考慮服務品質限制下利用路由選徑與資源配置防禦分散式阻絕服務攻擊

Cheng-Bin Kuo; 郭承賓

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/27526

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松(Yeong-Sung Lin)
dc.contributor.author	Cheng-Bin Kuo	en
dc.contributor.author	郭承賓	zh_TW
dc.date.accessioned	2021-06-12T18:08:23Z	-
dc.date.available	2008-01-02
dc.date.copyright	2008-01-02
dc.date.issued	2007
dc.date.submitted	2007-12-12
dc.identifier.citation	[1] J. Mirkovic, P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms”, ACM SIGCOMM Computer Communications Review, Vol. 34, No. 2, April 2004. [2] H. Wang, D. Zhang, K. G. Shin, “Change-Point Monitoring for the Detection of DoS Attacks”, IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 4, Octorber-December 2004. [3] D. K. Y. Yau, J. C. S. Lui, F. Liang, Y. Yam, “Defending Against Distributed Denial-of-Service Attacks with Max-Min Fair Server-Centric Router Throttles”, IEEE/ACM Transactions on Networking, Vol. 13, No. 1, February 2005. [4] Y. Xiang, Y. Lin, W. L. Lei, S. J. Huang, “Detecting DDoS attack based on network self-similarity”, IEE Proc.-Commun, Vol. 151, No. 3, June 2004. [5] J. Mirkovic, P. Reiher, “D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks”, IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 3, July-September 2005. [6] D. Dittrich, “Distributed Denial of Service (DDoS) Attacks and Tools Page”, http://staff.washington.edu/dittrich/misc/ddos/ [7] S. Hansman, R. Hunt, “A Taxonomy of Network and Computer Attacks”, Computers & Security, Vol. 24, pp. 31-43, 2005. [8] T. Bu, S. Norden, T. Woo, “A survivable DoS-Resistant Overlay Network”, Computer Networks, Vol. 50, pp. 1281-1301, 2006. [9] K. T. Cheng, F. Y. S. Lin, “Near-Optimal Delay Constrained Routing in Virtual Circuit Networks”, IEEE INFOCOM, 2001. [10] W. E. Leland, M. S. Taqqu, W. Willinger, D. V. Wilson, “On the Self-Similar Nature of Ethernet Traffic (Extended Version)”, IEEE/ACM Transactions on Networking, Vol. 2, No. 1, February 1994. [11] Q. Yu, Y. Mao, T. Wang, F. Wu, “Hurst Parameter Estimation and Characteristics Analysis of Aggregate Wireless LAN Traffic”, In Proceeding IEEE International Communications, Circuits and Systems Conference, 2005. [12] J. Domanska, “The influence of traffic self-similarity on QoS mechanisms”, IEEE SAINT-W’05, 2005. [13] Y. G. Kim, A. Shiravi, P. S. Min, “Prediction-Based Routing through Least Cost Delay Constraint”, Proceedings of the 18th International Parallel and Distributed Processing Symposium (IPDPS’04). [14] G. Mazzini, R. Rovatti, G. Setti, “Self-Similarity in Max/Average Aggregated Processes”, Proceedings of the International Symposium on Circuits and Systems, 2004. [15] Z. Zeitlin, “Integer Allocation Problems of Min-Max Type with Quasiconvex Separable Functions”, Operations Research, Vol. 29, No. 1, January-February 1981. [16] D. M. Nicol, W. H. Sanders, K. S. Trivedi, “Model-Based Evaluation: From Dependability to Security”, IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 1, January-March 2004. [17] J. C. Knight, E. A. Strunk, K. J. Sullivan, “Towards a Rigorous Definition of Information System Survivability”, Proceeding of the DARPA Information Survivability Conference and Exposition (DISCEX 2003), Vol. 1, pp. 78-89, April 2003. [18] M. L. Fisher, “The Lagrangean Relaxation Method for Solving Integer Programming Problems”, Management Science, Vol. 27, No. 1, pp. 1-18, January 1981. [19] M. L. Fisher, “An Application Oriented Guide to Lagrangean Relaxation”, Interface, Vol. 15, No. 2, pp. 10-21, April 1985. [20] A. M. Geoffrion, “Lagrangean Relaxation and its Use in Integer Programming”, Mathematical Programming Study, Vol. 2, pp. 82-114, 1974. [21] L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson, “2006 CSI/FBI Computer Crime and Security Survey”, Computer Security Institute, 2006, http://GoCSI.com/ [22] Matpack C++ Numerics and Graphics Library, http://www.matpack.de/ [23] J. McDermott, “Attack-Potential-Based Survivability Modeling for High-Consequence Systems”, IEEE International Workshop on Information Assurance, 2005.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/27526	-
dc.description.abstract	隨著網路使用的普及，網路攻擊事件層出不窮，尤其是分散式阻絕服務攻擊，往往造成網路上服務提供者資源的損失以及使用者服務品質的權益受損。因此在遭受攻擊時，網路管理者為了維持使用者的服務品質，利用備用資源配置去良好地設計一個網路是有其需要的。本論文中，在滿足服務品質限制下將利用路由選徑以及資源配置去防禦智慧型的分散式阻絕服務攻擊。我們將攻防的情境轉化成一個最大最小化的雙層數學規劃問題；內層問題 (最小化) 代表當一個網路遭受某種模式的攻擊時，網路管理者利用決定最少的防禦資源配置需求以及路由選徑策略與去維持網路內部使用者的服務品質，外層問題 (最大化) 則為網路管理者假設在給定攻擊流量時，有一攻擊者利用攻擊模式的調整以求最大化網路的整體防禦資源需求。為了求得最佳解，我們利用拉格蘭日鬆弛法為基礎的演算法來處理內層的問題，並利用次梯度法為基礎的演算法來解外層的問題。解出問題之後，我們預期發展出有效率且有效用的演算法。	zh_TW
dc.description.abstract	As the popularity of networks is increasing, network attack events occur frequently, especially Distributed Denial-of-Service (DDoS) attacks. Upon such attacks, system resources are dramatically consumed and the Quality-of-Service (QoS) perceived by users significantly degrades. In order to achieve the objective of “continuity of services”, it is then essential that a network be well designed by spare resource allocation so as to maintain acceptable QoS levels upon such attacks. In this thesis, the problem of defense against intelligent DDoS attacks by routing and budget allocation (RB) under QoS constraints is considered. This problem is formulated as a max-min integer programming problem, where the inner (minimization) problem is for network administrators to determine the minimum amount of defense budget required and effective internal routing policies so as to defend the network against a given pattern of DDoS attacks under given QoS requirements, while the outer (maximization) problem is for network administrators to evaluate the worst-case defense resource required when attacks adjust the patterns of DDoS attack flows (AF) under a fixed total attack power. A Lagrangean relaxation-based algorithm is proposed to solve the inner problem, while a subgradient-based algorithm is proposed to solve the outer problem. It is expected that efficient and effective algorithms be developed accordingly.	en
