簡易檢索 / 詳目顯示
| 研究生: |
黃熙程 Hsi-Cheng Huang |
|---|---|
| 論文名稱: |
SSDC:一個基於伺服器端之Coremelt及Crossfire分散式阻斷服務攻擊的偵測辦法 SSDC:A Server Side Solution to Detect Coremelt and Crossfire DDoS Attacks |
| 指導教授: |
許富皓
Fu-Hau Hsu |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 論文出版年: | 2017 |
| 畢業學年度: | 105 |
| 語文別: | 中文 |
| 論文頁數: | 44 |
| 中文關鍵詞: | 封包側錄 、VyOS 、Linux 、DDoS 、LFA |
| 外文關鍵詞: | Packet sniffer, VyOS, Linux, DDoS, LFA |
| 相關次數: | 點閱:11 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
由於缺乏有效的解決方法,DoS 及DDoS Attack是現今不斷肆虐在網際網路上,造成嚴重破壞的攻擊。DoS 及DDoS Attack的種類與手法繁多,其中、Crossfire 及 Coremelt 這兩種分散式阻斷服務攻擊 (DDoS Attack) 被資安專家視為難解的問題。主要的原因是造成這些攻擊的攻擊封包並不會送向被攻擊主機(被攻擊的主機通常是網路上的各種伺服器),而是在攻擊者控制的機器間傳遞。
這個特色導致無論從受害主機端或是從ISPs端均難以得知實際參與攻擊的惡意主機。而即使遭攻擊的主機發現長時間都無使用者與其連線,遭攻擊的主機也僅能感覺狀況異常,而無法得知其是否遭受Crossfire 及 Coremelt DDoS攻擊。因此在本論文中我們將發展出一server side的偵測系統,用以偵測server side是否遭受Crossfire及Coremelt DDoS attack,且偵測系統在遭受Crossfire 及 Coremelt DDoS攻擊時被癱瘓的網段之位置。
Due to the lack of effective solutions, DoS and DDoS attack is common on the internet now which cause serious damage. There are numerous types of DoS and DDos attack. Among them, Crossfire and Coremelt DDos Attack are considered as difficult problems by computer security experts. The main reason is that the attack packets which caused by Coremelt and Crossfire are not send to the target host machines directly but the machines controlled by attacker. (The target host machines are usually servers on the internet.)
This feature of Coremetl and Crossfire leads to that it’s difficult to know the actual host machines which are participated in the attack from both the ISP side and the victim side. So that the target servers can only feel the abnormal situation but not know whether they suffered from Crossfire and Coremelt attack, even if target servers find that there are no client connections for a long time. In this project we will develop an server side system to detect whether the server side machine suffered from Crossfire and Coremelt attack and the location of the network segment which were paralyzed by Crossfire and Coremelt.
[1] Lei Xue, Xiapu Luo, Edmond W. W. Chan, Xian Zhan, “Towards Detecting Target Link Flood Attack”, USENIX Security Symposium, 2014
https://www.usenix.org/system/files/conference/lisa14/lisa14-paper-xue.pdf
[2] Qian Wang, Feng Xiao, Man Zhou, Zhibo Wang, Hongyu Ding, “Targets Can Be Baits: Mitigating Link-flooding Attacks With Active Link Obfuscation”, Cornell University Library,
https://pdfs.semanticscholar.org/56e8/3dd78a131739db898b5e37689afca4b1f98f.pdf
[3] Sumer Shende, “Crossfire DoS Attack and its Defence Mechanism”,
http://www.ijcaonline.org/research/volume132/number3/shende-2015-ijca-907313.pdf
[4] Dimitrios Gkounis, Vasileios Kotronis, Xenofontas Dimitropoulos, “Towards Defeating the Crossfire Attack using SDN”,
https://arxiv.org/pdf/1412.2013.pdf
[5] Ahren Studer, Adrian Perrig “The Coremelt Attack”, Proc.ESORICS ,2009
http://www.netsec.ethz.ch/publications/papers/studer_esorics09.pdf
[6] Min Suk Kang, Soo Bum Lee, Virgil D. Gligor, “The Crossfire Attack”, Proc.IEEE SecurityandPrivacy ,2013.
http://www.ieee-security.org/TC/SP2013/papers/4977a127.pdf
[7] VMware ESXI [Online]. Available: https://www.vmware.com/products/vsphere-hypervisor.html
[8] VyOS [Online]. Available:
https://vyos.io/
[9] Hping [Online]. Available:
https://github.com/antirez/hping
[10] MTR [Online]. Available:
https://github.com/traviscross/mtr
[11] TShark [Online]. Available:
https://github.com/wireshark/wireshark
[12] MariaDB [Online]. Available:
https://mariadb.org/download/
[13] Wikipedia. Denial-of-service attack [Online]. Available: https://en.wikipedia.org/wiki/Denial-of-service_attack
[14] Wikipedia. Packet analyzer [Online]. Available:
https://www.wikiwand.com/en/Packet_analyzer
