Dissertation > