English  |  正體中文  |  简体中文  |  Items with full text/Total items : 43312/67235
Visitors : 2106436      Online Users : 5
RC Version 5.0 © Powered By DSPACE, MIT. Enhanced by NTU/NCHU Library IR team.
National Chung Hsing University Institutional Repository - NCHUIR > 理學院 > 資訊網路與多媒體研究所 > 依資料類型分類 > 碩博士論文 >  運用BGP Blackhole機制防止洪水式分散阻斷服務攻擊之研究

Please use this identifier to cite or link to this item: http://nchuir.lib.nchu.edu.tw/handle/309270000/154567

標題: 運用BGP Blackhole機制防止洪水式分散阻斷服務攻擊之研究
Using BGP Blackhole technology to prevent flooding-based distributed denial of service attacks
作者: 江敏宏
Chiang, Min-Hung
Contributors: 高勝助
Shang-Juh Kao
資訊網路多媒體研究所
關鍵字: 分散式阻斷服務攻擊;BGP Blackhole;DDoS;Holt-Winters;NetFlow
BGP Blackhole;Distributed Denial Of Service;DDoS;Holt-Winters;NetFlow
日期: 2012
Issue Date: 2013-11-21 10:57:01 (UTC+8)
Publisher: 資訊網路多媒體研究所
摘要: 分散式阻斷攻擊(Distributed Denial of Service)仍然是個相當難以預防的電腦犯罪模式。攻擊者藉由入侵網路上眾多防護較為薄弱的個人電腦,對目標主機進行大規模分散式阻斷攻擊。當攻擊發生時,其大量的攻擊封包不僅會癱瘓受害主機,甚至可能造成網際網路中繼設備或骨幹頻寬負載過大,進而波及其它正常的使用者。針對洪水式分散阻斷攻擊的防禦機制可以概分為三類:一、黑洞路由(Blackhole routing);二、單播反向路徑轉發(Unicast Reverse Path Forwarding);三、下水道路由技術(Sinkhole routing)。其中,因下水道路由技術門檻較高,且需要眾多的硬體設備支援;而單播反向路徑轉發技術則需更動網際網路供應商之間邊緣路由器的佈署架構,並會加重邊緣路由器的負荷。本論文採取較具彈性的黑洞路由技術,輔以相關異常流量偵測技術:霍爾特溫特斯預測法(Holt-Winters forecasting technique)及NFDump,搭配Perl程式的開發以分析原始封包資料,並提供完整的WEB GUI介面,使用者得以快速偵測攻擊的發生及進行黑洞路由的操作。當分散式阻斷攻擊發生時,此系統可於5分鐘內準確地偵測出受害的IP位址,並快速完成上游網際網路供應商邊緣路由器之黑洞路由佈署,以有效降低攻擊發生時所造成的重大影響。
Distributed denial of services (DDoS) is the most difficult attacking threat to be prevented. The amount of packets from a DDoS attack would result in backbone paralysis. There are three common approaches which can prevent the flooding-based DDoS attacks. Blackhole routing; unicast reverse path forwarding; and sinkhole routing. Sinkhole routing which requires hardware support is fairly complex, and unicast reverse path forwarding which might change the edge router deployment among ISPs could result in high overload over edge routers. The thesis proposes a system which adopts blackhole routing combining with Holt-winters forecasting and NFDdump to detect abnormal traffic. The proposed system analyzes by a Perl-coded program and provides a Web GUI for blackhole routing operations. The traffic when a DDoS attack initiates, the proposed system can accurately detect the affected IP address within 5 minutes, to allow the re-configuration of the blackhole routing among edge routers, so that the sufferings from the attack can be effectively reduced.
Appears in Collections:[依資料類型分類] 碩博士論文

Files in This Item:

File SizeFormat
index.html0KbHTML165View/Open


 


學術資源

著作權聲明

本網站為收錄中興大學學術著作及學術產出,已積極向著作權人取得全文授權,並盡力防止侵害著作權人之權益。如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員,將盡速為您處理。

本網站之數位內容為國立中興大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用。

聯絡網站維護人員:wyhuang@nchu.edu.tw,04-22840290 # 412。

DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU/NCHU Library IR team Copyright ©   - Feedback