 |
|
|
|
以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:43 、訪客IP:3.17.162.140
姓名 陳俊傑(Chun-Chieh Chen) 查詢紙本館藏 畢業系所 資訊工程學系 論文名稱 以重疊網路防禦分散式阻斷服務攻擊
(An Overlay Defense System against DDoS)相關論文 檔案 [Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
[檢視]
- 本電子論文使用權限為同意立即開放。
- 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
- 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
摘要(中) 近年來的許多網路攻擊突顯出網路上許多的弱點,更加顯示了網路安全的重
要性。其中造成損害最大的可說是分散式阻斷服務攻擊 (Distributed Denial of
Service, 簡稱DDoS)。
由於DDoS 攻擊是大量且分散的,沒有任何防護措施的伺服器,在受到DDoS
攻擊時,可能在數分鐘內就會被癱瘓,所以抵禦DDoS 攻擊的防禦措施很重要。
我們提出利用監測系統和重疊網路的技術來及時啟動防禦系統,隱藏服務主機的
位置,阻擋分散式阻絕服務攻擊,並提供正常的服務給合法使用者。重疊網路
(Overlay Network)係指利用Proxy 等技術,將某應用伺服器多點散布在廣大的
網路中,以達到增進網路安全之目的。在攻擊發生時,可以立刻有效的針對分散
的攻擊加以阻擋來保護伺服器。
我們藉由建立實體的測試網路來實驗我們所提系統的可行性。實驗結果證明
本系統可以有效的阻擋攻擊。摘要(英) Many attacks on the internet reveal much vulnerability in recent years
that more emphasizes the importance of the security of Internet. Among
them, DDoS causes the largest damage.
Due to DDoS attack is huge and distributed, so that the servers with
no protection may be to become paralyzed under attacks in several minutes.
So the defense mechanism against DDoS is very important. We proposal is
that using detection system and overlay network to start defense system
in time, to hide the location of servers, to resist DDoS attacks and to
provide services to legitimate users. What Overlay Network means is that
using proxy to distribute some service server over the internet, so that
to achieve the purpose of enhancing internet security. When attacks
happens, it can effectively resist distributed attacks to protect
servers.
We use the physical topology to experiment the practice of our system.
The result of our experiment evidenced that our system cat effectively
resist attacks.關鍵字(中) ★ 監測系統
★ 分散式阻斷服務攻擊
★ 重疊網路關鍵字(英) ★ overlay network
★ detection system
★ DDoS論文目次 摘要................................................................................................................................ I
ABSTRACT ......................................................................................................................II
目錄............................................................................................................................. III
圖目錄..........................................................................................................................V
表目錄........................................................................................................................ VI
第一章 緒論.................................................................................................................1
1.1 研究背景................................................................................................................1
1.2 研究動機................................................................................................................2
1.3 論文架構................................................................................................................2
第二章 相關研究.........................................................................................................3
2.1 分散式阻斷服務....................................................................................................3
2.2 分散式阻斷服務的分類........................................................................................5
2.3 現有的防禦策略....................................................................................................7
2.3.1 實驗室的成果............................................................................................7
2.3.2 TRACEBACK .....................................................................................................8
2.3.3 PUSHBACK .......................................................................................................9
2.3.4 D-WARD ......................................................................................................10
2.3.5 OVERLAY NETOWRK .........................................................................................11
第三章 系統架構.......................................................................................................15
3.1 OVERLAY DEFENSE SYSTEM 架構.................................................................................15
3.2 系統流程..............................................................................................................17
3.3 系統功能模組......................................................................................................18
3.3.1 MONITOR AGENT.............................................................................................20
3.3.2 IDENTIFICATION AGENT .................................................................................20
3.3.3 PROXY AGENT................................................................................................23
第四章 系統實作.......................................................................................................24
4.1 系統功能模組實作..............................................................................................24
4.1.1 MONITOR AGENT.............................................................................................24
4.1.2 IDENTIFICATION AGENT .................................................................................26
4.1.3 PROXY AGENT................................................................................................27
4.2 系統實驗網路環境..............................................................................................27
4.3 討論......................................................................................................................29
第五章 模擬實驗測試...............................................................................................31
5.1 沒有防禦系統的攻擊情形..................................................................................31
5.2 有防禦系統的攻擊情形......................................................................................36
第六章 結論與未來工作...........................................................................................41
6.1 結論......................................................................................................................41
6.2 未來工作..............................................................................................................41
參考文獻.....................................................................................................................42參考文獻 [1] Rocky K. C. Chang, “Defending against Flooding-Based Distributed
Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine, Oct.
