透過您的圖書館登入 IP:3.12.151.153
透過您的圖書館登入
IP:3.12.151.153
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

改良的布隆過濾器單封包溯源機制

Enhanced Single Packet IP Traceback Based on Bloom Filter

許子謙(Tzu-Chien Hsu)
指導教授 : 楊明豪 羅嘉寧
中原大學/電機資訊學院/資訊工程研究所/碩士(2016年)
https://doi.org/10.6840/cycu201600808
全文下載

摘要

近年來網際網路的發展相當迅速,各種網路服務被推出來滿足使用者的需求,但同時也產生了許多安全上的問題。由於網路協定的關係,攻擊者可以隱藏自己的IP位置對受害者發動攻擊,要找出攻擊者真正位置相當困難。目前已經有許多研究提出各種封包溯源機制,其中封包標記機制需要蒐集大量攻擊封包才能找到攻擊者;封包轉存機制只需單一封包就能追蹤到攻擊者,但會在路由器上消耗大量儲存空間;複合封包溯源機制結合了封包標記機制和封包轉存機制,只用單一封包就能找到攻擊者,且降低了路由器上儲存空間的消耗。我們的方法以封包標記機制,使用32位元的標記空間來記錄攻擊路徑並利用封包表頭的原有的TTL欄位來降低追蹤誤判率,讓封包標記機制也能達到單一封包追蹤,且不需要任何路由器額外儲存空間來記錄攻擊路徑資訊。

關鍵字

封包標記機制,封包轉存機制,複合封包溯源機制,分散式阻斷攻擊,IP位址偽裝

並列摘要

The Internet technology has been widely applied in many areas in the past decades and therefore its security issues have also attracted more and more concern. An attacker can hide their IP address to attack the victim, and it’s hard to find their true location. There are already many researchs addressing this issue, packet marking mechanism need to collect a large number of attack packets to find the attacker. Packet logging mechanism can trace back to the attacker by a single packet, but it will consume a lot of storage space on the router. Hybrid IP traceback mechanism combines packet marking mechanism and packet logging mechanism, only need a single packet to find the attacker , and reduces the consumption of storage space on the router. Our approach is packet marking mechanism, using Bloom Filter to record the attack path, so that the packet marking mechanism can achieve a single packet tracing, and does not require the use of storage space on the router. We also use TTL field of the packet header to improve the drawback of Bloom Filter to further reduce the false positives rate.

並列關鍵字

hybrid IP traceback, packet logging, packet marking, DDoS, IP spoofing

參考文獻

[1] A. Belenky and N. Ansari, “Accommodating fragmentation in deterministic packet marking for IP traceback,” IEEE Global Telecommunications Conference, vol. 3, pp. 1374–1378, Dec. 2003.
[2] A. Belenky and N. Ansari, “IP traceback with deterministic packet marking,” IEEE Communications Letters, vol. 7, no. 4, pp. 162–164, Apr. 2003.
[3] A. Belenky and N. Ansari, “Tracing multiple attackers with deterministic packet marking (DPM),” IEEE Pacific Rim, vol.1, pp.49–52, Aug. 2003.
[4] A. Hussain, J. Heidemann, and C. Papadopoulos, “A Framework for Classifying Denial of Service Attack,” in Proc. ACM SIGCOMM '03, Karlsruhe, Germany, pp.99-110, Aug. 2003.
[7] C. Gong and K. Sarac, “A more practical approach for single-packet IP traceback using packet logging and marking,” IEEE Transactions on Parallel and Distributed Systems, vol. 19, no. 10, pp.1310-1324, Oct. 2008.

延伸閱讀

全文下載