Responsive image
博碩士論文 etd-0714105-142944 詳細資訊
Title page for etd-0714105-142944
論文名稱
Title
以螞蟻演算法追蹤阻斷服務攻擊來源之研究
Denial of Service Traceback: an Ant-Based Approach
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
60
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2005-07-04
繳交日期
Date of Submission
2005-07-14
關鍵字
Keywords
NetFlow、螞蟻演算法、阻斷服務攻擊、IP 追溯
IP traceback, Ant Algorithm, DoS, NetFlow
統計
Statistics
本論文已被瀏覽 5845 次,被下載 0
The thesis/dissertation has been browsed 5845 times, has been downloaded 0 times.
中文摘要
阻斷服務攻擊伴隨來源位址偽造已經成為網際網路上主要的安全威脅。入侵偵測系統常用來偵測阻斷服務攻擊並且配合防火牆來阻擋攻擊,然而,阻斷服務攻擊封包將會消耗或甚至耗盡所有的資源而導致網路效能降低甚至癱瘓整個網路。
Abstract
The Denial-of-Service (DoS) attacks with the source IP address spoofing techniques has become a major threat to the Internet. An intrusion detection system is often used to detect DoS attacks and to coordinate with the firewall to block them. However, DoS attack packets consume and may exhaust all the resources, causing degrading network performance or, even worse, network breakdown. A proactive approach to DoS attacks is allocating the original attack host(s) issuing the attacks and stopping the malicious traffic, instead of wasting resources on the attack traffic.
In this research, an ant-based traceback approach is proposed to identify the DoS attack origin. Instead of creating a new type or function needed by the router or proceeding the high volume, find-grained data, the proposed traceback approach uses flow level information to spot the origin of a DoS attack.
Two characteristics of ant algorithm, quick convergence and heuristic, are adopted in the proposed approach on finding the DoS attack path. Quick convergence efficiently finds out the origin of a DoS attack; heuristic gives the solution even though partial flow information is provided by the network.
The proposed method is validated and evaluated through the preliminary experiments and simulations generating various network environments by network simulator, NS-2. The simulation results show that the proposed method can successfully and efficiently find the DoS attack path in various simulated network environments, with full and partial flow information provided by the network.
目次 Table of Contents
Chapter 1 Introduction..........................................1
1.1 Problem definition.......................................................................................................2
1.2 Motivation....................................................................................................................4
Chapter 2 Related work........................................6
2.1 IP Traceback.................................................................................................................6
2.1.1. Packet marking.................................................................................................6
2.1.2. Logging............................................................................................................8
2.2 Network Flow............................................................................................................11
2.3 Ant Algorithm............................................................................................................12
Chapter 3 Ant-Based DoS Traceback.................17
3.1 NetFlow......................................................................................................................17
3.2 The Proposed Solution...............................................................................................20
3.3 Extension to partial flow information........................................................................24
Chapter 4 System Design and Verification.........29
4.1 System Architecture...................................................................................................29
4.2 Flow Management.....................................................................................................31
4.3 Preliminary Experiment.............................................................................................34
Chapter 5 Performance evaluation......................42
5.1 Simulation topology...................................................................................................42
iii
5.2 Simulation scenario....................................................................................................44
