博碩士論文 91522021 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:9 、訪客IP:44.211.239.1
姓名 謝彥偉(Yen-Wei Hsieh)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱 分散式阻斷服務下之過載保護機制
(An Overload Protection Mechanism Under DDoS Attack)
相關論文
★ 整合多樣配置組態下的藍芽射頻驗證系統★ 具檔案敘述相關語查詢之智慧型檔案搜尋系統
★ 具遲到者支援功能之網際網路簡報系統★ 以快速廣播法建構熱門視訊隨選服務伺服器
★ 具事件同步再現特性之遠程電傳展示伺服器★ 無線網路環境下之廣播資訊快速下載
★ 中文網站繁簡互訪協助系統★ 支援時光平移播放之調適性現場直播演算法
★ 用於互動式廣播之段落對齊法★ 熱門影片廣播法之影片區段復原機制
★ 配合熱門影片廣播的本地伺服器高效快取法★ 一個增進SIP在防火牆環境中應用的協同模組
★ 考量網頁熱門度之一致性雜湊法解決 網頁代理伺服器之負載平衡★ 以網域名稱伺服器為基礎之色情網站過濾系統
★ 使用熱門廣播法及支援點對點傳輸之影音內容傳遞網路★ 變動頻寬平滑化之熱門廣播演算法
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 近年來許多的網路攻擊突顯出網際網路上諸多的弱點,其中造成損害最大的可謂為分散式阻斷服務(DDoS),對於許多既存的防禦方法來說分散式的攻擊很難去防止。隨著網際網路的普及,在網路上愈來愈容易找到含有弱點的主機,有心的攻擊者可利用這些主機的弱點,來攻擊其它特定的網路主機,造成一般正常的使用者無法使用該主機的服務。
由於分散式阻斷服務有著壅塞和連續的特性,因此常常會因路由器的負載過重而造成封包無法正常傳遞。大多數的防禦機制都很難在壅塞的網路上做通訊,更遑論在發生攻擊時,再來做防禦。有鑑於此,本文提出分散式阻斷服務下之過載保護機制,可在攻擊發生時迅速且確實的將攻擊封包加以分流,並予以阻擋流量過大的來源,並將路由器的負載降低,以提供其它正常使用者的封包得以順利傳遞,並可配合其它的異常流量偵測演算法加強防禦的效果。
我們藉由建立實體的測試網路來實驗在受到分散式阻斷服務攻擊時,本文所提的方法之成效。實驗結果證明採用這套方法後可以在受到攻擊時能有效的減輕攻擊所造成的影響。
摘要(英) Many attacks on the internet reveal much vulnerability in recent years; causing the largest damage among them we called DDoS. For much existent defense strategies, the DDoS is hard to prevent. With the popularity of the internet, it is more and more easily to find vulnerable server; some intent attacker will use these weakness to attack the particular server that the service can’t be available to the legitimate user .
Due to DDoS has characteristic of congestion and continuity, so that the packet can’t be forwarded normally because of router-overloading. Most defense mechanism can’t communicate through the congested network; it is unnecessary to say that if attacks occur, other protection mechanism will work.
In view of this, this paper proposed the overload protection mechanism under DDoS that it can bypass the attacking packet quickly and precisely also defend large source and decrease loading of router when attacks occur in order to transmit packet fluently for other legitimate user. Moreover, it can work with other defense mechanism to enhance the performance of protection mechanism.
We use the physical topology to simulate the performance of our protection mechanism under DDoS attack. The result of our experiment evidenced that overload protection mechanism is practical and decreases the influence effectively.
