Skip navigation

DSpace

機構典藏 DSpace 系統致力於保存各式數位資料(如:文字、圖片、PDF)並使其易於取用。

點此認識 DSpace
DSpace logo
English
中文
  • 瀏覽論文
    • 校院系所
    • 出版年
    • 作者
    • 標題
    • 關鍵字
  • 搜尋 TDR
  • 授權 Q&A
    • 我的頁面
    • 接受 E-mail 通知
    • 編輯個人資料
  1. NTU Theses and Dissertations Repository
  2. 電機資訊學院
  3. 電機工程學系
請用此 Handle URI 來引用此文件: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/83096
完整後設資料紀錄
DC 欄位值語言
dc.contributor.advisor林宗男zh_TW
dc.contributor.advisorTsung-Nan Linen
dc.contributor.author謝至宥zh_TW
dc.contributor.authorChih-Yu Hsiehen
dc.date.accessioned2023-01-08T17:03:10Z-
dc.date.available2023-11-09-
dc.date.copyright2023-01-06-
dc.date.issued2022-
dc.date.submitted2022-12-19-
dc.identifier.citationInternetLiveStats. Total number of websites - internet live stats. Accessed: 2022-07-17. [Online]. Available: https://www.internetlivestats.com/total-number-of-websites/
Netcraft. (2022, Jun.) June 2022 web server survey | netcraft news. [Online]. Available: https://news.netcraft.com/archives/2022/06/30/june-2022-web-server-survey.html
L. Abrams. Ddos attack trends in 2022: Ultrashort, powerful, multivector attacks. Accessed: 2022-07-17. [Online]. Available: https://www.bleepingcomputer.com/news/security/ddos-attack-trends-in-2022-ultrashort-powerful-multivector-attacks/
O. Yoachimik. Ddos attack trends for 2022 q2. Accessed: 2022-07-17. [Online]. Available: https://blog.cloudflare.com/ddos-attack-trends-for-2022-q2/
N. Muraleedharan and B. Janet, “Behaviour analysis of http based slow denial of service attack,” in 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), 2017, pp. 1851–1856.
RSnake. (2009) Slowloris http dos. [Online]. Available: https://web.archive.org/web/20150426090206/http://ha.ckers.org/slowloris
E. Damon, J. Dale, E. Laron, J. Mache, N. Land, and R. Weiss, “Hands-on denial of service lab exercises using slowloris and rudy,” in Proceedings of the 2012 Information Security Curriculum Development Conference, ser. InfoSecCD ’12. New York, NY, USA: Association for Computing Machinery, 2012, p. 21–29. [Online]. Available: https://doi.org/10.1145/2390317.2390321
J. Park, K. Iwai, H. Tanaka, and T. Kurokawa, “Analysis of slow read dos attack and countermeasures on web servers,” International Journal of Cyber-Security and Digital Forensics, vol. 4, no. 2, pp. 339–353, 2015.
T. Hirakawa, K. Ogura, B. B. Bista, and T. Takata, “A defense method against distributed slow http dos attack,” in 2016 19th International Conference on Network-Based Information Systems (NBiS), 2016, pp. 152–158.
K. Hong, Y. Kim, H. Choi, and J. Park, “Sdn-assisted slow http ddos attack defense method,” IEEE Communications Letters, vol. 22, no. 4, pp. 688–691, 2018.
Y.-C. Wang and R.-X. Ye, “Credibility-based countermeasure against slow http dos attacks by using sdn,” in 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), 2021, pp. 0890–0895.
P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese, and D. Walker, “P4: Programming protocol-independent packet processors,” SIGCOMM Comput. Commun. Rev., vol. 44, no. 3, p. 87–95, jul 2014. [Online]. Available: https://doi.org/10.1145/2656877.2656890
C.-Y. Hsieh, H.-Y. Chen, S.-H. Shen, C.-H. Hung, and T.-N. Lin, “A p4-based content-aware approach to mitigate slow http post attacks,” in Proceedings of the 5th International Workshop on P4 in Europe, ser. EuroP4 ’22. New York, NY, USA: Association for Computing Machinery, 2022, p. 8–14. [Online]. Available: https://doi.org/10.1145/3565475.3569075
T. Yatagai, T. Isohara, and I. Sasase, “Detection of http-get flood attack based on analysis of page access behavior,” in 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, 2007, pp. 232–235.