Chapter 6 Conclusions........................................56
Reference............................................................58
參考文獻 References
1. Computer Security Institute, “CSI/FBI Computer Crime and Security Survey, “2003, http://www.crime-research.org/news/11.06.2004/423/
2. Computer Emergency Response Team/Coordination Center, “Denial of Service Attacks,” 2001, http://www.cert.org/tech_tips/denial_of_service.html
3. W. Stallings, “Cryptography and Network Security,” 2001
4. S. Savage, D. Wetherall, A.Karlin, and T.Anderson ., “Network Support for IP Traceback,” IEEE/ACM Trans. Networking, vol. 9, no. 3, 2001, pp.226–237.
5. D. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” Proc. IEEE INFOCOM, IEEE CS Press, 2001, pp. 878–886.
6. H. Aljifri, M. Smets, and A. Pons, “IP Traceback Using Header Compression,” Computers & Security, vol. 22, no.2, 2003, pp. 136–151.
7. D. Dean, M. Franklin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Trans. Information and System Security, vol. 5, no. 2, 2002, pp. 119–137
8. A.C. Soneren, C. Partridge, L.A. Sanchez, C.E. Jones, F. Tachakountio, B. Schwartz, S.T. Kent and W.T. Strayer ,”Single-packet IP Traceback,” IEEE/ACM Trans. Networking, vol. 10, no.6, 2002, pp.721–734
9. W.T Strayer, C.E. Jones, F. Tachakountio, B. Schwartz, R.C. Clements, M. Condell and C. Partridge ,”Traceback of Single IP Packets Using SPIE,” Proc. DARPA information Survivability Conference and Exposition – vol. 2 April 22 -24, 2003 Washington, DC. pp. 266
10. T. Baba and S. Matsuda ,“Tracing Network Attacks to Their Sources,” IEEE Internet Computing, vol. 6, no. 3, 2002, pp. 20–26
11. T.L. Pao and P.W. Wang ,”NetFlow Based Instruction Detection System,” Proc. IEEE International Conference on Network, Sensing and Control, March 21-23, 2004 Taipei, pp. 731-736
12. J. Mirkovic, G. Prier and P. Reiher,”Attack DDoS at the Source,” Proc. the 10th IEEE International Conference on Network Protocols, Nov, 2002 Paris, pp.312-321
13. G. Upton, “Swarm Intelligence”
http://www.cs.earlham.edu/~uptongl/project/Swarm_Intelligence.html
14. G. D. Caro and M. Dorigo ,” AntNet: Distributed Stigmergetic Control for Communications Networks,” Journal of Artificial Intelligence Research 9, 1998, pp. 317-36
15. M. Dorigo, V. Maniezzo & A. Colorni,” The Ant System: An Autocatalytic Optimizing Process,” Technical Report No. 91-016 Revised, Politecnico di Milano, Italy, 1991
16. M. Dorigo, V. Maniezzo, and A. Colorni ,” The Ant System: Optimization by a colony of cooperating agents,” IEEE/ACM Trans. On System, Man and Cybernetics-Part B, vol.26, no.1, 1996, pp. 1-13
17. M. Dorigo , G.D. Caro , L.M. Gambardella, “Ant algorithms for discrete optimization, “ Artificial Life, v.5 n.2, pp.137-172, April 1999
18. Y. Gong ,”Detecting Worms and Abnormal Activities with NetFlow,” http://www.securityfocus.com/infocus/1796
19. Cisco ,” NetFlow Services Solutions Guide,” http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm
20. Cisco ,"NetFlow Services and Application,” http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
21. Scientific Linux
https://www.scientificlinux.org/
22. flow-tools information
http://www.splintered.net/sw/flow-tools/
23. Stanford Stream data manager
http://www-db.stanford.edu/stream/
24. J. Sommers, H. Kim and P. Barford,” Harpoon: a flow-level traffic generator for router and network tests,” ACM SIGMETRICS Performance Evaluation Review, vol 32 , issue 1, June 2004, pp.392
25. VMware
http://www.vmware.com/
26. zebra
http://www.zebra.org/
27. fprobe
http://fprobe.sourceforge.net/
28. hping
http://www.hping.org/
29. NS-2
http://www.isi.edu/nsnam/ns/
30. BRITE
http://www.cs.bu.edu/brite/
31. TIERS
http://www.nrg.cs.uoregon.edu/topology_generation/tiers.html
32. GT-ITM
http://www.cc.gatech.edu/projects/gtitm/
33. O. Heckmann, M Piringer, J. Schmitt and R. Steinmetz,”On Realistic Network Topologies for Simulation”, Proc.the ACM SIGCOMM 2003 Workshops on Models,methods and toos for reproducible network research, 2003 Germany, pp. 28-32
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available

您的 IP(校外) 位址是 35.174.62.162
論文開放下載的時間是 校外不公開

Your IP address is 35.174.62.162
This thesis will be available to you on Indicate off-campus access is not available.

紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code