簡易檢索 / 詳目顯示
| 研究生: |
胡凱文 Kevin - Hu |
|---|---|
| 論文名稱: |
基於流量統計的封包頭偵測分散式阻斷系統 A Flow Motion Model Control Scheme for DDoS Detection |
| 指導教授: |
洪西進
Shi-Jinn Horng |
| 口試委員: |
鍾國亮
Kuo-Liang Chung 王有禮 Yue-Li Wang |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
| 論文出版年: | 2012 |
| 畢業學年度: | 100 |
| 語文別: | 中文 |
| 論文頁數: | 58 |
| 中文關鍵詞: | 時間序列模型 、分散式阻斷系統 、流量工程 |
| 外文關鍵詞: | DDoS, Time Series, network traffic model |
| 相關次數: | 點閱:159 下載:5 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
本論文的主旨是希望能夠減少人為的介入來達到自動化學習DDoS偵測,因此加入了封包頭的分析與流量變化之模擬,因此我們提出了一個稱為Flow Motion Model的時間序列模型去詮釋網路流量工程之架構,並加以改善了封包分析(Packet Score)使得整套系統更加優化,最後也達到理想的偵測效能。
Distributed Denial of Service (DDoS) attack is a critical problem to the Internet. Currently, they need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and poor to learn the new attacking packets.
Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding.
Our key idea is that. we use a flow motion model to forecast network traffic flow. This model can describe network traffic flow behavior like mean-reverting and seasonal effect, and construct a flow prediction interval. When observed flows are outside the prediction interval. we will check the packet character to score which estimates the legitimacy of a packet given the attribute values it carries.
Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets.
[1] NetWitness, “「Kneber Botnet」Targets Corporate Networks and Credentials, ”http://www.netwitness.com//resources/pressreleases/feB2010.aspx
[2] Fire or DDoS - Which is more probable, ttp://www.arbornetworks.com/arbor-networks%E2%80%99-sixth-annual-worldwide-infrastructuresecurity-report.html February 1, 2011.
[3] S. Floyd and V. Jacobson, “Link-sharing and Resource Management Models for Packet Networks,” IEEE/ACM Transactions on Networking, Vol. 3 No. 4, pp. 365-386, August 1995.
[4] Kapagiannaki, et al., “Long-Term Forecasting of Internet Backbone Traffic: Oberrvations and Initial Model”,Proceedings of IEEE INFOCOM, 2003
[5] Zhaosheng Zhu, Guohan Lu, Yan Chen, Z.J. Fu, P. Roberts, Keesook Han, “Botnet Research Survey,” IEEE International Computer Software and Applications 32nd Annual, pp. 967-972, 2008.
[6] 黃冠錡, “Detecting the Web Server from DDoS Attacks by Using Three-Tier Model”, 國立台灣科技大學資訊工程系碩士論文 , 2006
[7] http://en.wikipedia.org/wiki/IP_address_spoofing
[8]羅文洋,“基於封包標頭偵測阻斷服務攻擊與網路探測之輕量型系統”,國立台灣科技大學資訊工程系碩士論文 , 2007
[9]「NetFlow之關係與應用」(TWCERT/CC,台灣網路危機處裡協中心, http://www.cert.org.tw/document/colume/show.php?key=87
[10]J. Hall and P. Mars, “Limitations of artificial neural networks for traffic prediction in broadband networks,” Proc. Inst. Elec. Eng., vol. 147, pp. 114–118, Apr. 2000.
[11]王博瑋,以網路流量為基礎的入侵偵測系統,,碩士論文,國立雲林科技大學資訊工程研究所,2004
[12]余宗麟,無線感測網路上流量與雍塞控制協同運作中介軟體之研究與實現,碩士論文,國立成功大學電腦與通信工程研究所,2006 年 10 月。
[13]C. Douligeris and A. Mitrokosta, “DDoS attacks and defense mechanisms: classification and state-of-the-art,” Computer Networks: The International Journal of Computer and Telecommunications Networking, pp. 643–666, 2004.
[14]張思楊,網路流量偵測 ARP 欺騙攻擊之研究,碩士論文,國立高雄大學資訊管理學系,2009年 7 月。
[15]Marchette, D., “A Statistical Method for Profiling Network Traffic,” The USENIX Association, 2001
[16] S.Karthik, I MTech-CEN, K.Saravanan, ” Packet Score Based Network Security and Traffic Optimization, S Karthik - Arxiv preprint arXiv:1202.2024, 2012 - arxiv.org”
[17]Thinakaran, R. Comput. Sci. Programme, Nat. Univ. of Malaysia, Bangi, Malaysia Sundararajan, E. “UKM C2M: A cluster control system for cluster computer developed using opensource software”, Electrical Engineering and Informatics (ICEEI), 2011 International Conference on, Pages 1 – 5
[18]L.D.Zhang, L.Jia1, and W.X.Zhu1, “Overview of Traffic Flow Hybrid ANN Forecasting Algorithm Study” Computer Application and System Modeling (ICCASM), 2010 International Conference on 22-24 Oct. 2010
[19] A. Eswaradass, X.-H. Sun, and M. Wu, "A Neural Network Based Predictive Mechanism for Available Bandwidth," in Proc. of 19th Intl Parallel and Dist. Processing Symposium, Denver, CO, April., 2006.
[20] Remus, J.J. ECE Dept., Duke Univ., Durham, NC, “Comparison of a distance-based likelihood ratio test and k-nearest neighbor classification methods,” in Machine Learning for Signal Processing, 2008. MLSP 2008. IEEE Workshop on, 16-19 Oct. 2008
[21] http://www.caida.org/home/about/