dc.description.provenance	Made available in DSpace on 2021-06-12T18:08:23Z (GMT). No. of bitstreams: 1 ntu-96-R94725045-1.pdf: 895258 bytes, checksum: 2543ed2156342e9ff35ec902dfb3f63c (MD5) Previous issue date: 2007	en
dc.description.tableofcontents	謝誌 ........................................................................................................... I 論文摘要 ................................................................................................... II THESIS ABSTRACT ............................................................................ III Table of Contents ..................................................................................... V List of Tables ......................................................................................... VII List of Figures ...................................................................................... VIII Chapter 1 Introduction ............................................................................ 1 1.1 Background ....................................................................................... 1 1.2 Motivation ......................................................................................... 3 1.3 Literature Survey .............................................................................. 5 1.3.1 DDoS Attack and Defense ................................................... 5 1.3.2 Characteristics of the Network ............................................ 6 1.3.3 Network Survivability.......................................................... 8 1.4 Proposed Approach ........................................................................... 8 1.5 Thesis Organization .......................................................................... 9 Chapter 2 Problem Formulation .......................................................... 10 2.1 Problem Description ....................................................................... 10 2.2 Problem Formulation ...................................................................... 11 2.3 Problem Formulation of the RB Problem ....................................... 22 Chapter 3 Solution Approaches ............................................................ 27 3.1 Lagrangean Relaxation Method ...................................................... 27 3.2 The Solution Approach for the RB Problem .................................. 31 VI 3.2.1 Lagrangean Relaxation ...................................................... 31 3.2.1 The Dual Problem and the Subgradient Method ............... 39 3.2.2 Getting Primal Feasible Solutions ..................................... 40 3.3 Simple Algorithms .......................................................................... 43 3.4 The Solution Approach for the AFRB Problem .............................. 45 Chapter 4 Computational Experiments ............................................... 49 4.1 Computational Experiments of RB Problem .................................. 49 4.1.1 Experimental Environments .............................................. 49 4.1.2 Computational Experiments .............................................. 52 4.1.3 Discussion of Results ........................................................ 60 4.2 Computational Experiments of AFRB Problem ............................. 60 4.2.1 Computational Experiments .............................................. 61 4.2.2 Discussion of Results ......................................................... 63 Chapter 5 Conclusion and Future Work.............................................. 65 5.1 Conclusion ...................................................................................... 65 5.2 Future Work .................................................................................... 66 References ............................................................................................... 67
dc.language.iso	en
dc.subject	資源配置	zh_TW
dc.subject	分散式阻絕服務攻擊	zh_TW
dc.subject	拉格蘭日鬆弛法	zh_TW
dc.subject	服務品質	zh_TW
dc.subject	路由選徑	zh_TW
dc.subject	Lagrangean Relaxation	en
dc.subject	Distributed Denial-of-Service	en
dc.subject	Resource Allocation	en
dc.subject	Routing Assignment	en
dc.subject	Quality-of-Service	en
dc.title	考慮服務品質限制下利用路由選徑與資源配置防禦分散式阻絕服務攻擊	zh_TW
dc.title	Defense against Distributed Denial-of-Service (DDoS) Attacks by Routing Assignment and Resource Allocation under Quality-of-Service (QoS) Constraints	en
dc.type	Thesis
dc.date.schoolyear	96-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	孫雅麗,顏宏旭,呂俊賢,祝國忠
dc.subject.keyword	分散式阻絕服務攻擊,拉格蘭日鬆弛法,服務品質,路由選徑,資源配置,	zh_TW
dc.subject.keyword	Distributed Denial-of-Service,Lagrangean Relaxation,Quality-of-Service,Routing Assignment,Resource Allocation,	en
dc.relation.page	70
dc.rights.note	有償授權
dc.date.accepted	2007-12-13
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-96-1.pdf 未授權公開取用	874.28 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。