 |
|
|
|
以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:18 、訪客IP:3.131.13.194
姓名 洪瑞奕(Ruei-yih Hung) 查詢紙本館藏 畢業系所 資訊工程學系 論文名稱
(Migmod: A Mechanism to Establish a TCP/IP Connection under DDoS Attacks)相關論文 檔案 [Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
至系統瀏覽論文 (2024-6-30以後開放)
摘要(中) 近年來,分散式阻斷服務攻擊的威脅性不斷增加。然而,目前對分散式阻斷服務攻擊尚未有一套完善的方法,能夠在轉移服務時同時保持連線,並即時將新連線導向新的目標。在本研究中,將基於一套可能夠在轉移服務時同時保持連線的系統上,提出一個能即時將新連線導向新的目標的方法,進一步提升在分散式阻斷服務攻擊發生時,受該系統保護的服務的存活性。
在此篇論文中,我們將會簡單的介紹我們的動機與目標,接著介紹我們所使用的基礎系統。接著我們會介紹加入了新機制的系統的運作概念與系統架構。然後講述實作的細節。最後是效能的分析與討論。
摘要(英) In recent years, Distributed Denial-of-Service (DDoS) attacks have become more and more threatening. However, there has not been a perfect methodology can keep connections alive during migrating services, and permit new connections to new host immediately at the same time. In this work, we based on a system that can keep connections alive during migrating services then propose a new mechanism to permit new connections to new host immediately, and thus improve the service availability during DDoS attack.
In this thesis, we will talk about our motivation and purpose. Then we will introduce the base system we are going to use. After that, we will present the principle of Migmod, its system structure, and implementation details. At the end, we will discuss the performance evaluation and future works.
關鍵字(中) ★ 分散式阻斷服務攻擊
★ 即時移轉
★ 可載入核心模組
★ 三向交握關鍵字(英) ★ Distributed Denial-of-Service attack
★ Live migration
★ Loadable Kernel Module
★ Three-way handshake論文目次 中文摘要 i
Abstract ii
誌謝 iii
Contents iv
List of figures vi
List of tables viii
Chapter 1 Introduction 1
Chapter 2 Background 3
2.1 Method for Live Migrating Virtual Machine (LMVM) 3
Chapter 3 System Principle 5
Chapter 4 System Structure 7
4.1 System Overview 7
4.1.1 Connection Handler 8
4.1.2 DDoS Detector 8
4.1.3 Packet Handler 8
4.1.4 SYN Checker 8
4.1.5 Firewall 9
4.1.6 Informer 9
4.2 Connection with Migmod under Normal Situation 10
4.3 Migrate Connection with Migmod under DDoS Attacks 12
4.4 Transfer with Migmod under DDoS Attacks 14
Chapter 5 Implementation 18
5.1 Design Overview 18
5.2 Connect to a Unprotected Server 19
5.3 CCH Connect to a Protected Server 20
5.4 CCH Workflow when the Server does not Response 21
5.5 Connect to Protected Server through Proxy 1 being DDoS Attacked 22
Chapter 6 Evaluation 23
6.1 System Specification 23
6.2 Existed Functionality Test 23
6.3 Connect to Protected Server under Normal Situation 24
6.4 Connect to Protected Server under Simulate DDoS Attacks 26
Chapter 7 Discussion 27
7.1 Redundant Component 27
7.2 Connect to a Unprotected Server 27
7.3 Multiple Transfer 28
7.4 System Compatibility 28
Chapter 8 Conclusion 29
Reference 30參考文獻 [1] “DDoS attacks in Q1 2019” May 2019, https://securelist.com/ddos-report-q1-2019/90792/ (Accessed on 7/22/2019)
[2] Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou., “Understanding the Mirai Botnet,” In Proc. 26th USENIX Security Symposium, Aug 2017.
[3] Hsu et al., “Method for live migrating virtual machine,” February 20, 2018, http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=9898319&OS=9898319&RS=9898319 (Accessed on 7/22/2019)
[4] C. Clark, K. F., S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, A. Warfield., “Live Migration of Virtual Machines,” NSDI′05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation, vol. 2, pp.273-286, May 2005.
[5] ZhiYao Zhong, “Handover: A Mechanism to Improve the Availability of Network Services after Live Migration under Private Networks,” National Central University, Master′s degree, Jun 2016.
指導教授 許富皓(Fu-hao Hsu) 審核日期 2019-8-19 推文 plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
網路書籤 Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit