面向單包型和分布式拒絕服務(wù)攻擊的反向追蹤技術(shù)研究
發(fā)布時間:2018-11-16 11:46
【摘要】:根據(jù)統(tǒng)計2016年我國網(wǎng)民總數(shù)達到7.10億,在眾多的網(wǎng)民中,其中有少部分人利用人們在互聯(lián)網(wǎng)中往往缺乏安全意識和基本的防范意識,通過各種非法手段謀取暴利,其中DoS攻擊是主要攻擊方式之一。由于它的極具隱蔽性的特點,使得人們很難防范此類攻擊手段。針對DoS攻擊提出的攻擊源反向追蹤技術(shù),就是為了解決或者緩解這個問題。針對現(xiàn)有的反向追蹤技術(shù)的收斂速度慢、誤報率高和追蹤精確性不高等問題。本文研究基于AS(自治域)的數(shù)據(jù)包標記方案和路由日志記錄相關(guān)算法,改進了針對單包型和分布式拒絕服務(wù)攻擊的反向追蹤技術(shù)研究方案,主要研究內(nèi)容如下:一、首先分析了針對Do S攻擊國內(nèi)外反向追蹤技術(shù)的現(xiàn)狀,并針對不同追蹤方案在性能和應(yīng)用上進行對比。然后針對基于單包型和分布式拒絕服務(wù)攻擊的反向追蹤技術(shù)研究方案存在的問題提出了兩個方面的改進方案。二、在對基于確定包標記算法和改進的動態(tài)概率標記算法研究的前提下,提出了一種基于自治系統(tǒng)的數(shù)據(jù)包標記優(yōu)化算法。定義了一個域間追蹤方案和一個域內(nèi)追蹤方案;采用不同的標記方案對數(shù)據(jù)信息進行處理。其中域間采用的是改進的確定包標記算法,域內(nèi)采用的是改進的動態(tài)概率包標記算法。提高了攻擊源反向追蹤的收斂性能、健壯性和精確度。三、本文針對PPIT中的IP數(shù)據(jù)包摘要存儲機制進行了改進,將原有標準Bloom Filter存儲機制改進為雙層Bloom Filter存儲機制,有效降低了在摘要信息插入和查找過程中hash碰撞的發(fā)生概率,提高了追蹤的精確度。同時采用了原有方案的通過TTL值來實現(xiàn)路徑確認機制,這樣就可以進一步保證了路徑重構(gòu)階段的精確性。四、通過仿真工具NS2仿真實驗,將本文的改進方案與現(xiàn)有的方案進行對比,其中本文改進的針對DDoS攻擊的反向追蹤方案AS_GDPPM與ASPPM、FAST、HAST和AS_PPM等進行對比,改進的針對單包型拒絕服務(wù)攻擊的反向追蹤方案PPITI與PPIT、HIT對比;實驗結(jié)果表明本文的改進方案比現(xiàn)有的更加收斂、誤報率更低、追蹤更加精確。
[Abstract]:According to statistics, the total number of Internet users in China reached 710 million in 2016. Among the numerous netizens, a small number of them used people's lack of security awareness and basic awareness of prevention in the Internet to obtain huge profits through various illegal means. DoS attack is one of the main attack methods. Because of its concealment, it is difficult to prevent this kind of attack. The reverse tracing technique for DoS attack is to solve or alleviate this problem. In order to solve the problems such as slow convergence rate, high false alarm rate and low tracking accuracy of the existing reverse tracking techniques. In this paper, the packet marking scheme based on AS and the routing logging algorithm are studied, and the reverse tracking scheme for single packet and distributed denial of service attacks is improved. The main research contents are as follows: 1. Firstly, this paper analyzes the current situation of reverse tracking technology for Do S attacks at home and abroad, and compares the performance and application of different tracking schemes. Then two improved schemes are proposed to solve the problem of reverse tracking based on single package attack and distributed denial of service attack (DDoS). Secondly, a packet marking optimization algorithm based on autonomous system is proposed based on the research of the algorithm based on deterministic packet marking and the improved dynamic probability marking algorithm. An inter-domain tracing scheme and an intra-domain tracing scheme are defined, and different marking schemes are used to process the data information. Among them, the improved deterministic packet marking algorithm is used among the domains, and the improved dynamic probability packet marking algorithm is used in the domain. The convergence, robustness and accuracy of the reverse tracking of the attack source are improved. Thirdly, this paper improves the mechanism of IP packet digest storage in PPIT, and improves the original standard Bloom Filter storage mechanism to double layer Bloom Filter storage mechanism, which effectively reduces the probability of hash collision in the process of inserting and searching summary information. The accuracy of tracking is improved. At the same time, the TTL value of the original scheme is adopted to realize the path confirmation mechanism, which can further ensure the accuracy of the path reconstruction phase. Fourthly, the improved scheme of this paper is compared with the existing scheme by the simulation tool NS2 simulation experiment, in which the improved reverse tracking scheme for DDoS attack AS_GDPPM is compared with ASPPM,FAST,HAST and AS_PPM, etc. The improved reverse tracking scheme for single packet denial of service attack (PPITI) is compared with PPIT,HIT. The experimental results show that the improved scheme is more convergent than the existing scheme, with lower false alarm rate and more accurate tracking.
