透過增量式分群過濾脈衝式阻斷服務攻擊

Chih-Wei Chen; 陳志蔚

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49292

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蕭旭君(Hsu-Chun Hsiao)
dc.contributor.author	Chih-Wei Chen	en
dc.contributor.author	陳志蔚	zh_TW
dc.date.accessioned	2021-06-15T11:22:25Z	-
dc.date.available	2016-12-31
dc.date.copyright	2016-08-26
dc.date.issued	2016
dc.date.submitted	2016-08-17
dc.identifier.citation	[1] M. Ackerman and S. Dasgupta. Incremental clustering: The case for extra clusters. In Advances in Neural Information Processing Systems, pages 307–315, 2014. [2] A. Broder and M. Mitzenmacher. Network applications of bloom filters: A survey. Internet mathematics, 1(4):485–509, 2004. [3] S. Cohen and Y. Matias. Spectral bloom filters. In Proceedings of the 2003 ACM SIGMOD international conference on Management of data, pages 241–252. ACM, 2003. [4] Y.-M. Ke, C.-W. Chen, H.-C. Hsiao, A. Perrig, and V. Sekar. Cicadas: Congesting the internet with coordinated and decentralized pulsating attacks. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pages 699–710. ACM, 2016. [5] A. Kuzmanovic and E. W. Knightly. Low-rate tcp-targeted denial of service attacks: the shrew vs. the mice and elephants. In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, pages 75–86. ACM, 2003. [6] S. J. Templeton and K. E. Levitt. Detecting spoofed packets. In DARPA Information Survivability Conference and Exposition, 2003. Proceedings, volume 1, pages 164–175. IEEE, 2003. [7] H. Wang, C. Jin, and K. G. Shin. Defense against spoofed ip traffic using hop-count filtering. IEEE/ACM Transactions on Networking (ToN), 15(1):40–53, 2007. [8] A. Yaar, A. Perrig, and D. Song. Stackpi: New packet marking and filtering mechanisms for ddos and ip spoofing defense. IEEE Journal on Selected Areas in Communications, 24(10):1853–1863, 2006. [9] C. Zhang, Z. Cai, W. Chen, X. Luo, and J. Yin. Flow level detection and filtering of low-rate ddos. Computer Networks, 56(15):3417–3431, 2012.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/49292	-
dc.description.abstract	低速分散式阻斷服務攻擊是一種具有隱蔽地攻擊性的網際網路攻擊手法。其中一種又稱之為脈衝分散式阻斷服務攻擊,這種攻擊的原理為利用 TCP 擁塞控制的弱點,只需要傳輸少於傳統的洪水型分散式阻斷服務攻擊的惡意流量,就能達到攻擊合法的 TCP 流量。它可以透過大量卻只維持短暫時間的流量來使目標網路暫時性地被中斷,導致合法的使用者發生封包遺失而無法順暢地連接。這種狡猾地攻擊難以被現今的防禦機制偵測。本論文方法使用漸進式分群來處理網路流量,因為其資料形式為封包依序進入。透過漸進式分群我們可以對各個使用者做分群依據擁塞時所傳送的行為。透過布隆過濾器 (Bloom Filter) 我們可以有效率地儲存在分群時所需要的資料。在分群之後,我們可以依群組做排序並動態地計算出閥值。透過閥值,可以增加小流量的 TCP 使用者通過的機會同時處理惡意的流量透過阻擋具有大流量的使用者。	zh_TW
dc.description.abstract	The Low-rate Distributed Denial-of-Service (LDDoS) attack is a network attack technique which can be harmful but stealthy. One type of the LDDoS attack, called pulsing DDoS attack, leverages the adaptive nature of the TCP congestion control mechanism. Pulsing DDoS attacks can suppress legitimate TCP traffic by sending fewer packets than traditional flooding DDoS attack. With a short period burst traffic, the pulsing DDoS attack aims to interrupt the target network temporarily and thus packet drop occurs, which makes the users unable to access the network. This kind of attack is crafty and hard to be detected efficiently by existing defensive approaches. In this thesis, we propose an efficient LDDoS defense mechanism using incremental clustering. Instead of keeping per-flow state, which is too heavy-weight for core routers, we classify flows according to the amount of traffic they sent during the congestion periods. Groups with larger flows get a lower priority and will be blocked ealier during congestion. With such, we increase the probability of small TCP traffic to pass the link and block the huge flows which most of them are malicious. In addition, we record the data which is necessary for the clustering and other related work in Bloom filters to keep up with high-speed per-packet processing.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T11:22:25Z (GMT). No. of bitstreams: 1 ntu-105-R03922110-1.pdf: 993372 bytes, checksum: 241d277a7848b42899f50b1e40f525eb (MD5) Previous issue date: 2016	en
dc.description.tableofcontents	口試委員會審定書 ...................... iii 誌謝 .................................. v Acknowledgements ...................... vii 摘要 .................................. ix Abstract .............................. xi 1 Introduction ........................ 1 2 Background .......................... 3 2.1 Background ........................ 3 2.1.1 Pulsing Denial of Service ....... 3 2.1.2 Bloom Filter .................... 3 2.1.3 Spectral Bloom Filter ........... 4 2.1.4 Incremental Clustering .......... 5 2.2 Related Work ...................... 5 2.2.1 Defense on Mechanism ............ 5 2.2.2 Difference of Behavior .......... 5 3 Problem Definition .................. 7 4 Proposed Solution ................... 9 4.1 Concept ........................... 9 4.2 Workflow .......................... 11 5 Evaluation .......................... 15 5.1 Analysis .......................... 15 5.2 Experiment Environment ............ 16 5.2.1 Abstraction of Reality .......... 16 5.2.2 Experiment Setup ................ 16 5.3 Result ............................ 17 5.4 Discussion ........................ 21 6 Conclusion .......................... 23 Bibliography .......................... 25
dc.language.iso	en
dc.subject	布隆過濾器	zh_TW
dc.subject	阻斷服務攻擊	zh_TW
dc.subject	低速率攻擊	zh_TW
dc.subject	脈衝式攻擊	zh_TW
dc.subject	DDoS	en
dc.subject	bloom filter	en
dc.subject	low rate attack	en
dc.subject	pulsing attack	en
dc.title	透過增量式分群過濾脈衝式阻斷服務攻擊	zh_TW
dc.title	Efficient Filtering of Pulsing DDoS using Incremental Clustering	en
dc.type	Thesis
dc.date.schoolyear	104-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	鄭欣明(Shin-Ming Cheng),黃俊穎(Chun-Ying Huang),黃世昆(Shih-Kun Huang)
dc.subject.keyword	阻斷服務攻擊,低速率攻擊,脈衝式攻擊,布隆過濾器,	zh_TW
dc.subject.keyword	DDoS,pulsing attack,low rate attack,bloom filter,	en
dc.relation.page	26
dc.identifier.doi	10.6342/NTU201603189
dc.rights.note	有償授權
dc.date.accepted	2016-08-19
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊工程學研究所	zh_TW
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-105-1.pdf 未授權公開取用	970.09 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。