博碩士論文 102552009 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:30 、訪客IP:3.80.218.53
姓名 吳奕寬(YI-KUAN WU)  查詢紙本館藏   畢業系所 資訊工程學系在職專班
論文名稱 SRA系統防禦ARP欺騙劫持路由器
(A Solution to Router-Hijacking ARP Spoofing Attacks)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing★ DEH:Dynamic Extensible Two-way Honeypot
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 ( 永不開放)
摘要(中) 在這個科技不斷快速發展的年代,許多科技人發現可以從資安漏洞取得許多利益,因此資訊安全漸漸地浮上檯面。然而即使在資安已經受到大家關注的同時,卻從來沒有一個好的方法去防禦ARP欺騙攻擊。本研究以ARP攻擊中最讓人無法察覺以及問題最為嚴重的中間人攻擊(Man In The Middle attack)為研究主題。
本研究SRA(a Solution to Router-Hijacking ARP spoofing attack)的防護點在於使用者之系統,網路設備對於ARP欺騙攻擊的防護並不在本篇範圍內。SRA系統開發於開放原始碼的Linux,並且著手於Linux核心空間(kernel space)中,許多研究著手在Linux的使用者空間(user space),但在使用者空間所得到的資訊幾乎已經是為時已晚,並不能第一時間防護,後續的額外動作也會特別多。
在此研究中找了許多可以達到ARP欺騙攻擊的工具,並且實際攻擊本系統,使用者完全受到本防護系統的保護,不受到影響並且繼續正常使用網路。
摘要(英) In this high technology period, many hackers figure out that they can get a lot of profits from security vulnerability, so everyone starts to concern about security. However, even everyone starts to concern about security, but never have a good method to defend ARP spoofing attack. This paper focuses on MITM (Man-In-The-Middle attack) which is most important method in ARP spoofing attack, and also hard to be detected.
This paper implement a system which called SRA (a Solution to Router-Hijacking ARP spoofing attack), SRA defends attack at end point instead of network device, so network device doesn’t belong to this paper. SRA system develops on open source Linux, and implements in kernel space, a lot of papers implement their system in user space which is always too late to defend attack, because kernel is the first encounter point in Linux, also if you implement in user space that has a lot of efforts and resource to spend.
This paper finds some tools which can achieve ARP spoofing attack, and actually attacks SRA system to see actual defend result. After using attack tools, end point is safe by SRA system, and also work normally without any side-effect.
關鍵字(中) ★ ARP 欺騙攻擊
★ 網路資訊安全
★ 中間人攻擊
★ LINUX 網路核心
關鍵字(英)
論文目次 目 錄
摘要 ii
ABSTRACT iii
誌謝       iv
圖目錄 List of Figures vii
一、緒論 1
1.1研究動機 1
1.2研究目的 2
二、文獻探討 4
2.1 ARP協定與運作 4
2.2 ARP欺騙攻擊 5
2.2.1 阻斷服務攻擊 6
2.2.2 MAC氾濫攻擊 6
2.2.3 中間人攻擊 7
2.3 ARP欺騙防禦 10
2.3.1 靜態ARP 10
2.3.2 DHCP監聽 11
2.3.3 入侵偵測系統 12
2.3.4 作業系統防護 12
三、系統設計與實作 13
3.1 概念與理論 13
3.2 系統架構與流程 15
3.3 系統實作 18
四、實驗部分 24
4.1 實驗環境與工具 24
4.2 效能測試 28
4.3 系統測試 32
五、結論 39
參考文獻       40

參考文獻 參考文獻      
[1] Anticap: Kernel patch for ARP spoofing attack defending.
https://antifork.org/git/anticap/tree/README
[2] Ettercap: A comprehensive suite for man in the middle attacks.
https://ettercap.github.io/ettercap/
[3] arpspoof: Intercept packets on a switched LAN.
http://linux.die.net/man/8/arpspoof
[4] iperf: While tools to measure network performance.
https://iperf.fr/
[5] Yu Yao and Yi Yao(2010): A switch-based ARP attack containment strategy.
[6] WANG Xiao-Ling and ZHOU Gang(2012): Defence Design for ARP Spoofing Based on NDIS Intermediate Driver.
[7] Cristina L. Abad and Rafael I. Bonilla: An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks.
[8] Zouheir Trabelsi and Wassim El-Hajj: Preventing ARP Attacks using a Fuzzy-Based Stateful ARP Cache
[9] Andre P. Ortega, Xavier E. Marcos: Preventing ARP Cache Poisoning Attacks A Proof of Concept using OpenWrt
[10] Seung Yeob Nam, Member, IEEE, Dongwon Kim, and Jeongeun Kim: Enhanced ARP: Preventing ARP Poisoning-Based Man-in-the-Middle Attacks
[11] M.M.Dessouky, W.Elkilany: A Hardware Approach for detecting the ARP Attack
[12] Libing Wu, Tianshui Yu: The Research and Implementation of ARP Monitoring and Protection
[13] Teerapat Sanguankotchakorn, Thanatorn Dechasawatwong: Automatic Attack Detection and Correction System Development
[14] Dr. S. G. Bhirud, Vijay Katkar: Light Weight Approach for IP-ARP Spoofing Detection and Prevention
[15] Haider Salim, Zhitang Li, Hao Tu, Zhengbiao Guo: Preventing ARP Spoofing Attacks through Gratuitous Decision Packet
[16] Gao Jinhua, Xia Kejian: ARP Spoofing Detection Algorithm Using ICMP Protocol
[17] Christian Benvenuti: Understanding Linux Network Internals
[18] Daniel P. Bovet, Marco Cesati: Understanding the Linux Kernel
[19] Jonathan Corbet, Alessandro Rubini: Linux Device Drivers, Third Edition.
指導教授 許富皓 審核日期 2015-7-23
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明