簡易檢索 / 詳目顯示

回結果列表
研究生: 劉宜學
Yi-Hsueh Liu
論文名稱: 無線網格網路上壅塞型分散式阻斷服務攻擊偵測技術之研究
The Study of a Congestion-Based DDoS Attack Detection in Wireless Mesh Networks
指導教授: 陳郁堂
Yie-Tarng Chen
口試委員: 林銘波
Ming-Bo Lin
方文賢
none
徐俊傑
Chiun-Chieh Hsu
學位類別: 碩士
Master
系所名稱: 電資學院 - 電子工程系
Department of Electronic and Computer Engineering
論文出版年: 2007
畢業學年度: 95
語文別: 英文
論文頁數: 36
中文關鍵詞: 分散式阻斷服務攻擊偵測高斯混合模型循序假設檢定
外文關鍵詞: DDoS attack detection, Gausian mixture model, sequential hypothesis testing
相關次數: 點閱:228下載:3
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 近年來,分散式阻斷服務(Distributed Denial of Service; DDoS)攻擊為有線網路帶來嚴重的威脅,而這種威脅未來也將對無線網格網路(Wireless Mesh Networks; WMNs)造成極大的隱憂。然而,目前在有線網路上所發展的防禦機制,並不適用在無線網格網路上防範壅塞型分散式阻斷服務(Congestion-Based Distributed Denial of Service; Congestion-Based DDoS)攻擊。在無線網格網路上,除了攻擊媒介有移動能力之外,攻擊的型態也不再是直接地對特定受害目標來發動,可透過在通道(channel)上製造多餘流量(traffic overhead)的方式來消耗網路頻寬,間接地影響受害目標的效能,這些原因都使得這類通道消耗攻擊(channel consuming attacks)更加難以防範。
    本文中我們在無線網格網路的環境下提出一套部署在網格網路路由器(mesh router)上的異常偵測機制,透過分散式的運作方式來偵測壅塞型分散式阻斷服務。我們定義兩個參數(NodeCondition和RangeCondition)來取得特徵值,並利用高斯混合模型(Gaussian Mixture Model; GMM)進行異常偵測,透過分析這些特徵值來判斷是否有異常的行為發生。在偵測到異常發生後,我們透過循序假設檢定(sequential hypothesis testing)來判斷鄰近區域的路由器是否異常,藉此找出受害的路由器和導致網路不正常的路由器。我們利用電腦模擬方式來驗證所提異常偵測機制,結果顯示我們所提出的壅塞型分散式阻斷服務攻擊偵測機制在無線網格網路的環境下具有良好的效能。

    In recent years, distributed denial of service (DDoS) attacks pose an immense threat to wired networks, and this threat will also be serious in wireless mesh networks (WMNs). However, most of current defense mechanisms in wired networks can not be suited to defend against congestion-based DDoS attacks in WMNs.
    In this paper, we present an anomaly detection scheme working on each mesh router for congestion-based DDoS attacks in WMNs. We define two metrics named NodeCondition and RangeCondition to extract the features, and detect abnormal behaviors according to the outlier detection result based on Gaussian mixture model (GMM) by analyzing the values of these metrics to make intrusion decisions. Then we identify abnormal routers (victims and malicious-sources) within the neighborhood based on sequential hypothesis testing. Through a series of experiments using traces from ns-2 simulations, we show that our scheme is suited to detect congestion-based DDoS attacks and its overall performance is excellent in WMNs.

    1. Introduction 1 2. Related Work 4 3. Architecture of Proposed Scheme 5 3.1. Distributed Router-Based Detection Using Gaussian Mixture Model for Congestion-Based DDoS Attacks 5 3.1.1. Metrics for Congestion-Based DDoS Attack Detection 6 3.1.2. Gaussian Mixture Mode 9 3.1.3. Expectation Maximization Algorithm 9 3.1.4. Outlier Detection 10 3.2. Distributed Router-Based Identification Using Sequential Hypothesis Testing for Congestion-Based DDoS Attacks 12 3.2.1. Model 12 3.2.2. Sequential Hypothesis Testing 14 4. Performance Evaluation 17 4.1. Performance Evaluation Criteria 19 4.2. Simulation Result 20 5. Conclusion 23 6. References 24

    [1] W. Ren, H. Jin, and T. Liu. Congestion targeted reduction of quality of service DDoS attacking and defense scheme in mobile ad hoc networks. In Proceedings of the Seventh IEEE International Symposium on Multimedia, pages 707-712, December 2005.
    [2] A. Wald. Sequential Analysis. New York: Wiley, 1947.
    [3] J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan. Fast portscan detection using sequential hypothesis testing. In Proceedings IEEE Symposium Security and Privacy, pages 211-225, May 2004.
    [4] The network simulator NS-2, http://www.isi.edu/nsnam/ns/index.html.
    [5] W. Lu and I. Traore. An unsupervised approach for detecting DDoS attacks based on traffic-based metrics. In IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pages 462-465, August 2005.
    [6] NFR Security. NFR Network Intrusion Detection, http://www.nfr.com/products/NID/.
    [7] C. Jin, H. Wang, and K. G. Shin. Hop-count filtering: An effective defense against spoofed DDoS traffic. In Proceedings of the 10th ACM Conference on Computer and Communication Security, pages 30-41, October 2003.
    [8] X. Qie, R. Pang, and L. Peterson. Defensive programming: Using an annotation toolkit to build dos-resistant software. In Proceedings of USENIX OSDI ’2002, December 2002.
    [9] D. Song and A. Perrig. Advanced and authenticated marking schemes for IP traceback. In Proceedings of IEEE INFOCIM ’2001, pages 878-886, March 2001.
    [10] A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-based IP traceback. In Proceedings of ACM SIGCOMM ’2001, pages 3-14, August 2001.
    [11] J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Proceedings of NDSS ’2002, pages 6–8, February 2002.
    [12] P. Ferguson and D. Senie. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. In RFC 2827, May 2000.
    [13] R. K. C. Chang. Defending against flooding-based distributed denial-of-service attacks: A tutorial. In IEEE Communications Magazine, pages 42–51, October 2002.
    [14] Q. Huang, H. Kobayashi, and B. Liu. Modeling of distributed denial of service attacks in wireless networks. In IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pages 41-44, August 2003.
    [15] V. Gupta, S. Krishnamurthy, and M. Faloutsos. Denial of service attacks at the MAC layer in wireless ad hoc networks. In Proceedings of IEEE MILCOM ’2002, pages 1118-1123, October 2002.
    [16] J. Mirkovic and P. Reiher. A taxonomy of DDoS attack and DDoS defense mechanisms. In ACM SIGCOMM Computer Communication Review, pages 39-53, April 2004.

    QR CODE