簡易檢索 / 詳目顯示
| 研究生: |
謝志宏 Chih-Hung Hsieh |
|---|---|
| 論文名稱: |
使用自由軟體來減輕分散式阻斷服務攻擊之影響 To Mitigate Web DDoS Attacks Using Open Source Solution |
| 指導教授: |
洪西進
Shi-Jinn Horng |
| 口試委員: |
賴祐吉
Yu-Chi Lai 鮑興國 Hsing-Kuo Pao 吳怡樂 Yi-Leh Wu 鄧惟中 Wei-Chung Teng |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
| 論文出版年: | 2010 |
| 畢業學年度: | 98 |
| 語文別: | 中文 |
| 論文頁數: | 60 |
| 中文關鍵詞: | 分散式阻斷服務攻擊 、反向代理伺服器 、CAPTCHA 、HTTP Cookie |
| 外文關鍵詞: | Distributed Denial of Service, Reverse Proxy, CAPTCHA, HTTP Cookie |
| 相關次數: | 點閱:167 下載:2 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
根據Arbor Networks公司在2009年與近百家ISP業者合作監控DDoS攻擊事件所取得的資料[1]指出,在2009年共監控到350,367筆DDoS攻擊事件,其中瞬間攻擊流量大於1Gbps的事件有20,280筆(約佔5.8%)。此外根據Computer Crime and Security Survey的調查[2]指出,DDoS的攻擊事件佔所有電腦犯罪比率由2008年的21%上升至2009年的29%。因此分散式阻斷服務攻擊近年來已成為重大網路安全威脅。
本論文利用修改DNS的A記錄的方式將網頁連線請求導向至反向代理伺服器,再利用CAPTCHA的技術來分類攻擊者與一般使用者,分類後使用blowfish的加密方式產生一組HTTP Cookie儲存於使用者的瀏覽器中做為認證通行碼。此系統不需修改網頁伺服器上之設定便可有效防禦網頁連線請求洪水攻擊,故可應用於所有提供網頁服務的系統。實作的部分完全使用自由軟體來完成,一方面能利用自由軟體社群龐大的力量不斷改進軟體的功能,另一方面可以減少建置系統時軟體投資費用。
Denial-of-service (DoS) attack has become a major Internet security threats in recent years. In 2009, about 100 ISPs sharing information with Arbor Networks Corp. There were 350,367 discrete anomalies reported within the 12-month study period, with 20,280 (~5.8%) of these exceeding 1 Gbps[1]. In addition, under the CSI (Computer Crime and Security Survey) survey[2] that DDoS of Computer crime rate from 2008 to 2009 increased 21% to 29%.
In this paper, we first redirect web request to reverse proxy server by change DNS A record, then apply CAPTCHA technology to classify the attacker and the general user. After classified we using the blowfish encryption generates a set of HTTP Cookie then store on the user's browser as the authentication passcode. The system doesn't need modify the settings on the Web server, can be easy applied to all the web services system. We implement this system using open source software, and will significantly reduce the deployment of the system hardware and software investment costs.
[1] Fire or DDoS - Which is more probable., http://asert.arbornetworks.com/2010/01/fire-or-ddos-which-is-more-probable/.
[2] 14th Annual CSI Computer Crime and Security Survey, http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey09_Executive-Summary.pdf.
[3] Denial-of-service attack - Wikipedia., http://en.wikipedia.org/wiki/Ddos#Distributed_attack.
[4] 中小型企業客製化資安維護系列專輯 之四- 社交工程, http://www.i-security.tw/topic/topic_sg.asp?id=106.
[5] DomainKeys Identified Mail (DKIM)., http://www.dkim.org/.
[6] Sender ID Home Page., http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx.
[7] C. Douligeris and A. Mitrokosta, “DDoS attacks and defense mechanisms: classification and state-of-the-art”, Computer Networks: The International Journal of Computer and Telecommunications Networking, 2004, Pages: 643–666.
[8] The "mstream" distributed denial of service attack tool., http://staff.washington.edu/dittrich/misc/mstream.analysis.txt.
[9] W. Hardaker; D. Kingdred; R. Ostrenga; D. Sterne; R. Thomas, “Justification and Requirements for a National DDoS Defense Technology Evaluation Facility”, Network Associates Laboratories Report #02-052, 2002.
[10] RFC 792., http://www.faqs.org/rfcs/rfc792.html.
[11] 黃冠錡, “Detecting the Web Server from DDoS Attacks by Using Three-Tier Model”, 國立台灣科技大學資訊工程系碩士論文 , 2006.
[12] Chu-Hsing Lin; Jung-Chun Liu; Chih-Chieh Lien, "Detection Method Based on Reverse Proxy against Web Flooding Attacks ", Eighth International Conference on Intelligent Systems Design and Applications, 2008., Pages: 1522-1526.
[13] RFC 1918., http://www.ietf.org/rfc/rfc1918.txt.
