• 藍色版面
  • 綠色版面
  • 橘色版面
  • 粉紅色版面
  • 棕色版面
帳號:guest(120.119.126.29)          離開系統
字體大小: 字級放大   字級縮小   預設字形  

詳目顯示

研究生: 簡盛竹
研究生(外文): Cheng-Jhu Jian
論文名稱: 快速式可擴張馬爾可夫分散式阻斷服務攻擊偵測模型
論文名稱(外文): A Fast Extensible Markov Model for DDoS Attacking Detection
指導教授: 曾昱國
學位類別: 碩士
校院名稱: 樹德科技大學
系所名稱: 資訊工程系碩士班
論文出版年: 100
畢業學年度: 99
語文別: 中文
論文頁數: 48
中文關鍵詞: 網路安全DoS/DDoS attacks可擴張馬爾可夫模型馬爾可夫鏈
外文關鍵詞: Computer Network SecurityDenial of ServiceData MingExtensible  Markov ModelMarkov chain
相關次數:
  • 被引用:0
  • 點閱:8
  • 評分:*****
  • 下載:0
  • 書目收藏:0
隨著網路相關監控程式與相關技術快速發展,以及惡意程式易於取得,使得網路攻擊事件日益嚴重。根據CSI/FBI 2009年度電腦安全調查報告指出阻斷式服務攻擊(DoS)仍然是目前網路攻擊主流方式之一。
針對DoS/DDoS攻擊尚無一有效的防制策略,目前的相關研究大多集中在如何減緩此類攻擊所帶來的衝擊,如:流量管理、封包過濾等防堵策略但往往會造成使用者的連線品質降低。另一類研究領域是採用資料探勘的方法來分辨攻擊封包,但也面臨到偵測規則撰寫不易、偵測模組需先經訓練,及面臨新攻擊時無法即時地作出應變等缺點。
本研究以較常見的氾濫式(flooding-style)阻斷服務攻擊為研究目標,並改良原始用於偵測DoS/DDoS攻擊的可擴張馬爾可夫模型(Extensible Markov Model ,EMM)的效能。EMM為一具高效率、可調節之機制且適用於非監督式(unsupervised)即時處理的優秀架構,其會隨著資料串流之時間與空間特性動態調整馬爾可夫鏈(Markov Chain)及動態調整模型中相關的狀態轉移機率。因此對於具資料串流特性的DoS/DDoS攻擊有極佳的分析效果。
我們首先以資料減量的方式來減少應分析的資料量,藉以降低系統負載及加快處理時間。接著我們再針對EMM中的分群與節點新增演算法來加以改善,並提出二種可行的效能改善策略,分別為:空間基準之快速可擴張馬爾可夫模型(Space-Domain Fast Extensible Markov Model;SD-FEMM)及時間基準之快速可擴張馬爾可夫模型(Time-Domain Fast Extensible Markov Model;TD-FEMM)。我們也比較二種方法之優劣,並建議一較佳的方法以協助受害者能更快速的區分出正常與異常的封包。


With the rapid development of internets, one could easily get free online malwares and use them to attack computers on Internet. The increasing frequency of computer attacks on government agencies and Internet business has caused severe economic waste and unique social threats. Among different attack methods, according to CSI /FBI Computer Crime and Security Survey, Distributed Denial-of-Service attack is still popular today.
Most DDoS-related researches were proposed to temporarily mitigate the impact of DDoS attack, but eventually they still could not effectively resolve it. The basic problem is that it is difficult to distinguish attack packets from normal traffic.
In this thesis, we mainly focused on addressing the DDoS problem, especially flooding-style DDoS, and provide a fast EMM-based attack detection system to accurately identify attack traffic. Extensible Markov Model (EMM) is a dynamically adaptive scheme and is proposed for spatiotemporal data modeling. EMM takes the advantage of distance-based clustering for spatial data as well as that of the Markov chain for temporality.
We improved the original EMM-based DDoS attack detection system through removing useless conditional attributes. While using the reduced set of attributes, the computation cost of EMM is reduced remarkably to promote the processing speed of the detection system without losing any detection accuracy. This also helps victims react more quickly to totally block DDoS attack traffic. Moreover, we also modified the EMM’s clustering algorithm and there are two strategies proposed for further performance improvement: “Space-Domain Fast Extensible Markov Model” and “Time-Domain Fast Extensible Markov Model”. Through a series of experiments, the feasibility of proposed schemes has been proven in this study.


中文摘要................................................i
英文摘要................................................ii
誌謝....................................................iv
目錄....................................................v
表目錄..................................................vii
圖目錄..................................................viii
第一章 緒論.............................................1
1.1 研究背景............................................1
1.2 研究動機............................................2
1.3 研究目的............................................5
1.4 論文架構............................................7
第二章 相關研究.........................................8
2.1 阻斷服務攻擊之偵測與防禦............................8
2.2 資料探勘............................................12
2.3 資料探勘在網路安全的應用............................15
2.4 基於馬爾可夫模型之資料分群技術......................17
2.4.1 馬爾可夫鏈及其相關的擴充模型......................17
2.4.2 可擴張馬爾可夫模型................................20
第三章 快速可擴張馬爾可夫攻擊偵測系統...................25
3.1 泛濫式阻斷服務攻擊偵測機制..........................25
3.2 可擴張馬爾可夫模型分類加速機制......................26
3.2.1 空間基準之快速可擴張馬爾可夫模型..................28
3.2.2 時間基準之快速可擴張馬爾可夫模型..................29
第四章 實驗結果與分析...................................30
4.1 資料縮減之可擴張馬爾可夫阻斷服務攻擊偵測機制........30
4.2 空間基準之快速可擴張馬爾可夫模型....................37
4.3 時間基準之快速可擴張馬爾可夫模型....................39
第五章 結論與未來研究方向...............................42
參考文獻................................................44

[1] O. Cleopas Angaye, “Security in a networked environment,” ACM SIGAPP Applied Computing Review, Volume: 3, Issue 1, pp. 2-5, Summer 1995
[2] Cliff Changchun Zou, Weibo Gong, Don Towsley,” Code red worm propagation modeling and analysis,” Proc. 9th ACM conference on Computer and Communication Security, pp. 138-147, Washington, DC, USA, 2002
[3] C.V. Zhou, C. Leckie, S. Karunasekera, “A survey of coordinated attacks and collaborative intrusion detection,” Computers & Security. Volume: 29, pp.124-140, 2010
[4] A. Goode, “Managing mobile security: How are we doing?,” Network Security, pp.12-15, 2010
[5] S. Heron, “Advanced Encryption Standard (AES),” Network Security, pp.8-12, 2009
[6] Chapman, D. and Zwicky, E., “Internet Security Firewalls.,” O’Reilly, Sebastopol Calif., 1995
[7] T. Andrew Yang, “Computer security and impact on computer science education,” Proc. of the sixth annual CCSC northeastern conference on The journal of computing in small colleges Middlebury, Vermont, United States, pp. 233-246, 2001
[8] Dorothy Denning, “An intrusion-detection model,” in IEEE Symposium on Security and Privacy, pp. 118-131, 1986
[9] A.Ghosh and A.Schwartzbard, “A study in using neural networks for anomaly and misuse detection,” Proc. USENIX Security Symposium, 1999
[10]Honeynet Project. KnowY our Enemy: Honeynets, Available : http://project.honeynet.org/papers/honeynet/
[11]S.Savage, D.Wetherall, A.R.Karlin, and T.Anderson, “Practical Network Support for IP Traceback,” Proc. SIGCOMM, pp. 295-306, 2000

 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
* *