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP393.08
本文編號:2335430
[Abstract]:According to statistics, the total number of Internet users in China reached 710 million in 2016. Among the numerous netizens, a small number of them used people's lack of security awareness and basic awareness of prevention in the Internet to obtain huge profits through various illegal means. DoS attack is one of the main attack methods. Because of its concealment, it is difficult to prevent this kind of attack. The reverse tracing technique for DoS attack is to solve or alleviate this problem. In order to solve the problems such as slow convergence rate, high false alarm rate and low tracking accuracy of the existing reverse tracking techniques. In this paper, the packet marking scheme based on AS and the routing logging algorithm are studied, and the reverse tracking scheme for single packet and distributed denial of service attacks is improved. The main research contents are as follows: 1. Firstly, this paper analyzes the current situation of reverse tracking technology for Do S attacks at home and abroad, and compares the performance and application of different tracking schemes. Then two improved schemes are proposed to solve the problem of reverse tracking based on single package attack and distributed denial of service attack (DDoS). Secondly, a packet marking optimization algorithm based on autonomous system is proposed based on the research of the algorithm based on deterministic packet marking and the improved dynamic probability marking algorithm. An inter-domain tracing scheme and an intra-domain tracing scheme are defined, and different marking schemes are used to process the data information. Among them, the improved deterministic packet marking algorithm is used among the domains, and the improved dynamic probability packet marking algorithm is used in the domain. The convergence, robustness and accuracy of the reverse tracking of the attack source are improved. Thirdly, this paper improves the mechanism of IP packet digest storage in PPIT, and improves the original standard Bloom Filter storage mechanism to double layer Bloom Filter storage mechanism, which effectively reduces the probability of hash collision in the process of inserting and searching summary information. The accuracy of tracking is improved. At the same time, the TTL value of the original scheme is adopted to realize the path confirmation mechanism, which can further ensure the accuracy of the path reconstruction phase. Fourthly, the improved scheme of this paper is compared with the existing scheme by the simulation tool NS2 simulation experiment, in which the improved reverse tracking scheme for DDoS attack AS_GDPPM is compared with ASPPM,FAST,HAST and AS_PPM, etc. The improved reverse tracking scheme for single packet denial of service attack (PPITI) is compared with PPIT,HIT. The experimental results show that the improved scheme is more convergent than the existing scheme, with lower false alarm rate and more accurate tracking.
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前8條
1 魏軍;連一峰;戴英俠;李聞;鮑旭華;;一種基于路由器矢量邊采樣的IP追蹤技術(shù)[J];軟件學(xué)報;2007年11期
2 朱曉建;劉淵;李秀珍;;基于非重復(fù)包標記的IP追蹤研究[J];計算機應(yīng)用;2007年11期
3 荊一楠;屠鵬;王雪平;張根度;;一種基于反向確認的DDoS攻擊源追蹤模型[J];計算機工程;2007年02期
4 彭艷兵;龔儉;劉衛(wèi)江;楊望;;Bloom Filter哈希空間的元素還原[J];電子學(xué)報;2006年05期
5 曲海鵬;馮登國;蘇璞睿;;基于有序標記的IP包追蹤方案[J];電子學(xué)報;2006年01期
6 閆巧,吳建平,江勇;網(wǎng)絡(luò)攻擊源追蹤技術(shù)的分類和展望[J];清華大學(xué)學(xué)報(自然科學(xué)版);2005年04期
7 金光,趙杰煜,趙一鳴,王肖虹;自治系統(tǒng)的攻擊入口追溯技術(shù)研究[J];電子與信息學(xué)報;2005年03期
8 李德全,徐一丁,蘇璞睿,馮登國;IP追蹤中的自適應(yīng)包標記[J];電子學(xué)報;2004年08期
相關(guān)博士學(xué)位論文 前3條
1 魯寧;攻擊源追蹤及攻擊流過濾方法研究[D];北京郵電大學(xué);2013年
2 李勇輝;IP網(wǎng)絡(luò)中基于數(shù)據(jù)包標記的溯源方法研究[D];北京郵電大學(xué);2011年
3 黃昌來;基于自治系統(tǒng)的DDoS攻擊追蹤研究[D];復(fù)旦大學(xué);2009年
相關(guān)碩士學(xué)位論文 前3條
1 席曄文;基于雙布魯姆過濾器的數(shù)據(jù)排重算法及其應(yīng)用[D];湖南大學(xué);2013年
2 蔣鏘;無線自組織網(wǎng)絡(luò)中基于網(wǎng)絡(luò)編碼的DDoS攻擊源追蹤方法研究[D];復(fù)旦大學(xué);2013年
3 趙會平;面向DDoS攻擊的溯源技術(shù)研究[D];電子科技大學(xué);2013年
,本文編號:2335430
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2335430.html
最近更新
教材專著