I. Sofi, A. Mahajan, and V. Mansotra, “Machine learning techniques used for the detection and analysis of modern types of ddos attacks,” Int. Res. J. Eng. Technol, 2017.
S. Haris, R. Ahmad, and M. Ghani, “Detecting tcp syn flood attack based on anomaly detection,” in 2010 Second International Conference on Network Applications, Protocols and Services, 2010, pp. 240–244.
W. Eddy et al., “Tcp syn flooding attacks and common mitigations,” RFC 4987, August, Tech. Rep., 2007.
J. Zheng, Q. Li, G. Gu, J. Cao, D. K. Y. Yau, and J. Wu, “Realtime ddos defense using cots sdn switches via adaptive correlation analysis,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 7, pp. 1838–1853, 2018.
T. T. Huong and N. H. Thanh, “Software defined networking-based one-packet ddos mitigation architecture,” in Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, ser. IMCOM ’17. New York, NY, USA: Association for Computing Machinery, 2017. [Online]. Available: https://doi.org/10.1145/3022227.3022336
Q. Yan, W. Huang, X. Luo, Q. Gong, and F. R. Yu, “A multi-level ddos mitigation framework for the industrial internet of things,” IEEE Communications Magazine, vol. 56, no. 2, pp. 30–36, 2018.
T. V. Phan and M. Park, “Efficient distributed denial-of-service attack defense in sdn-based cloud,” IEEE Access, vol. 7, pp. 18 701–18 714, 2019.
J. Krupp, M. Backes, and C. Rossow, “Identifying the scan and attack infrastructures behind amplification ddos attacks,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16. New York, NY, USA: Association for Computing Machinery, 2016, p. 1426–1437. [Online]. Available: https://doi.org/10.1145/2976749.2978293
C. Fachkha, E. Bou-Harb, and M. Debbabi, “Fingerprinting internet dns amplification ddos activities,” in 2014 6th International Conference on New Technologies, Mobility and Security (NTMS), 2014, pp. 1–5.
A. A. Aizuddin, M. Atan, M. Norulazmi, M. M. Noor, S. Akimi, and Z. Abidin, “Dns amplification attack detection and mitigation via sflow with security-centric sdn,” in Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, ser. IMCOM ’17. New York, NY, USA: Association for Computing Machinery, 2017. [Online]. Available: https://doi.org/10.1145/3022227.3022230
C.-C. Chen, Y.-R. Chen, W.-C. Lu, S.-C. Tsai, and M.-C. Yang, “Detecting amplification attacks with software defined networking,” in 2017 IEEE Conference on Dependable and Secure Computing, 2017, pp. 195–201.
D. Golait and N. Hubballi, “Voipfd: Voice over ip flooding detection,” in 2016 Twenty Second National Conference on Communication (NCC), 2016, pp. 1–6.
H. Sengar, H. Wang, D. Wijesekera, and S. Jajodia, “Detecting voip floods using the hellinger distance,” IEEE Transactions on Parallel and Distributed Systems, vol. 19, no. 6, pp. 794–805, 2008.
J. Tang, Y. Cheng, Y. Hao, and W. Song, “Sip flooding attack detection with a multi-dimensional sketch design,” IEEE Transactions on Dependable and Secure Computing, vol. 11, no. 6, pp. 582–595, 2014.
S. Ehlert, C. Wang, T. Magedanz, and D. Sisalem, “Specification-based denial-of-service detection for sip voice-over-ip networks,” in 2008 The Third International Conference on Internet Monitoring and Protection, 2008, pp. 59–66.
