English  |  正體中文  |  简体中文  |  Items with full text/Total items : 2737/2828
Visitors : 345731      Online Users : 74
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ir.lib.stu.edu.tw:80/ir/handle/310903100/1347

Title: 快速式可擴張馬爾可夫分散式阻斷服務攻擊偵測模型
A Fast Extensible Markov Model for DDoS Attacking Detection
Authors: 簡盛竹
Cheng-Jhu Jian
Contributors: 資訊工程系碩士班
Keywords: 網路安全;DoS/DDoS attacks;可擴張馬爾可夫模型;馬爾可夫鏈
Computer Network Security;Denial of Service;Data Ming;Extensible Markov Model;Markov chain
Date: 2011
Issue Date: 2011-05-24 15:28:53 (UTC+8)
Publisher: 高雄市:[樹德科技大學資訊工程系碩士班]
Abstract: 隨著網路相關監控程式與相關技術快速發展,以及惡意程式易於取得,使得網路攻擊事件日益嚴重。根據CSI/FBI 2009年度電腦安全調查報告指出阻斷式服務攻擊(DoS)仍然是目前網路攻擊主流方式之一。
針對DoS/DDoS攻擊尚無一有效的防制策略,目前的相關研究大多集中在如何減緩此類攻擊所帶來的衝擊,如:流量管理、封包過濾等防堵策略但往往會造成使用者的連線品質降低。另一類研究領域是採用資料探勘的方法來分辨攻擊封包,但也面臨到偵測規則撰寫不易、偵測模組需先經訓練,及面臨新攻擊時無法即時地作出應變等缺點。
本研究以較常見的氾濫式(flooding-style)阻斷服務攻擊為研究目標,並改良原始用於偵測DoS/DDoS攻擊的可擴張馬爾可夫模型(Extensible Markov Model ,EMM)的效能。EMM為一具高效率、可調節之機制且適用於非監督式(unsupervised)即時處理的優秀架構,其會隨著資料串流之時間與空間特性動態調整馬爾可夫鏈(Markov Chain)及動態調整模型中相關的狀態轉移機率。因此對於具資料串流特性的DoS/DDoS攻擊有極佳的分析效果。
我們首先以資料減量的方式來減少應分析的資料量,藉以降低系統負載及加快處理時間。接著我們再針對EMM中的分群與節點新增演算法來加以改善,並提出二種可行的效能改善策略,分別為:空間基準之快速可擴張馬爾可夫模型(Space-Domain Fast Extensible Markov Model;SD-FEMM)及時間基準之快速可擴張馬爾可夫模型(Time-Domain Fast Extensible Markov Model;TD-FEMM)。我們也比較二種方法之優劣,並建議一較佳的方法以協助受害者能更快速的區分出正常與異常的封包。
With the rapid development of internets, one could easily get free online malwares and use them to attack computers on Internet. The increasing frequency of computer attacks on government agencies and Internet business has caused severe economic waste and unique social threats. Among different attack methods, according to CSI /FBI Computer Crime and Security Survey, Distributed Denial-of-Service attack is still popular today.
Most DDoS-related researches were proposed to temporarily mitigate the impact of DDoS attack, but eventually they still could not effectively resolve it. The basic problem is that it is difficult to distinguish attack packets from normal traffic.
In this thesis, we mainly focused on addressing the DDoS problem, especially flooding-style DDoS, and provide a fast EMM-based attack detection system to accurately identify attack traffic. Extensible Markov Model (EMM) is a dynamically adaptive scheme and is proposed for spatiotemporal data modeling. EMM takes the advantage of distance-based clustering for spatial data as well as that of the Markov chain for temporality.
We improved the original EMM-based DDoS attack detection system through removing useless conditional attributes. While using the reduced set of attributes, the computation cost of EMM is reduced remarkably to promote the processing speed of the detection system without losing any detection accuracy. This also helps victims react more quickly to totally block DDoS attack traffic. Moreover, we also modified the EMM’s clustering algorithm and there are two strategies proposed for further performance improvement: “Space-Domain Fast Extensible Markov Model” and “Time-Domain Fast Extensible Markov Model”. Through a series of experiments, the feasibility of proposed schemes has been proven in this study.
Appears in Collections:[資訊工程系(所) ] 博碩士論文

Files in This Item:

File Description SizeFormat
index.html0KbHTML340View/Open
stu-100-s97639113-1.pdf全文1800KbAdobe PDF466View/Open
快速式可擴張馬爾可夫分散式阻斷服務攻擊偵測模型__臺灣博碩士論文知識加值系統.htm國圖80KbHTML399View/Open


All items in STUAIR are protected by copyright, with all rights reserved.

 


無標題文件

著作權政策宣告:

1.

本網站之數位內容為樹德科技大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
 
2. 本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本校護人員(clairhsu@stu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
 
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback