中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9197
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78852/78852 (100%)
Visitors : 37841498      Online Users : 763
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9197


    Title: 封包標記技術在協同追蹤與防禦系統之應用;An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System
    Authors: 游秉賢;Ping-Hsien Yu
    Contributors: 資訊工程研究所
    Keywords: 重疊網路;分散式阻斷服務攻擊;封包標記;packet marking;DDoS;overlay network
    Date: 2006-07-05
    Issue Date: 2009-09-22 11:42:58 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 近年來網路攻擊事件層出不窮,而在所有的攻擊行為中,易造成巨大損害的是分散式阻斷服務攻擊(Distributed Denial of Service,簡稱DDoS)。由於攻擊者大都會偽造封包的來源位址,以隱藏攻擊者的位置,造成追蹤攻擊來源不易,所以本論文提出利用封包標記的技術來判讀攻擊發起與追蹤攻擊者的來源位置,並協同重疊網路防禦系統進行精確位置之阻擋攻擊流量,以達到阻擋DDoS攻擊之目的。封包標記是利用IP標頭一些很少使用的欄位,以機率來選擇填入封包經過的部份路徑資料,縱使攻擊者偽造來源位址,也可以從多個封包的記號找出攻擊路徑資訊,同時提出利用封包標記的路徑資訊來發現不符合繞徑位置的來源位址,協助判讀攻擊封包之發生。最後本文以實作來證明封包標記技術應用於協同追蹤與防禦系統的可行性,並將本文所提出之利用標記的路徑資訊來判斷攻擊封包之方法整合到Snort的偵測功能,實驗結果顯示本系統可以追出攻擊來源,且有效阻擋DDoS攻擊。 With the extreme popularity of Internet, network attacks emerge in an endless stream in recent years. One of the most serious attacks is distributed denial of service attack (DDoS), which easily causes large damage. DDoS attackers usually forge the source address of IP packet to hide their positions such that it is difficult to trace back attackers. To alleviate DDoS, this work takes advantage of the packet-marking method to trace the attacker’s location, as well as to detect DDoS attacks. Once detecting and locating DDoS attacks, this work initiates an overlay-network defense system to block the attacks. The basic concept of the packet-marking method is to insert some route information into rare-used fields of IP header. The insertion is based on probability. Even if attackers forges the source address of IP packet, this method can find out the attacking path by using the route information carried by the marked packets. With the attacking path, our work is also able to detect some attack packets, which have same source address but come from different far routers. Finally, this work implemented a system based on the packet marking method and the overlay-network defense approach. And this work integrated a new detection method based on packet marking into Snort. The experimental results show that our system can detect, locate, and block DDoS effectively.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明