F. Huici, S. Niccolini, and N. d’Heureuse, “Protecting sip against very large flooding dos attacks,” in GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference, 2009, pp. 1–6.
A. Febro, H. Xiao, and J. Spring, “Distributed sip ddos defense with p4,” in 2019 IEEE Wireless Communications and Networking Conference (WCNC), 2019, pp. 1–8.
K. S. Sahoo and D. Puthal, “Sdn-assisted ddos defense framework for the internet of multimedia things,” ACM Trans. Multimedia Comput. Commun. Appl., vol. 16, no. 3s, dec 2020. [Online]. Available: https://doi.org/10.1145/3394956
M. M. Najafabadi, T. M. Khoshgoftaar, A. Napolitano, and C. Wheelus, “Rudy attack: Detection at the network level and its important features,” in The twenty-ninth international flairs conference, 2016, pp. 282–287.
W. Xia, Y. Wen, C. H. Foh, D. Niyato, and H. Xie, “A survey on software-defined networking,” IEEE Communications Surveys & Tutorials, vol. 17, no. 1, pp. 27–51, 2015.
D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, “Software-defined networking: A comprehensive survey,” Proceedings of the IEEE, vol. 103, no. 1, pp. 14–76, 2015.
P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “Onos: Towards an open, distributed sdn os,” in Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, ser. HotSDN ’14. New York, NY, USA: Association for Computing Machinery, 2014, p. 1–6. [Online]. Available: https://doi.org/10.1145/2620728.2620744
O. N. Foundation. Product certification - open networking foundation. Accessed: 2022-07-17. [Online]. Available: https://opennetworking.org/product-certification/
——. New openflow - open networking foundation. Accessed: 2022-07-17. [Online]. Available: https://opennetworking.org/sdn-resources/openflow-2/
Mininet. Mininet: An instant virtual network on your laptop (or other pc) - mininet. Accessed: 2022-07-17. [Online]. Available: http://mininet.org/
p4language. p4lang/behavioral-model: The reference p4 software switch. Accessed: 2022-07-17. [Online]. Available: https://github.com/p4lang/behavioral-model
p4lang. p4lang/p4runtime-shell: An interactive python shell for p4runtime. Accessed: 2022-07-17. [Online]. Available: https://github.com/p4lang/p4runtime-shell
T. A. S. Foundation. Welcome! - the apache http server project. Accessed: 2022-07-17. [Online]. Available: https://httpd.apache.org/
O. Foundation. Node.js. Accessed: 2022-07-17. [Online]. Available: https://nodejs.org/en/
S. Shekyan. shekyan/slowhttptest: Application layer dos attack simulator. Accessed: 2022-07-17. [Online]. Available: https://github.com/shekyan/slowhttptest		-
dc.identifier.urihttp://tdr.lib.ntu.edu.tw/jspui/handle/123456789/83096-
dc.description.abstract慢速超文本傳輸協定 POST 攻擊是一種針對網頁伺服器的應用層分散式阻斷服務攻擊。攻擊者偽裝成網路速度緩慢的使用者,從而長時間佔據伺服器資源並使其他人無法存取網頁服務。因為攻擊者發送的封包都有遵守超文本傳輸協定,從網路活動的方面難以觀察出差異。為了要解決這個問題,我們在本文中提出一種敏捷的防禦方式,透過利用軟體定義網路中可程式化的網路裝置來解析應用層標頭並辨別攻擊者。藉著這些不存在於傳統網路裝置中的資訊,我們可以辨別出不同類型的超文本傳輸協定請求並限制各個類型的連線數量。這種利用軟體定義網路中可程式化資料層的作法,使它可以達成分散式、來源端的防禦,整體而言具有良好的擴展性。實驗的模擬結果顯示,它對防禦慢速超文本傳輸協定 POST 攻擊是有效且準確的。zh_TW
