【摘要】：根據(jù)統(tǒng)計(jì)2016年我國(guó)網(wǎng)民總數(shù)達(dá)到7.10億,在眾多的網(wǎng)民中,其中有少部分人利用人們?cè)诨ヂ?lián)網(wǎng)中往往缺乏安全意識(shí)和基本的防范意識(shí),通過(guò)各種非法手段謀取暴利,其中DoS攻擊是主要攻擊方式之一。由于它的極具隱蔽性的特點(diǎn),使得人們很難防范此類(lèi)攻擊手段。針對(duì)DoS攻擊提出的攻擊源反向追蹤技術(shù),就是為了解決或者緩解這個(gè)問(wèn)題。針對(duì)現(xiàn)有的反向追蹤技術(shù)的收斂速度慢、誤報(bào)率高和追蹤精確性不高等問(wèn)題。本文研究基于AS(自治域)的數(shù)據(jù)包標(biāo)記方案和路由日志記錄相關(guān)算法,改進(jìn)了針對(duì)單包型和分布式拒絕服務(wù)攻擊的反向追蹤技術(shù)研究方案,主要研究?jī)?nèi)容如下:一、首先分析了針對(duì)Do S攻擊國(guó)內(nèi)外反向追蹤技術(shù)的現(xiàn)狀,并針對(duì)不同追蹤方案在性能和應(yīng)用上進(jìn)行對(duì)比。然后針對(duì)基于單包型和分布式拒絕服務(wù)攻擊的反向追蹤技術(shù)研究方案存在的問(wèn)題提出了兩個(gè)方面的改進(jìn)方案。二、在對(duì)基于確定包標(biāo)記算法和改進(jìn)的動(dòng)態(tài)概率標(biāo)記算法研究的前提下,提出了一種基于自治系統(tǒng)的數(shù)據(jù)包標(biāo)記優(yōu)化算法。定義了一個(gè)域間追蹤方案和一個(gè)域內(nèi)追蹤方案;采用不同的標(biāo)記方案對(duì)數(shù)據(jù)信息進(jìn)行處理。其中域間采用的是改進(jìn)的確定包標(biāo)記算法,域內(nèi)采用的是改進(jìn)的動(dòng)態(tài)概率包標(biāo)記算法。提高了攻擊源反向追蹤的收斂性能、健壯性和精確度。三、本文針對(duì)PPIT中的IP數(shù)據(jù)包摘要存儲(chǔ)機(jī)制進(jìn)行了改進(jìn),將原有標(biāo)準(zhǔn)Bloom Filter存儲(chǔ)機(jī)制改進(jìn)為雙層Bloom Filter存儲(chǔ)機(jī)制,有效降低了在摘要信息插入和查找過(guò)程中hash碰撞的發(fā)生概率,提高了追蹤的精確度。同時(shí)采用了原有方案的通過(guò)TTL值來(lái)實(shí)現(xiàn)路徑確認(rèn)機(jī)制,這樣就可以進(jìn)一步保證了路徑重構(gòu)階段的精確性。四、通過(guò)仿真工具NS2仿真實(shí)驗(yàn),將本文的改進(jìn)方案與現(xiàn)有的方案進(jìn)行對(duì)比,其中本文改進(jìn)的針對(duì)DDoS攻擊的反向追蹤方案AS_GDPPM與ASPPM、FAST、HAST和AS_PPM等進(jìn)行對(duì)比,改進(jìn)的針對(duì)單包型拒絕服務(wù)攻擊的反向追蹤方案PPITI與PPIT、HIT對(duì)比;實(shí)驗(yàn)結(jié)果表明本文的改進(jìn)方案比現(xiàn)有的更加收斂、誤報(bào)率更低、追蹤更加精確。
[Abstract]:According to statistics, the total number of Internet users in China reached 710 million in 2016. Among the numerous netizens, a small number of them used people's lack of security awareness and basic awareness of prevention in the Internet to obtain huge profits through various illegal means. DoS attack is one of the main attack methods. Because of its concealment, it is difficult to prevent this kind of attack. The reverse tracing technique for DoS attack is to solve or alleviate this problem. In order to solve the problems such as slow convergence rate, high false alarm rate and low tracking accuracy of the existing reverse tracking techniques. In this paper, the packet marking scheme based on AS and the routing logging algorithm are studied, and the reverse tracking scheme for single packet and distributed denial of service attacks is improved. The main research contents are as follows: 1. Firstly, this paper analyzes the current situation of reverse tracking technology for Do S attacks at home and abroad, and compares the performance and application of different tracking schemes. Then two improved schemes are proposed to solve the problem of reverse tracking based on single package attack and distributed denial of service attack (DDoS). Secondly, a packet marking optimization algorithm based on autonomous system is proposed based on the research of the algorithm based on deterministic packet marking and the improved dynamic probability marking algorithm. An inter-domain tracing scheme and an intra-domain tracing scheme are defined, and different marking schemes are used to process the data information. Among them, the improved deterministic packet marking algorithm is used among the domains, and the improved dynamic probability packet marking algorithm is used in the domain. The convergence, robustness and accuracy of the reverse tracking of the attack source are improved. Thirdly, this paper improves the mechanism of IP packet digest storage in PPIT, and improves the original standard Bloom Filter storage mechanism to double layer Bloom Filter storage mechanism, which effectively reduces the probability of hash collision in the process of inserting and searching summary information. The accuracy of tracking is improved. At the same time, the TTL value of the original scheme is adopted to realize the path confirmation mechanism, which can further ensure the accuracy of the path reconstruction phase. Fourthly, the improved scheme of this paper is compared with the existing scheme by the simulation tool NS2 simulation experiment, in which the improved reverse tracking scheme for DDoS attack AS_GDPPM is compared with ASPPM,FAST,HAST and AS_PPM, etc. The improved reverse tracking scheme for single packet denial of service attack (PPITI) is compared with PPIT,HIT. The experimental results show that the improved scheme is more convergent than the existing scheme, with lower false alarm rate and more accurate tracking.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 魏軍;連一峰;戴英俠;李聞;鮑旭華;;一種基于路由器矢量邊采樣的IP追蹤技術(shù)[J];軟件學(xué)報(bào);2007年11期

