跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 洪瑞奕
Ruei-yih Hung
論文名稱: Migmod: A Mechanism to Establish a TCP/IP Connection under DDoS Attacks
指導教授: 許富皓
Fu-hao Hsu
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
論文出版年: 2019
畢業學年度: 107
語文別: 英文
論文頁數: 43
中文關鍵詞: 分散式阻斷服務攻擊即時移轉可載入核心模組三向交握
外文關鍵詞: Distributed Denial-of-Service attack, Live migration, Loadable Kernel Module, Three-way handshake
相關次數: 點閱:14下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 近年來,分散式阻斷服務攻擊的威脅性不斷增加。然而,目前對分散式阻斷服務攻擊尚未有一套完善的方法,能夠在轉移服務時同時保持連線,並即時將新連線導向新的目標。在本研究中,將基於一套可能夠在轉移服務時同時保持連線的系統上,提出一個能即時將新連線導向新的目標的方法,進一步提升在分散式阻斷服務攻擊發生時,受該系統保護的服務的存活性。
    在此篇論文中,我們將會簡單的介紹我們的動機與目標,接著介紹我們所使用的基礎系統。接著我們會介紹加入了新機制的系統的運作概念與系統架構。然後講述實作的細節。最後是效能的分析與討論。

    In recent years, Distributed Denial-of-Service (DDoS) attacks have become more and more threatening. However, there has not been a perfect methodology can keep connections alive during migrating services, and permit new connections to new host immediately at the same time. In this work, we based on a system that can keep connections alive during migrating services then propose a new mechanism to permit new connections to new host immediately, and thus improve the service availability during DDoS attack.
    In this thesis, we will talk about our motivation and purpose. Then we will introduce the base system we are going to use. After that, we will present the principle of Migmod, its system structure, and implementation details. At the end, we will discuss the performance evaluation and future works.

    中文摘要 i Abstract ii 誌謝 iii Contents iv List of figures vi List of tables viii Chapter 1 Introduction 1 Chapter 2 Background 3 2.1 Method for Live Migrating Virtual Machine (LMVM) 3 Chapter 3 System Principle 5 Chapter 4 System Structure 7 4.1 System Overview 7 4.1.1 Connection Handler 8 4.1.2 DDoS Detector 8 4.1.3 Packet Handler 8 4.1.4 SYN Checker 8 4.1.5 Firewall 9 4.1.6 Informer 9 4.2 Connection with Migmod under Normal Situation 10 4.3 Migrate Connection with Migmod under DDoS Attacks 12 4.4 Transfer with Migmod under DDoS Attacks 14 Chapter 5 Implementation 18 5.1 Design Overview 18 5.2 Connect to a Unprotected Server 19 5.3 CCH Connect to a Protected Server 20 5.4 CCH Workflow when the Server does not Response 21 5.5 Connect to Protected Server through Proxy 1 being DDoS Attacked 22 Chapter 6 Evaluation 23 6.1 System Specification 23 6.2 Existed Functionality Test 23 6.3 Connect to Protected Server under Normal Situation 24 6.4 Connect to Protected Server under Simulate DDoS Attacks 26 Chapter 7 Discussion 27 7.1 Redundant Component 27 7.2 Connect to a Unprotected Server 27 7.3 Multiple Transfer 28 7.4 System Compatibility 28 Chapter 8 Conclusion 29 Reference 30

    [1] “DDoS attacks in Q1 2019” May 2019, https://securelist.com/ddos-report-q1-2019/90792/ (Accessed on 7/22/2019)
    [2] Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou., “Understanding the Mirai Botnet,” In Proc. 26th USENIX Security Symposium, Aug 2017.
    [3] Hsu et al., “Method for live migrating virtual machine,” February 20, 2018, http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=9898319&OS=9898319&RS=9898319 (Accessed on 7/22/2019)
    [4] C. Clark, K. F., S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, A. Warfield., “Live Migration of Virtual Machines,” NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation, vol. 2, pp.273-286, May 2005.
    [5] ZhiYao Zhong, “Handover: A Mechanism to Improve the Availability of Network Services after Live Migration under Private Networks,” National Central University, Master's degree, Jun 2016.

    QR CODE
    :::