[14] Smith, C.; Matrawy, A., "Comparison of operating system implementations of SYN flood defenses (Cookies)", 24th Biennial Symposium on Digital Object Identifier, 2008, Pages: 243-246.
[15] Bo Hang; Ruimin Hu, "A novel SYN Cookie method for TCP layer DDoS attack", International Conference on Future Digital Object Identifier BioMedical Information Engineering, 2009, Pages:445-448.
[16] HTTP cookie - Wikipedia., http://en.wikipedia.org/wiki/HTTP_cookie.
[17] Open Source Software - apache., http://httpd.apache.org/.
[18] Open Source Software - lighttpd., http://www.lighttpd.net/.
[19] Open Source Software - nginx., http://nginx.org/.
[20] Open Source Software - squid., http://www.squid-cache.org.
[21] Open Source Software - varnish., http://varnish-cache.org/.
[22] CAPTCHA- Wikipedia., http://en.wikipedia.org/wiki/CAPTCHA.
[23] Audio and Visual CAPTCHA., http://www.nswardh.com/shout/index.php.
[24] KCAPTCHA project., http://www.captcha.ru/en/kcaptcha/.
[25] What is GeoIP?, http://www.maxmind.com/app/ip-locate.
[26] Savage, Stefan, et al. Stockholm, Sweden, “ Practical Network Support for IP Traceback”, In Proceedings of the 2000 ACM SIGCOMM Conference, 2000.
[27] Trend Micro, 2008技術通報 - 目標式社交工程攻擊手法., http://tw.trendmicro.com/tw/support/tech-support/board/tech/article/20080821045654.html.
[28] Citrix XenServer., http://www.citrix.com.tw/node/112.
[29] What is Snort?, http://www.snort.org/.
[30] Using iptables to Block Brute Force Attacks., http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/.
[31] Distributed Reflection Denial of Service., http://cs-www.cs.yale.edu/homes/arvind/cs425/doc/drdos.pdf.
[32] João, Damas. The root server system., http://www.root-servers.org/presentations/wsis.pdf.
[33] S. Ranjan; R. Swaminathan; M. Uysal; A. Nucci; E. Knightly., “DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks”, IEEE/ACM Transactions on Networking, 2009, Pages: 26-39.
[34] S. Ranjan; R. Karrer; and E. Knightly., "Wide area redirection of dynamic content in internet data centers.", In Proceedings of IEEE INFOCOM, Hong Kong, 2004.
[35] D.J. Bernstein, SYN Cookies. http://cr.yp.to/syncookies.html.
[36] L. Limwiwatkul; A. Rungsawang, "Distributed denial of service detection using TCP/IP header and traffic measurement analysis", IEEE International Symposium on Communications and Information Technology, 2004, Pages:605-610.
[37] Kumar.S, "Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet", Second International Conference on Internet Monitoring and Protection ICIMP, 2007, Pages:25-25.
[38] S. Pukkawanna, P. Pongpaibool; V. Visoottiviseth, "LD2: A system for lightweight detection of denial-of-service attacks", Military Communications Conference, 2008, Pages:1-7.
[39] Zombie computer – Wikipedia, http://en.wikipedia.org/wiki/Zombie_computer
[40] Botnet – Wikipedia, http://en.wikipedia.org/wiki/Botnet.
[41] Zhaosheng Zhu, Guohan Lu, Yan Chen, Z.J. Fu, P. Roberts, Keesook Han, “Botnet Research Survey”, 32nd Annual IEEE International Computer Software and Applications, 2008, Pages:967-972.
[42] Botnet scams are exploding., http://www.usatoday.com/tech/news/computersecurity/2008-03-16-computer-botnets_N.htm.
[43] http://www.attackvector.org/botnet-command-and-control-methods/
[44] Julia Cheng, "Inside the botnets based on Open Source Methodology", Workshop on Understanding Botnets of Taiwan, 2010.
[45] A. Caglayan, M. Toothaker, D. Drapeau, D. Burke, G. Eaton, “Real-time Detection of Fast Flux Service Networks”, Cybersecurity Applications & Technology Conference For Homeland Security, 2009, Pages:285-292.
[46] A. Caglayan, M. Toothaker, D. Drapeau, D. Burke, G. Eaton, “Behavioral Patterns of Fast Flux Service Networks”, 43rd Hawaii International Conference on System Sciences, 2010, Pages:1-9.
[47] M. Feily,A. Shahrestani,S. Ramadass, "A Survey of Botnet and Botnet Detection", Third International Conference on Digital Object Identifier, 2009, Pages:268-273.
[48] TCP SYN Flooding Attacks and Common Mitigations, http://tools.ietf.org/html/rfc4987.
[49] HTTP State Management Mechanism, http://www.w3.org/Protocols/rfc2109/rfc2109.
[50] Transmission Control Protocol – Wikipedia, http://en.wikipedia.org/wiki/Transmission_Control_Protocol
[51] Squid Reverse Proxy, http://www.visolve.com/squid/whitepapers/reverseproxy.php
