中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9197
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 78852/78852 (100%)
造访人次 : 37841458      在线人数 : 742
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/9197


    题名: 封包標記技術在協同追蹤與防禦系統之應用;An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System
    作者: 游秉賢;Ping-Hsien Yu
    贡献者: 資訊工程研究所
    关键词: 重疊網路;分散式阻斷服務攻擊;封包標記;packet marking;DDoS;overlay network
    日期: 2006-07-05
    上传时间: 2009-09-22 11:42:58 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 近年來網路攻擊事件層出不窮,而在所有的攻擊行為中,易造成巨大損害的是分散式阻斷服務攻擊(Distributed Denial of Service,簡稱DDoS)。由於攻擊者大都會偽造封包的來源位址,以隱藏攻擊者的位置,造成追蹤攻擊來源不易,所以本論文提出利用封包標記的技術來判讀攻擊發起與追蹤攻擊者的來源位置,並協同重疊網路防禦系統進行精確位置之阻擋攻擊流量,以達到阻擋DDoS攻擊之目的。封包標記是利用IP標頭一些很少使用的欄位,以機率來選擇填入封包經過的部份路徑資料,縱使攻擊者偽造來源位址,也可以從多個封包的記號找出攻擊路徑資訊,同時提出利用封包標記的路徑資訊來發現不符合繞徑位置的來源位址,協助判讀攻擊封包之發生。最後本文以實作來證明封包標記技術應用於協同追蹤與防禦系統的可行性,並將本文所提出之利用標記的路徑資訊來判斷攻擊封包之方法整合到Snort的偵測功能,實驗結果顯示本系統可以追出攻擊來源,且有效阻擋DDoS攻擊。 With the extreme popularity of Internet, network attacks emerge in an endless stream in recent years. One of the most serious attacks is distributed denial of service attack (DDoS), which easily causes large damage. DDoS attackers usually forge the source address of IP packet to hide their positions such that it is difficult to trace back attackers. To alleviate DDoS, this work takes advantage of the packet-marking method to trace the attacker’s location, as well as to detect DDoS attacks. Once detecting and locating DDoS attacks, this work initiates an overlay-network defense system to block the attacks. The basic concept of the packet-marking method is to insert some route information into rare-used fields of IP header. The insertion is based on probability. Even if attackers forges the source address of IP packet, this method can find out the attacking path by using the route information carried by the marked packets. With the attacking path, our work is also able to detect some attack packets, which have same source address but come from different far routers. Finally, this work implemented a system based on the packet marking method and the overlay-network defense approach. And this work integrated a new detection method based on packet marking into Snort. The experimental results show that our system can detect, locate, and block DDoS effectively.
    显示于类别:[資訊工程研究所] 博碩士論文

    文件中的档案:

    档案 大小格式浏览次数


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明