PMS, 분산 서비스 거부 공격에 대한 방어 전략

DC Field Value Language
dc.contributor.advisor홍만표-
dc.contributor.authorTariq, Usman-
dc.date.accessioned2019-10-21T06:48:29Z-
dc.date.available2019-10-21T06:48:29Z-
dc.date.issued2006-08-
dc.identifier.other1681-
dc.identifier.urihttps://dspace.ajou.ac.kr/handle/2018.oak/16970-
dc.description학위논문(석사)--아주대학교 정보통신전문대학원 :정보통신공학과,2006. 8-
dc.description.tableofcontents1 Introduction 1 2 Classification of DoS attacks 4 2.1 Data Flood 4 2.2 Network Level Attack 4 2.3 OS Level Attack 5 2.4 Application Level Attack 5 2.5 Buffer Overflow Attack 5 2.6 Protocol exploitation Attack 5 3 Classification by DDoS Attack 6 3.1 Categorization by Level of Computerization 7 3.1.1 Instruction based DDoS Attacks 7 3.1.2 Semi-Preset DDoS Attacks 8 3.1.3 Preset DDoS Attacks 8 3.2 Categorization by DDoS Attack Network 8 3.2.1 Agent Handler Model Attacks 8 3.2.2 IRC-Based Model Attacks 8 3.3 Categorization by Oppressed Vulnerability 9 3.3.1 Flood Attacks 9 3.3.2 Intensification Attack 9 3.3.3 Protocol Exploit Attack 10 3.3.4 Malicious Formed Attacks 10 3.4 Categorization by Influence 10 3.4.1 Disorderly Attack 10 3.4.2 Degrading Attack 10 3.5 Categorization by attack intensity dynamics 11 3.5.1 Continuous Intensity Attack 11 3.5.2 Variable Intensity Attack 11 4 Discussion 12 4.1 DDoS Attack Methods 12 4.1.1 SYN Flood 12 4.1.2 UDP flood 12 4.1.3 ICMP attack 12 4.1.4 Mail Bomb 12 4.1.5 TCP reset 13 4.1.6 CGI request 13 4.2 Limitations 13 4.3 Interface 13 5 DDoS attack tools 16 5.1 Agent-Based Attack Tools 16 5.2 IRC Based Attack Tools 17 6 DDoS Defense Challenges 18 6.1 Distributed Defense Solution 18 Distributed Defense Solution 18 6.2 Intelligent Traffic Management 18 6.3 Deficiency of meticulous attack information 18 6.4 Impenetrability of outsized Testing 18 6.5 Victim filtering 19 6.6 Support incremental deployment 19 7.1 Categorization by Submissive Defense Mechanism 21 7.1.1 Identifying Mechanism 21 7.1.2 Counter Mechanism 22 7.2 Categorization by Counter Defense Mechanism 22 7.2.1 Base end defense 23 7.2.2 Mapping Trace Back 23 7.2.3 Packet Marking Trace Back 23 7.2.4 Protocol-Based Defense 23 7.3 Categorization by Action 23 7.4 Categorization by Defense Deployment Position 24 7.4.1 Basis Network Mechanism 24 7.4.2 Transitional Network Mechanism 25 7.4.3 Destination Network Mechanism 25 8 Contribution of Taxonomy 26 9 PMS Marking Scheme 27 Marking space in IP header 30 Packet marking by router 30 Router stability 30 TTL based Hop?Count Check 30 Marking 31 Effects of Path Stability 32 Limitations 32 10 Filtering Mechanism 33 10.1 Basic Filtering Scheme 33 10.2 Threshold Filtering 33 11 Simulation Environment and Results 34 12 Related Work 38 13 Conclusion 40 14 Reference 41-
dc.language.isoeng-
dc.publisherThe Graduate School, Ajou University-
dc.rights아주대학교 논문은 저작권에 의해 보호받습니다.-
dc.titlePMS, 분산 서비스 거부 공격에 대한 방어 전략-
dc.title.alternativeUsman Tariq-
dc.typeThesis-
dc.contributor.affiliation아주대학교 정보통신전문대학원-
dc.contributor.alternativeNameUsman Tariq-
dc.contributor.department정보통신전문대학원 정보통신공학과-
dc.date.awarded2006. 8-
dc.description.degreeMaster-
dc.identifier.localId565390-
dc.identifier.urlhttp://dcoll.ajou.ac.kr:9080/dcollection/jsp/common/DcLoOrgPer.jsp?sItemId=000000001681-
dc.subject.keywordDDOS-
dc.subject.keywordPacket Marking-
dc.subject.keywordDDOS Attack & Defence-
dc.description.alternativeAbstractDistributed Denial of Service attack is a challenging threat to current internet world. Due to thousands of vulnerable machines connected to internet, hackers need little preparation to launch a highly destructive attack. Attacks can be easily downloaded and launched through these fertilized zombie machines. While defense mechanisms and trace back is highly inefficient due to high number of attack machines. Researchers and commercial organizations are putting all there efforts to deal with the DDoS attack problem but the problem is still unsolved. In this thesis we discussed the DDoS problem in two directions: 1) Cause of problem. 2) Design (architecture and implementation) of defense of DDoS problem which we named PMS that highly prevents the spoofed IP packets to consume legitimate internet bandwidth. In PMS, the packet is marked by the routers which come along the path to the destination. The packets traveling along the same path will have the same marking which will be dynamically changed after certain span of time. PMS can not only defend against the DDoS attack but also it can deal with the TCP hijacking and multicast source spoofing attacks. PMS defense mechanism just needs to identify only one malicious packet to identify the attack. PMS also supports incremental deployment which enhances its effectiveness against the DDoS attack. PMS scheme effectively defend the network from DDoS attack.-
Appears in Collections:
Special Graduate Schools > Graduate School of Information and Communication Technology > Department of Information and Communication > 3. Theses(Master)
Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse