分散式阻斷攻擊（DDoS attack, Distributed Denial of Service attack）為網路上多年來盛行的一種攻擊方式，也發展出各式各樣的防禦機制，本篇論文針對 DDoS 防禦機制「即時流量轉移機制」，為 proxy 端建立一套入侵偵測系統（IDS, Intrusion Detection System），透過建立 IP 地址白名單並嘗試去除潛藏在轉移流量當中的攻擊者來保護
被轉移的連線。

DDoS (Distributed Denial of Service) attack has been prevalent on the Internet for many years and various defense mechanisms have emerged against DDoS attack. This thesis aims at building an IDS (Intrusion Detection System) for the proxy side of the DDoS defense mechanism “Real-time path transmission of TCP connections”. We protect the transmitted TCP connections by building an IP allow list and trying to detect and remove the attackers that hidden in the transmitted TCP connections.

[1] S. T. Zargar, J. Joshi and D. Tipper, “A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks,” IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069, 2013.
[2] J. Mikovic and P. Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms,” ACM SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-53, 2004.
[3] T. Peng, C. Leckie and K. Ramamohanarao, “Survey of network-based defense mechanisms countering the DoS and DDoS problems,” ACM Computing Surveys, vol. 39, no. 1, article 3, 2007.
[4] C. Douligeris, and A. Mitrokotsa, “DDoS attacks and defense mechanisms: classification and state-of-the-art,” Computer Networks, vol. 44, no. 5, pp. 643-666, 2004.
[5] S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, “DDoS-resilient scheduling to counter application layer attacks under imperfect detection,” In Proc. IEEE INFOCOM ’06, 2006.
[6] S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly, “DDoS-Shield: DDoS-resilient scheduling to counter application layer attacks,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 26-39, 2009.
[7] Fu-Hau Hsu, Chia-Hao Lee and Chia-Jung Wu, “Packet transmission method and system thereof,” Taiwan Patent I701920, 11 Aug., 2020.
[8] Fu-Hau Hsu, Tzung-Ting Lin, Wei-Tai Cai and Chiao-Hao Lee, “Method for live migrating virtual machine,” Taiwan Patent I552077, 1 Oct., 2016.
[9] Fu-Hau Hsu, Tzung-Ting Lin, Wei-Tai Cai and Chiao-Hao Lee, “Method for live migrating virtual machine,” U.S. Patent 9,898,319, 20 Feb., 2018.
[10] H. Debar, “An introduction to intrusion-detection systems,” In Proc. Connect 2000, 2000.
[11] H. Eychenne, “iptables(8) - Linux man page,” [Online]. Available: https://linux.die.net/man/8/iptables. [Accessed May 20, 2021].
[12] J. Dugan, S. Elliott, B. A. Mah, J. Poskanzer and K. Praghu, “iPerf - The TCP, UDP and SCTP,” [Online]. Available: https://iperf.fr. [Accessed: May 22, 2021].
[13] S. Sanfilippo, “hping3(8) - Linux man page,” [Online]. Avaialble: https://linux.die.net/man/8/hping3. [Accessed May 22, 2021].
[14] T. Høiland-Jørgensen, J. D. Brouer, D. Borkmann, J. Fastabend, T. Herbert, D. Ahern and D. Miller, “The eXpress Data Path: Fast programmable packet processing in the operating system kernel,” In Proc. ACM CoNEXT ’18, 2018, pp 54-66.
[15] Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “PacketScore: A statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141-155, 2006.
[16] Cloudflare, “What is Anycast? | How does Anycast work? | Cloudflare,” [Online]. Available: https://www.cloudflare.com/zh-tw/learning/cdn/glossary/anycast-network. [Accessed: Jun. 8, 2021].
[17] Cloudflare, “What is a CDN? | How do CDNs work? | Cloudflare,” [Online]. Available: https://www.cloudflare.com/learning/cdn/what-is-a-cdn. [Accessed: Jun. 8, 2021].
[18] B. S. Singh, A. Bala, “A review of bot protection using CAPTCHA for web security,” IOSR Journal of Computer Engineering, vol. 8, issue 6, pp. 36-42, 2013.
[19] D. J. Bernstein, “SYN cookies,“ [Online]. Available: http://cr.yp.to/syncookies.html. [Accessed Jun. 10, 2021].