論文使用權限 Thesis access permission:校內公開,校外永不公開 restricted
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus:永不公開 not available
博碩士論文 etd-0623104-145745 詳細資訊
Title page for etd-0623104-145745
論文名稱 Title |
利用探針封包來修補IP Traceback 的不完全路徑 Using Probing Packets to Repair The Incomplete IP Traceback |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
43 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2004-06-11 |
繳交日期 Date of Submission |
2004-06-23 |
關鍵字 Keywords |
網路攻擊、網路安全 DoS, IP traceback |
||
統計 Statistics |
本論文已被瀏覽 5675 次,被下載 13 次 The thesis/dissertation has been browsed 5675 times, has been downloaded 13 times. |
中文摘要 |
本篇論文推薦一個改良PPM的方法,來改進PPM需要每個router都支援的弱點,就是說,如果PPM系統中有一個router不支援,PPM便沒有辦法執行。 文中我們首先討論一個和兩個router不支援的情形:使用演算法來解決。三個和四個router不支援的情形:使用RR選項來解決。五個以上:使用Loosen Source Routing解決,文中router使用temp table來記錄不支援的router的路徑,以便PPM系統開始作用時可以使用,另外router也使用hop table以避免不同路徑封包的混淆。hop table 也可以用來暫存一些封包,以避免覆蓋到之前router的PPM封包。 |
Abstract |
An enhancement of probability packet marking (PPM) used to trace back the DoS attacker is proposed by this paper. Our work is based on the probabilistic packet marking algorithm by Savage[1] in which an attack graph can be reconstructed by a victim site. Furthermore, we discuss some routers which do not support PPM in attacked path called non-PPM router. We use algorithm to recover one and two successive non-PPM routers. Recover three and four successive non-PPM routers by using IP RR (record routing) option. Five successive non-PPM routers and above are between two PPM routers, we discuss about Loosen Source Routing that record all traveled IP addresses into IP header. The temp table record edges which produced by proposed algorithm. And the hop table records which path the packet come from. Before the PPM system run, routers send probe packets we proposed above to recover the incomplete attack path. |
目次 Table of Contents |
Abstract Chapter One: Introduction…..………………..……….…………........1 1-1 Background…………………………………………..………1 1-2 Motives and Objectives……..……..………..…………….....3 1.3 Types of Dos attack…………………………………………..4 1-3-1 TCP -SYN attack:……………………………………………….5 1-3-2 Flooding attack:………………………………………….……..7 Chapter Two: Related work...................................................................8 2-1 Ingress filtering..…………..……………….………………..8 2-2 Link Testing….. ……………………………………………..9 2-2-1 Logging and Controlled flooding…………………...…………10 2-3 ICMP traceback messages………………………………..12 Chapter Three: Development……........................................................16 3-1 Node Append …………..……………..………….…………16 3-2 Node Sampling ……………………..…………….………...17 3-2 Edge Sampling ……………………..………….…………...17 Chapter Four: The PPM with probing packets ……..........................22 4-1 To change the marking procedure………..………………..26 4-2 The PPM with probing packets………..……………….…..29 4-3 The temp table………………………..………………….….33 4-4 The hop table…………..…………………………………....35 4-5 More non-PPM routers………..……………………………35 Chapter Five: Conclusion……..............................................................41 References………………………………………………………………42 |
參考文獻 References |
[1] S. Savage, D.Wetherall, A. Karlin, and T. Anderson. Practical network support for ip traceback. In Proceedings of the 2000 ACMSIGCOMMConference, pages 295 – 306, Stockholm,Sweden, August 2000. [2] S. M. Bellovin. ICMP Traceback Messages. Work in Progress, Internet Draft draft-bellovin-itrace-00.txt,March 2000. [3] D. X. Song and A. Perrig. Advanced and authenticated marking schemes for ip traceback. In Proceedings of IEEE INFOCOM ’01, April 2001. [4] E. Steven M. Bellovin. Icmp traceback messages, internet draft: draft-bellovin-itrace-00.txt. submitted Mar. 2000, expiration date Sep. 2000. [5] S. F. Wu, L. Zhang, D. Massey, and A. Mankin. Intentiondriven icmp trace-back, internet draft: draft-wu-itraceintention-00.txt. submission date Feb. 2001, expiration date Aug. 2001. [6] G. Sager, “Security Fun with OCxmon and cflowd,” presented at the Internet 2 Working Group, Nov. 1998. [7] R. Stone, “CenterTrack: An IP overlay network for tracking DoS floods,” in Proc. 2000 USENIX Security Symp., July 2000, pp.199–212. [8] Stefan Savage, David Wetherall, Member, IEEE, Anna Karlin, and Tom Anderson Network Support for IP Traceback IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 9, NO. 3, JUNE 2001. [9] Hassan Aljifri University of Miami, published by the IEEE computer society, IP Traceback: A New Denial-of-Service Deterrent? 1540-7993/03/2003 IEEE, IEEE security and privacy. [12]. W. Lee and K. Park, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack,” Proc. IEEE INFOCOM, IEEE CS Press,2001, pp. 338–347. [13]. M. Adler, “Tradeoffs in Probabilistic Packet Marking for IP Traceback,” Proc. 34th ACM Symp. Theory of Computing, ACM Press, 2002, pp. 407–418. [14]. S.Savage et al., “Network Support for IP Traceback,”IEEE/ACM Trans. Networking, vol. 9, no. 3, 2001, pp.226–237. [15]. M. Waldvogel, “GOSSIB vs. IP Traceback Rumors,”Proc. 18th Ann. Computer Security Applications Conf.(ACSAC 2002), 2002, pp. 5–13. [16]. D. Song and A. Perrig, “Advanced and Authenticated Marking Schemes for IP Traceback,” Proc. IEEE INFOCOM, IEEE CS Press, 2001, pp. 878–886. [17]. D. Dean, M. Franklin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” ACM Trans. Information and System Security, vol. 5, no. 2, 2002, pp.119–137. [18]. M. Goodrich, “Efficient Packet Marking for Large-Scale IP Traceback,” Proc. 9th ACM Conf. Computer and Communication Security, ACM Press, 2002, pp. 117–126. [19]. H. Aljifri, M. Smets, and A. Pons, “IP Traceback Using Header Compression,” Computers & Security, vol. 22, no.2, 2003, pp. 136–151. [20] Yoohwan Kim, ju-yeon Jo, H.Jonathan Chao and Frank Merat,”High-Speed Router Filter for Blocking TCP Flooding under DDoS Attack” Electrical and Computer Engineering Department Polytechnic university, Brooklyn, NY 11201 [21] Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao”Dectecting Distributed Denial of Service Attacks Using Source IP Address Monitoring” ARC Special Research Center for Ultra-Broadband Information Networks Department of Electrical and Electronic Engineering, The University of Melbourne, Victoria 3010, Australia [22]D. Moore, G. Voelker, and S. Savage, “Inferring Internet Denial-of-Service Activity” Proc. 10th USENIX Sec. Symp.,2001 |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 您的 IP(校外) 位址是 3.135.202.224 論文開放下載的時間是 校外不公開 Your IP address is 3.135.202.224 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS