online]. Available: https://bird.network.cz/ [Accessed 10 Aug. 2023].
[38] "CloudEOS and vEOS Router", [Online]. Available:https://www.arista.com/en/cg-veos-router/veos-router-overview [Accessed 10 Aug. 2023].
[39] "FRRouting Project", [Online]. Available:https://frrouting.org/ [Accessed 10 Aug. 2023].
[40] "CVE-2018-1000115," [Online]. Available: https://www.cvedetails.com/cve/CVE-2018-1000115/ [Accessed 10 Aug. 2023].
[41] "CVE-2013-5211," [Online]. Available: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5211 [Accessed 10 Aug. 2023].

指導教授

蔡邦維(Pang-Wei Tsai)

審核日期

2023-8-17

推文