2 朱曉建;劉淵;李秀珍;;基于非重復(fù)包標(biāo)記的IP追蹤研究[J];計(jì)算機(jī)應(yīng)用;2007年11期

3 荊一楠;屠鵬;王雪平;張根度;;一種基于反向確認(rèn)的DDoS攻擊源追蹤模型[J];計(jì)算機(jī)工程;2007年02期

4 彭艷兵;龔儉;劉衛(wèi)江;楊望;;Bloom Filter哈�？臻g的元素還原[J];電子學(xué)報(bào);2006年05期

5 曲海鵬;馮登國(guó);蘇璞睿;;基于有序標(biāo)記的IP包追蹤方案[J];電子學(xué)報(bào);2006年01期

6 閆巧,吳建平,江勇;網(wǎng)絡(luò)攻擊源追蹤技術(shù)的分類(lèi)和展望[J];清華大學(xué)學(xué)報(bào)(自然科學(xué)版);2005年04期

7 金光,趙杰煜,趙一鳴,王肖虹;自治系統(tǒng)的攻擊入口追溯技術(shù)研究[J];電子與信息學(xué)報(bào);2005年03期

8 李德全,徐一丁,蘇璞睿,馮登國(guó);IP追蹤中的自適應(yīng)包標(biāo)記[J];電子學(xué)報(bào);2004年08期

相關(guān)博士學(xué)位論文 前3條

1 魯寧;攻擊源追蹤及攻擊流過(guò)濾方法研究[D];北京郵電大學(xué);2013年

2 李勇輝;IP網(wǎng)絡(luò)中基于數(shù)據(jù)包標(biāo)記的溯源方法研究[D];北京郵電大學(xué);2011年

3 黃昌來(lái);基于自治系統(tǒng)的DDoS攻擊追蹤研究[D];復(fù)旦大學(xué);2009年

相關(guān)碩士學(xué)位論文 前3條

1 席曄文;基于雙布魯姆過(guò)濾器的數(shù)據(jù)排重算法及其應(yīng)用[D];湖南大學(xué);2013年

2 蔣鏘;無(wú)線(xiàn)自組織網(wǎng)絡(luò)中基于網(wǎng)絡(luò)編碼的DDoS攻擊源追蹤方法研究[D];復(fù)旦大學(xué);2013年

3 趙會(huì)平;面向DDoS攻擊的溯源技術(shù)研究[D];電子科技大學(xué);2013年

，

本文編號(hào)：2335430