Loading...
|
Please use this identifier to cite or link to this item:
http://140.128.103.80:8080/handle/310901/5483
|
| Title: | DDoS攻擊之預警、偵測與追蹤 |
| Other Titles: | Intrusion Forecast, Detection and Traceback against DDoS attacks |
| Authors: | 楊惟傑
Young, Wei-Jie |
| Contributors: | 呂芳懌
Leu, Fang-Yie
東海大學資訊工程學系 |
| Keywords: | 入侵預警;入侵追蹤;CUSUM;DDoS;DRDoS
intrusion forecast;intrusion traceback;CUSUM;DDoS;DRDoS |
| Date: | 2005 |
| Issue Date: | 2011-05-19T08:18:59Z (UTC)
|
| Abstract: | 分散式拒絕服務 (Distributed Denial of Service, DDoS)對現今網路新興事業或與其密不可分者實為一大威脅。然,攻擊者常滲透亦或利用網路上之合法路由器及一般使用者之主機,在其不知情的情況下中參予攻擊,更藉著混淆網安系統使其無法分辨其合法性,以規避管理者之追查。 網路型入侵偵測系統(Network-based Intrusion Detection System ,NIDS)皆以監控並保護自身管理之網域之系統及網路安全為原則,大多數系統缺乏區域性之合作。當面對強大如DDoS攻擊時,網路安全系統應有全面性之互助防範機制。本研究擬在區域聯防(Union Defense)之架構下研製一結合預警功能之入侵偵測與追蹤系統(Intrusion Forecast, Detection and Traceback based on Union Defense Environment, IDFTS),而將網路劃分為許多管理單元(Network Management Unit, NMU) ,其可為企業內部網路亦或校園網路環境。並於每一管理單元中,建構一IDFTS以偵測非法之入侵行為並追蹤至該攻擊來源。偵測單元除了邏輯攻擊偵測之外,亦加入 CUSUM (Cumulative Sum) 演算法,以統計方式偵測異常流量之攻擊行為,如DDoS及DRDoS等,並可得知NMU內部主機在該攻擊中所扮演之角色。而在入侵追蹤單元建構上,採用了hashed-based的IP traceback機制,並透過與其他管理單元合作以追蹤入侵者之真實來源。 此外,亦提出一具預警功能之架構,於重要骨幹網域,吾人稱之為受保護網域(Protected NMU,P-NMU),相鄰網路管理單元中建置預警系統,預警單元將偵測攻擊,並將預警訊息內嵌於封包內,如此受保護網域可在封包抵達時,依據預警訊息決定封包之處理方式。目的是給予重要網域額外之保護且落實入侵預防。在兼具全域性的合作機制以及自主式之區域管理NMU方而給予使用者更安全的使用空間。
DDoS( Distributed Denial of Service) is the most troublesome attack nowadays, especially for those people whose operation environment relies on network services and/or the Internet. However, attackers often penetrate innocent routers and hosts to make them unwittingly participate in such a large scale attack as zombies or reflectors.Network-based Intrusion Detection System (NIDS) is developed to monitor network traffic in order to detect network intrusion. But NIDS often lacks global cooperative capability. When facing attacks, e.g., DDoS, an intrusion detection system (IDS) needs an overall scheme to respond properly. Also, Internet consists of Network management units (NMUs), such as enterprise intranets and campus networks,. It would be better if several adjacent or nearby surrounding NMUs can collaboratively guard and protect their important surrounded neighbor. In this article, we propose an Intrusion, Forecast, Detection & Traceback System (IDFTS) based on union defense environment. First, a detection system detecting logical and DoS/ DDoS attack is developed. DDoS (DRDoS) detector implemented with CUSUM algorithm is employed to discover the latter and identify what role a client in local NMU acts as in such an attack. Besides, a hashed-based intrusion tracer for a further cooperative tracing is deployed to help NMU identify malicious clients or prevent unconscious ones from being reflectors.The forecasting model monitors network forwarding traffic to forecast malicious behaviors for its neighbor NMU, called protected NMU(P-NMU) which can predetermine the way to treat the intrusion packets so that this model acts not only as a passive IDS but also as a proactive Intrusion Prevention system. Integrating global cooperation and autonomy as the key properties of a NMU can carry network security to a higher new achievement. Keywords: DDoS, DRDoS, intrusion detection, intrusion traceback, CUSUM |
| Appears in Collections: | [資訊工程學系所] 碩士論文
|
Files in This Item:
| File |
Size | Format | |
|---|
| index.html | 0Kb | HTML | 764 | View/Open |
|
All items in THUIR are protected by copyright, with all rights reserved.
|