關鍵字(中) ★ 路由器
★ 過載保護
★ 分散式阻斷服務
★ 壅塞
關鍵字(英) ★ router
★ overload protection
★ DDoS
★ congestion
論文目次 摘要
Abstract
目錄
圖目錄
表目錄
第一章 緒論
1-1研究動機
1-2論文架構
第二章 相關研究
2-1分散式阻斷服務
2-2攻擊工具
2-3 分散式阻斷服務的分類
2-4 現有的防禦策略
2-4-1 PUSHBACK
2-4-2 D-WARD
2-4-3 Overlay Network
第三章 系統架構
3-1 Bypass Guardian架構
3-2 Bypass Guardian
3-3流量記錄收集模組
3-4 資料存取模組
3-5 分流轉向模組
3-6 異常偵測模組
3-7 攻擊分析模組
3-8 過載保護機制
第四章 系統實作
4-1 功能模組
4-2 實作方法
4-3 測試環境
4-4 測試流程
4-5 未防禦之攻擊場景
4-6 有過載保護之攻擊場景
第五章 結論與未來工作
5-1 結論
5-2 未來研究
參考文獻
參考文獻 [1] http://www.cert.org/
[2] http://www.sans.org/
[3] http://www.insecure.org
[4] http://www.securityfocus.com/
[5] Microsoft Security Home Page http://www.microsoft.com/security/default.mspx
[6] DDoS attack tool timeline http://staff.washington.edu/dittrich/talks/sec2000/timeline.html
[7] Tfn attack tool analysis
http://staff.washington.edu/dittrich/misc/tfn.analysis.txt
[8] stacheldraht attack tool analysis
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt
[9] TFN2k attack tool analysis http://packetstormsecurity.com/distributed/TFN2k_Analysis-1.3.txt
[10] shaft attack tool analysis
http://home.adelphi.edu/~spock/shaft_analysis.txt
[11] Jelena Mirkovic, Janice Martin and Peter Reiher “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms” Computer Science Department University of California, Los Angeles
[12] Alefiya Hussain John Heidemann Christos Papadopoulos “A Framework for Classifying Denial of Service Attacks”
[13] Ratul Mahajan,Steven M. Bellovin,Sally Floyd,John Ioannidis, Vern Paxson, and Scott Shenker “Aggregate-Base Congestion Control” ICSI Center for Intenet Research(ICIR) AT&T Labs Research
[14] John Ioannidis, Steven M.Bellovin “Implementing Pushback: Router-Based Defense Against DDoS Attack” AT&T Labs Research
[15] Peter Reiher, Gregory Prier, Scott Michael, and Jun Li D-WARD: DDoS Network Attack Recognition and Defense home page “http://www.lasr.cs.ucla.edu/ddos/”
[16] J. Mirkovic, G. Prier and P. Reiher, “Attacking DDoS at the Source”, Proceedings of ICNP 2002, pp. 312-321, Paris, France, November 2002.
[17] Ju Wang Linyuan Lu Andrew A. Chien “Tolerating Denial of Service Attacks Using Overlay Networks ­Impact of Topology” Department of Computer Science and Engineering University of California, San Diego
[18] Ju Wang and Andrew A.Chien “An Analysis of Using Overlay Networks to Resist Distributed Denial-of-Service Attacks” Department of Computer Science and Engineering University of California,San Diego
[19] Angelos D. Keromytis Vishal Misra Dan Rubenstein “SOS:Secure Overlay Services” Department of Computer Science Department of Electrical Engineering Columbia University
[20] Hun-Jeong Kang, Seung-Hwa Chung, Seong-Cheol Hong, Myung-Sup Kim and James W. Hong “Towards Flow-based Abnormal Network Traffic Detection” DP&NM Lab.
[21] Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones ,Fabrice Tchakountio “Hash-Based IP Traceback”
[22] Bao-Tung Wang, Henning Schulzrinne “An IP Traceback Mechanism for Reflective DoS Attacks” Department of Computer Science, Columbia University
[23] Rocky K.C.Chang “Defending against Flooding-Based Distributed Denial-of-Service Attacks:A Tutorial The Hong Kong Polytechnic University
[24] Udaya Kiran Tupakula,Vijay Varadharajan “A Practical Method to Couteract Denial of Service Attacks” Information and Networked System Security Research Division of Information and Communication Sciences Macquarie University Sydney,Australia
[25] William G.Morein, Angelos Stavrou, Debra L.Cook,etc... ”Using Graphic Turing Tests To Counter Automated DDoS Attacks Against Web Servers” Department of Computer Science ,Department of Electical Engineering Columbia University in the City of New York
指導教授 曾黎明(Li-Ming Tseng) 審核日期 2004-7-19
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明