2002, pp. 42-51.
[2] Jelena Mirkovic and Peter Reiher, “A Taxonomy of DDoS Attack and DDoS
Defense Mechanisms,” ACM SIGCOMM Computer Communications Review, Apr.
2004, Vol. 34, No. 2, pp. 39-54.
[3] Alefiya Hussain, John Heidemann and Christos Papadopoulos, “A Framework for
Classifying Denial of Service Attacks,” ACM SIGCOMM, Augest 2003, pp.
99-110.
[4] Andrey Belenky and Nirwan Ansari, “On IP Traceback,” IEEE Communication
Magazine, July 2003, pp. 142-153.
[5] Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioammidis, Vern Paxson
and Scott Shenker, “Aggregate-Base Congestion Control,” ICSI Center for
Internet Research (ICIR) AT&T Labs Research.
[6] John Ioammidis and Steven M. Dellovin, “Implementing Pushback: Router-Based
Defense Against DDoS Attack,” Proc. Network and Distributed System Security
Symp., pp.6–8.
[7] Jelena Mirkovic, Gregory Prier and Peter Reiher, “Attacking DDoS at the Source,”
Proceedings of ICNP 2002, Nov. 2002, pp. 312-321.
[8] Ju Wang, Linyuan Lu and Andrew A. Chien, “Tolerating Denial-of-Service
Attacks Using Overlay Networks – Impact of Topology,” ACM SSRS 2003, Oct.
2003.
[9] A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure Overlay Services,”
Proc. ACM SIGCOMM, Aug. 2002, pp. 61-72.
[10] A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: An Architecture for
Mitigating DDoS Attacks,” IEEE JOURNAL ON SELECTED AREAS IN
COMMUNICATIONS, Vol. 22, No. 1, Jan. 2004.
[11] D. L. Cook, W. G. Morein, A. D. Keromytis, V. Misra and D. Rubenstein,
“WebSOS: Protecting Web Servers from DDoS Attacks,” 11th IEEE International
Conference 2003, pp. 461-466.
[12] W. G. Morein, A. Stavrou, D. L. Cook, A. D. Keromytis, V. Misra and D.
Rubenstein, “Using Graphic Turing Tests To Counter Automated DDoS Attacks
Against Web Servers,” CCS’03, Oct. 2003.
[13] Angelos Stavrou, Angelos D. Keromytis, Jason Nieh, Vishal Misra and Dan
Rubenstein, “MOVE: An End-to-End Solution To Network Denial of Service,”
Internet Society NDSS’05, Feb. 2005.
[14] Steven Osman, Dinesh Subhraveti, Gong Su and Jason Nieh, “The Design and
Implementation of Zap: A System for Migrating Computing Environments,”
Proc. Of the 5th Symposium on Operating Systems Design and Implementation,
Dec. 2002.
[15] Min Cai, Kai Hwang, Yu-Kwong Kwok, Shanshan Song and Yu Chen,
“Collaborative Internet Worm Containment,” IEEE SECURITY & PRIVACY,
2005, pp. 24-33
[16] Vinod Yegneswaran, Paul Barford and Somesh Jha, “Global Intrusion Detection
in the DOMINO Overlay System,” Computer Sciences Department, University
of Wisconsin, Madison.
[17] 謝彥偉, “分散式阻斷服務下之過載保護機制, ? 國立中央大學資訊工程
所碩士論文, 民國93 年.
[18] 參考網站
http://www.cert.org/
[19] 參考網站
http://www.sans.org/
[20] 參考網站
http://www.insecure.org/
[21] 參考網站
http://www.securityfocus.com/
[22] 參考網站
Microsoft Security Home Page
http://www.microsoft.com/security/default.mspx
[23] 參考網站
D-WARD: DDoS Network Attack Recognition and Defense
http://www.lasr.cs.ucla.edu/ddos/
[24] 參考網站
DDoS attack tool timeline
http://staff.washington.edu/dittrich/talks/sec2000/timeline.html
[25] 參考網站
Tfn attack tool analysis
http://staff.washington.edu./dittrich/misc/tfn.analysis.txt
[26] 參考網站
stacheldraht attack tool analysis
http://staff.washington.edu./dittrich/misc/stacheldraht.analysis.txt
[27] 參考網站
TFN2K attack tool analysis
http://packetstormsecurity.com/distributed/TFN2K_Analysis-1.3.txt
[28] 參考網站
shaft attack tool analysis
http://home.adelphi.edu/~spock/shaft_analysis.txt指導教授 曾黎明(Li-Ming Tseng) 審核日期 2005-7-21 推文 plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
網路書籤 Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit