Spoofed SYN Packet Detector Using a Probe Packet

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：13

、訪客IP：18.226.166.214

姓名

廖克軒(Ker-Hsuan Liao) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(Spoofed SYN Packet Detector Using a Probe Packet)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

摘要

由於近十多年來網際網路的普遍使用，許多網路攻擊隨之誕生。目前全球網際網路的使用者人數已達到33億，所以一旦網路攻擊如阻斷服務式攻擊發生，將造成廣大使用者經濟上及信譽上巨大的損失。

現代的網路攻擊常伴隨著IP spoofing的使用，IP spoofing是一種偽造來源位址的手法。靠著這種手法，攻擊者可以掩飾自己的攻擊來源位址，使得資訊安全軟體或硬體無法追蹤攻擊路徑，因而無法做出正確的反應來保護使用者。

在本篇論文中我們提出一套針對SYN封包的IP spoofing偵測法：Spoofed SYN Packet Detector (SPD)。由於根據TCP protocol，兩台主機要交換資料封包前必須先完成三向交握 (three way handshaking)，而SPD又能夠對三向交握最開始傳送的SYN封包的來源IP位址進行真偽的確認，SPD就可以在傳遞非法資料封包之前先阻止整個連線的建立。

實驗結果顯示，只要稍微增加一點工作負擔，在阻斷服務式攻擊如TCP SYN flooding attack之下，SPD能夠有效地防禦並維持網路服務的正常運作。

摘要(英)

Abstract

Over the past several decades, the Internet usage is becoming more and more prevalent. But many network attacks are created following this trend. In 2015, the total amounts of user of Internet reach 3.3 billion. Hence once the attack like Distributed Denial of Service (DDoS) attack occurs, they will make tremendous financial losses and credential damage.

Network attacks nowadays are followed by the IP spoofing technique. IP spoofing is a technique to masquerade source address of the attacker. It causes security software or hardware difficult to trace attack path and then the security device cannot make correct response.

In this thesis, we propose a mechanism, called Spoofed SYN Packet Detector (SPD), to detect and defense IP spoofing for SYN packet. According to TCP protocol, before two machines want to exchange data packets, they must complete three way handshaking first. Besides, SPD can confirm the validity of the source IP address of the SYN packet in the beginning of the three-way handshaking. Therefore SPD can deny the following connection before the two machine start to exchange illegal data packets.

Experimental results show that under the attack of DDoS attack like TCP SYN flooding attack, SPD can defense it effectively and make the network service operate normally as if there is no attack.

關鍵字(中)

★ TCP SYN泛洪攻擊
★ 分散式阻斷服務攻擊
★ IP詐騙

關鍵字(英)

★ TCP SYN flooding attack
★ DDoS attack
★ IP spoofing

論文目次

Table of Contents

摘要 i
Abstract ii
致謝 iii
Table of Contents iv
List of figures vi
List of tables vii
1 Introduction 1
2 Related Work 4
2.1 Packet filtering method 4
2.1.1 Signature based detection approach 5
2.1.2 Source address distribution based algorithm 5
2.1.3 Hop-Count detection method 6
2.2 Information theoretical based method 6
3 Spoofed SYN Packet Detector 7
3.1 Background 7
3.2 How Our SPD Works 9
3.3 Our SPD Algorithm 10
3.3.1 Waiting Time Issue 11
3.4 Sequence Number Synchronization Problem 13
3.4.1 Modified SPD Algorithm 14
3.4.2 Sequence Number Synchronization of Apache Web Server 15
3.5 Comparison to Earlier Thesis 18
4 Implementation 20
4.1 Packet Transmission Procedure 20
4.2 Our SPD Implementation 21
5 Evaluation 26
5.1 Test Environment 26
5.2 Experimental Results 27
5.2.1 Experiment 1: Overhead of SPD 27
5.2.2 Experiment 2 29
5.2.3 Experiment 3 30
6 Conclusion 32
References……………………………………………………………………………33

參考文獻

References
[1] Internet World Status. Available: http://www.internetworldstats.com/stats.htm
[2] IP Spoofing Attack: Types and Defensive Measures. Available: https://www.cheapsslshop.com/blog/ip-spoofing-attack-types-and-defensive-measures
[3] IP Spoofing: An introduction. Available: http://www.symantec.com/connect/articles/ip-spoofing-introduction
[4] Wikipedia. Idle scan. Available: https://en.wikipedia.org/wiki/Idle_scan
[5] F.Soldo, A. Markopoulou, K. Argyraki, “Optimal Filtering of Source Address Prefixes: Models and Algorithm,” IEEE INFOCOM, pp.2446-2454, 2009.
[6] Manusankar. C., Karthik. S., Rajendran. T., “Intrusion Detection System with Packet Filtering for IP spoofing,” International Conference on Communication and Computational Intelligence (INCOCCI), 2010.
[7] Yuan Tao, Shui Yu, “DDoS Attack Detection at Local Area Networks Using Information Theoretical Metrics,” IEEE International Conference on Trust, Security, and Privacy in Computing and Communications, pp.233-240, 2013.
[8] Ayman Mukaddam, Imad Elhajj, Ayman Kayssi, Ali Chehab, “IP Spoofing Detection Using Modified Hop Count,” IEEE International Conference on Advanced Information Networking and Applications, pp. 512-516, 2014.
[9] TCP State Diagram. Available: http://www.dianliwenmi.compostimg_5340231_3.html
[10] RFC6298. Available: https://tools.ietf.org/html/rfc6298
[11] 吳宏毅, 許富皓, “ 一精確度可至單一主機單一port之IP spoofing 偵測法,” 2007
[12] Dalia Nashat, Xiaohong Jiang, Susumu Horiguchi, “Detecting SYN Flooding Agents under Any Type of IP Spoofing,” IEEE International Conference on e-Business Engineering, 2008.
[13] Linux Networking Kernel. Available: http://www.ecsl.cs.sunysb.edu/elibrary/linux/network/LinuxKernel.pdf

指導教授

許富皓

審核日期

2016-7-15

推文