English  |  正體中文  |  简体中文  |  Items with full text/Total items : 2737/2828
Visitors : 3512592      Online Users : 34
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ir.lib.stu.edu.tw:80/ir/handle/310903100/2898

Title: 具辨識能力之攻擊路徑快速重建機制
A Fast Attack Paths Reconstruction Method using SD-FEMM
Authors: 余昇瀚
Sheng-Han Yu
Contributors: 資訊工程系碩士班
曾昱國
Keywords: 分散式阻斷服務攻擊,馬爾可夫練,可擴張馬爾可夫模型
Distributed Denial of Service,Extensible Markov Model,Markov chain
Date: 2012
Issue Date: 2012-03-22 15:07:36 (UTC+8)
Publisher: 高雄市:[樹德科技大學資訊工程系碩士班]
Abstract: 隨著資訊時代的來臨,人們的生活型態與品質也隨之改變,也由於網路的普及,我們可以在網路上購買商品、收聽音樂以及瀏覽最新資訊,但這些便利的生活背後,也漸漸的浮現許多網路安全的問題。
常見的網路攻擊種類有分散式阻斷服務攻擊(DDoS)以及蠕蟲、木馬等惡意程式,而這些攻擊常會造成主機資料外洩或軟體被破壞,目前仍以分散式阻斷服務攻擊造成的傷害最為嚴重也最難以防範。分散式阻斷服務攻擊是利用網路通訊協定天生的弱點及系統的漏洞,造成消耗主機伺服器的運算資源或網路頻寬,使得伺服器無法對合法的使用者提供正常的服務,因此分散式阻斷服務攻擊所造成的網路安全議題是近年來主要的研究方向之一。
目前有許多分散式阻斷服務攻擊的防制機制被提出,其中,在IP攻擊路徑追蹤(IP traceback)諸多的防制機制中,以機率性封包標記方法(Probabilistic Packet Marking, PPM)較被廣泛研究與使用。受害者可藉由收集並分析封包中所標記的資訊來重建攻擊路徑,但在重組的過程中原始的PPM僅使用距離數(hops)來區分是否為同一路由器所貢獻的路徑資訊,更糟的是在同一距離,但由不同路由器所貢獻的片段資訊,將會被分到同一類,如此必然也會增加重組攻擊路徑之時間,甚至有可能重建出不對的攻擊路徑(false positive paths)。
本研究將以空間基準之快速式可擴張馬爾可夫模型,由所蒐集到的標記封包中識別出不同路由器所貢獻的路徑片段資訊,並藉由這種方式我們希望可以改善原始機率性封包標記方法在重建攻擊者路徑時所花費大量的運算資源以及時間,並加快攻擊路徑的重建。
With the development of computer technology, IT-related devices, such as desktop computers, laptops, and even smart mobile phones etc., are becoming more and more popular with people all over the world. However, for lack of basic computer security knowledge, most people easily get malwares on their computer.
Among some common Internet attacks, Distributed Denial of Service (DDoS) attack is still hard to defend. It purposely consumes a large poison of computing and network resources using weaknesses in network protocols or system exploits in order to prevent valid users from accessing these ones. Therefore, DDoS becomes one of the most serious network security issues in recent years.
A IP Traceback method, called Probabilistic Packet Marking (PPM), is proposed to overcome the DDoS problem. Victims can reconstruct attack paths by collecting and analyzing marked information embedded in packets. However, the original PPM uses only the number of hops to classify marked information and discovers links along attack paths by combining marked information brute-forcely. The number of hops here stands for the distance between some router and the victim. Therefore, if there are two or more routers with the same distance from the victim, marked information produced by these routers will be classified into the same state. The computing time of rebuilding attack paths will dramatically increase. To make matters worse, combining these different routers marked data in the same state could reconstruct false positive paths.
In this thesis, we modified Space-Domain Fast Extensible Markov Model (SD-FEMM) to identify every marked information and arrange respectively each one into its own state. Therefore, we could just pick up one sample from each state for combination, and that reduces the cost of computing resource. Moreover, the proposed scheme also improves the time of attack path reconstruction.
Appears in Collections:[資訊工程系(所) ] 博碩士論文

Files in This Item:

File Description SizeFormat
index.html0KbHTML389View/Open
stu-101-s98639109-1.pdf全文2043KbAdobe PDF380View/Open
Null.htm國圖21KbHTML426View/Open


All items in STUAIR are protected by copyright, with all rights reserved.

 


無標題文件

著作權政策宣告:

1.

本網站之數位內容為樹德科技大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
 
2. 本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本校護人員(clairhsu@stu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
 
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback