透過您的圖書館登入 IP:216.73.216.24
透過您的圖書館登入
IP:216.73.216.24
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

以倒傳遞類神經網路防禦應用層之分散式阻斷攻擊之整體架構

A Framework for Defending Application Layer DDoS Attacks Using a Back-Propagation Neural Network

李明舫(Ming-fang Lee)
指導教授 : 嚴威
大同大學/電機資訊學院/資訊工程學系所/碩士(2006年)
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
未授權

摘要

本論文研究應用層分散式服務阻斷攻擊問題。攻擊者使用隨機服務請求攻擊,服務請求是來自預先定義的字辭集,用以攻擊搜尋引擎一類的網頁伺服器。如果缺乏防禦的機制,伺服器將變慢。我們建議兩個提案來解決此問題。然後,我們以誤判陰性比率(false negative ratio)、誤判陽性比率(false positive ratio)及誤判率(error ratio)來討論效能。 我們提出一運用人工智慧為基礎的演算法(AI-based algorithm)─以倒傳遞類神經網路(back-propagation neural network)為架構的機制,並與我們之前提出的以統計為基礎的演算法(statistical algorithm)比較。前者解決此類攻擊問題時,分為兩個階段。在第一個階段中,我們模擬攻擊樣本與正常樣本,並用來訓練這個類神經網路。之後第二個階段,我們使用這訓練後的類神經網路來分類所有的使用者。 而在統計演算法中,此問題則使用利用三個階段解決。第一個階段使用重複的元素當作特徵,來從所有的使用者中決定嫌疑者。第二個階段是從所有嫌疑犯中,使用他們的記錄來選取真正的攻擊者。之後第三階段,使用辨識出來的攻擊者的歷史資料,來分類所有的使用者,是否為合法使用者與非法使用者。 此二提案可以被建立在防火牆或伺服器上,以避免有限字辭集的應用層分散式服務阻斷攻擊。如我們的結果所展現的,此兩提案有著相近的正確率,其平均正確率大約百分之八十六。然而它們的實踐與運作的成本是有所不同的,其所需的分類時間與需要的處理程序上相異。

關鍵字

應用層分散式阻斷攻擊 人工智慧 類神經網路 倒傳遞演算法

並列摘要

The paper studies the application layer DDoS attack problem. The attackers use random requests from a predefined word pool to a web server as a search engine. The server will be slowed, if there is no defending mechanism. We evaluate two approaches to overcome the problem. Then, we discuss the performance with the false negative ratio, false positive ratio, and error ratio. We propose the artificial intelligence(AI)-based algorithm which is based on the back-propagation neural network. Then, we compare it with the statistical algorithm what we proposed previously. The former solves DDoS attacks with two phases. In the first phase, we train the neural network with the samples. Then, we use the trained neural network to separate all users in the second phase. In the statistical approach, three phases are employed to solve the DDoS attack problem. The first phase uses the repeated elements as the signature to decide the suspects from all users. The second phase is to identify an attacker among all suspects using their request logs. Then, the third phase uses the history of the identified attacker to classify all users into legitimate users and attackers. The two approaches can be built on either firewall or server to prevent the application layer DDoS attack with a limited pool. As our simulation results show the two approaches share approximately the same accuracy rate which is about 86%. However, their implementation and operational costs are somehow different. They are indicated as that classification times and needing phases are different.

並列關鍵字

Application layer DDoS Attack Artificial Intelligence (AI) Back-Propagation Algorithm Neural Network

參考文獻

[4] B. Young, “MyDoom a Taste of Viruses to Come, Says Security Analyst,” Reuters, Feb, 2004.
[6] CERT Coordination Center, “CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks,” Sep. 1996, http://www.cert.org/advisories/CA-1996-21.html.
[7] CERT Coordination Center, “CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack”, February 8, 1996, http://www.cert.org/advisories/CA-1996-01.html.
[11] Rocky K. C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine, pp.42-51, Oct. 2002
[16] S. F. Wu et al., “On Design and Evaluation of ‘Intention-Driven’ ICMP Traceback,” Proc. 10th Int’l. Conf. Comp. Commun. and Nets., 2001, pp. 159–65.

延伸閱讀

未授權