dc.description.abstractA slow HTTP POST attack is an application-layer distributed denial of service (DDoS) attack targeting web servers. The attacker simulates a legitimate user with a slow network speed and continues to send requests, resulting in server resources being occupied for a long time and being unavailable to other users. Since the network requests from the attacker comply with HTTP, they show no difference in network activities. The similarity to legitimate behavior makes it challenging to identify such attack traffic. To address this issue, this paper proposes a responsive defense mechanism that exploits programmable network devices in software-defined networking (SDN) to identify attack traffic based on application-layer headers. With information that is not available from legacy network devices, this method can identify different types of HTTP requests and limit the number of connections for each type per source. This approach achieves a distributed, source-based DDoS defense capability by utilizing data plane programmability in SDN, making it a scalable solution. The simulation results show that the approach is effective and accurate against slow HTTP POST attacks.en
dc.description.provenanceSubmitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-01-08T17:03:09Z
No. of bitstreams: 0		en
dc.description.provenanceMade available in DSpace on 2023-01-08T17:03:10Z (GMT). No. of bitstreams: 0en
dc.description.tableofcontents口試委員審定書 i
摘要 iii
Abstract v
Contents vii
List of Figures ix
List of Tables xi
Chapter 1 Introduction 1
Chapter 2 Preliminary to Slow HTTP Attack and P4 7
2.1 Slow HTTP attack 7
2.2 Software-Defined Networking 9
2.3 P4 12
Chapter 3 P4 and Slow HTTP DDoS Related Works 17
3.1 P4 and application-layer DDoS 17
3.2 Slow HTTP DDoS 17
Chapter 4 Proposed Method - Responsive Application Slow POST Defense 19
4.1 Initial Protection 19
4.2 Punishment at the End 22
4.3 Implementation 23
4.3.1 Parser 23
4.3.2 Ingress and Controller 24
Chapter 5 Experiments and Results 27
5.1 Scenario 1. Slow header attack 29
5.2 Scenario 2. Photos 30
5.3 Scenario 3. GPS Locations 34
5.4 Network Usage 35
Chapter 6 Conclusion 39
6.1 Limitations 39
6.2 Future Work 40
References 41		-
dc.language.isoen-
dc.title基於P4的內容感知方法來緩解慢速超文本傳輸協定POST攻擊zh_TW
dc.titleA P4-Based Content-Aware Approach to Mitigate Slow HTTP POST Attacksen
dc.title.alternativeA P4-Based Content-Aware Approach to Mitigate Slow HTTP POST Attacks-
dc.typeThesis-
dc.date.schoolyear111-1-
dc.description.degree碩士-
dc.contributor.oralexamcommittee鄧惟中;陳俊良;沈上翔zh_TW
dc.contributor.oralexamcommitteeWei-Chung Teng;Jiann-Liang Chen;Shan-Hsiang Shenen
dc.subject.keyword超文本傳輸協定,分散式阻斷服務,軟體定義網路,P4 程式語言,zh_TW
dc.subject.keywordHTTP,distributed denial of service (DDoS),software-defined networking (SDN),P4,en
dc.relation.page47-
dc.identifier.doi10.6342/NTU202210137-
dc.rights.note同意授權(全球公開)-
dc.date.accepted2022-12-21-
dc.contributor.author-college電機資訊學院-
dc.contributor.author-dept電機工程學系-
顯示於系所單位:電機工程學系

文件中的檔案:
檔案 大小格式 
U0001-0648221214011a17.pdf4.07 MBAdobe PDF檢視/開啟
顯示文件簡單紀錄


系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。

社群連結
聯絡資訊
10617臺北市大安區羅斯福路四段1號
No.1 Sec.4, Roosevelt Rd., Taipei, Taiwan, R.O.C. 106
Tel: (02)33662353
Email: ntuetds@ntu.edu.tw
意見箱
相關連結
館藏目錄
國內圖書館整合查詢 MetaCat
臺大學術典藏 NTU Scholars
臺大圖書館數位典藏館
本站聲明
© NTU Library All Rights Reserved