面向单包型和分布式拒绝服务攻击的反向追踪技术研究
发布时间:2018-11-16 11:46
【摘要】:根据统计2016年我国网民总数达到7.10亿,在众多的网民中,其中有少部分人利用人们在互联网中往往缺乏安全意识和基本的防范意识,通过各种非法手段谋取暴利,其中DoS攻击是主要攻击方式之一。由于它的极具隐蔽性的特点,使得人们很难防范此类攻击手段。针对DoS攻击提出的攻击源反向追踪技术,就是为了解决或者缓解这个问题。针对现有的反向追踪技术的收敛速度慢、误报率高和追踪精确性不高等问题。本文研究基于AS(自治域)的数据包标记方案和路由日志记录相关算法,改进了针对单包型和分布式拒绝服务攻击的反向追踪技术研究方案,主要研究内容如下:一、首先分析了针对Do S攻击国内外反向追踪技术的现状,并针对不同追踪方案在性能和应用上进行对比。然后针对基于单包型和分布式拒绝服务攻击的反向追踪技术研究方案存在的问题提出了两个方面的改进方案。二、在对基于确定包标记算法和改进的动态概率标记算法研究的前提下,提出了一种基于自治系统的数据包标记优化算法。定义了一个域间追踪方案和一个域内追踪方案;采用不同的标记方案对数据信息进行处理。其中域间采用的是改进的确定包标记算法,域内采用的是改进的动态概率包标记算法。提高了攻击源反向追踪的收敛性能、健壮性和精确度。三、本文针对PPIT中的IP数据包摘要存储机制进行了改进,将原有标准Bloom Filter存储机制改进为双层Bloom Filter存储机制,有效降低了在摘要信息插入和查找过程中hash碰撞的发生概率,提高了追踪的精确度。同时采用了原有方案的通过TTL值来实现路径确认机制,这样就可以进一步保证了路径重构阶段的精确性。四、通过仿真工具NS2仿真实验,将本文的改进方案与现有的方案进行对比,其中本文改进的针对DDoS攻击的反向追踪方案AS_GDPPM与ASPPM、FAST、HAST和AS_PPM等进行对比,改进的针对单包型拒绝服务攻击的反向追踪方案PPITI与PPIT、HIT对比;实验结果表明本文的改进方案比现有的更加收敛、误报率更低、追踪更加精确。
[Abstract]:According to statistics, the total number of Internet users in China reached 710 million in 2016. Among the numerous netizens, a small number of them used people's lack of security awareness and basic awareness of prevention in the Internet to obtain huge profits through various illegal means. DoS attack is one of the main attack methods. Because of its concealment, it is difficult to prevent this kind of attack. The reverse tracing technique for DoS attack is to solve or alleviate this problem. In order to solve the problems such as slow convergence rate, high false alarm rate and low tracking accuracy of the existing reverse tracking techniques. In this paper, the packet marking scheme based on AS and the routing logging algorithm are studied, and the reverse tracking scheme for single packet and distributed denial of service attacks is improved. The main research contents are as follows: 1. Firstly, this paper analyzes the current situation of reverse tracking technology for Do S attacks at home and abroad, and compares the performance and application of different tracking schemes. Then two improved schemes are proposed to solve the problem of reverse tracking based on single package attack and distributed denial of service attack (DDoS). Secondly, a packet marking optimization algorithm based on autonomous system is proposed based on the research of the algorithm based on deterministic packet marking and the improved dynamic probability marking algorithm. An inter-domain tracing scheme and an intra-domain tracing scheme are defined, and different marking schemes are used to process the data information. Among them, the improved deterministic packet marking algorithm is used among the domains, and the improved dynamic probability packet marking algorithm is used in the domain. The convergence, robustness and accuracy of the reverse tracking of the attack source are improved. Thirdly, this paper improves the mechanism of IP packet digest storage in PPIT, and improves the original standard Bloom Filter storage mechanism to double layer Bloom Filter storage mechanism, which effectively reduces the probability of hash collision in the process of inserting and searching summary information. The accuracy of tracking is improved. At the same time, the TTL value of the original scheme is adopted to realize the path confirmation mechanism, which can further ensure the accuracy of the path reconstruction phase. Fourthly, the improved scheme of this paper is compared with the existing scheme by the simulation tool NS2 simulation experiment, in which the improved reverse tracking scheme for DDoS attack AS_GDPPM is compared with ASPPM,FAST,HAST and AS_PPM, etc. The improved reverse tracking scheme for single packet denial of service attack (PPITI) is compared with PPIT,HIT. The experimental results show that the improved scheme is more convergent than the existing scheme, with lower false alarm rate and more accurate tracking.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2335430
[Abstract]:According to statistics, the total number of Internet users in China reached 710 million in 2016. Among the numerous netizens, a small number of them used people's lack of security awareness and basic awareness of prevention in the Internet to obtain huge profits through various illegal means. DoS attack is one of the main attack methods. Because of its concealment, it is difficult to prevent this kind of attack. The reverse tracing technique for DoS attack is to solve or alleviate this problem. In order to solve the problems such as slow convergence rate, high false alarm rate and low tracking accuracy of the existing reverse tracking techniques. In this paper, the packet marking scheme based on AS and the routing logging algorithm are studied, and the reverse tracking scheme for single packet and distributed denial of service attacks is improved. The main research contents are as follows: 1. Firstly, this paper analyzes the current situation of reverse tracking technology for Do S attacks at home and abroad, and compares the performance and application of different tracking schemes. Then two improved schemes are proposed to solve the problem of reverse tracking based on single package attack and distributed denial of service attack (DDoS). Secondly, a packet marking optimization algorithm based on autonomous system is proposed based on the research of the algorithm based on deterministic packet marking and the improved dynamic probability marking algorithm. An inter-domain tracing scheme and an intra-domain tracing scheme are defined, and different marking schemes are used to process the data information. Among them, the improved deterministic packet marking algorithm is used among the domains, and the improved dynamic probability packet marking algorithm is used in the domain. The convergence, robustness and accuracy of the reverse tracking of the attack source are improved. Thirdly, this paper improves the mechanism of IP packet digest storage in PPIT, and improves the original standard Bloom Filter storage mechanism to double layer Bloom Filter storage mechanism, which effectively reduces the probability of hash collision in the process of inserting and searching summary information. The accuracy of tracking is improved. At the same time, the TTL value of the original scheme is adopted to realize the path confirmation mechanism, which can further ensure the accuracy of the path reconstruction phase. Fourthly, the improved scheme of this paper is compared with the existing scheme by the simulation tool NS2 simulation experiment, in which the improved reverse tracking scheme for DDoS attack AS_GDPPM is compared with ASPPM,FAST,HAST and AS_PPM, etc. The improved reverse tracking scheme for single packet denial of service attack (PPITI) is compared with PPIT,HIT. The experimental results show that the improved scheme is more convergent than the existing scheme, with lower false alarm rate and more accurate tracking.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前8条
1 魏军;连一峰;戴英侠;李闻;鲍旭华;;一种基于路由器矢量边采样的IP追踪技术[J];软件学报;2007年11期
2 朱晓建;刘渊;李秀珍;;基于非重复包标记的IP追踪研究[J];计算机应用;2007年11期
3 荆一楠;屠鹏;王雪平;张根度;;一种基于反向确认的DDoS攻击源追踪模型[J];计算机工程;2007年02期
4 彭艳兵;龚俭;刘卫江;杨望;;Bloom Filter哈希空间的元素还原[J];电子学报;2006年05期
5 曲海鹏;冯登国;苏璞睿;;基于有序标记的IP包追踪方案[J];电子学报;2006年01期
6 闫巧,吴建平,江勇;网络攻击源追踪技术的分类和展望[J];清华大学学报(自然科学版);2005年04期
7 金光,赵杰煜,赵一鸣,王肖虹;自治系统的攻击入口追溯技术研究[J];电子与信息学报;2005年03期
8 李德全,徐一丁,苏璞睿,冯登国;IP追踪中的自适应包标记[J];电子学报;2004年08期
相关博士学位论文 前3条
1 鲁宁;攻击源追踪及攻击流过滤方法研究[D];北京邮电大学;2013年
2 李勇辉;IP网络中基于数据包标记的溯源方法研究[D];北京邮电大学;2011年
3 黄昌来;基于自治系统的DDoS攻击追踪研究[D];复旦大学;2009年
相关硕士学位论文 前3条
1 席晔文;基于双布鲁姆过滤器的数据排重算法及其应用[D];湖南大学;2013年
2 蒋锵;无线自组织网络中基于网络编码的DDoS攻击源追踪方法研究[D];复旦大学;2013年
3 赵会平;面向DDoS攻击的溯源技术研究[D];电子科技大学;2013年
,本文编号:2335430
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2335430.html
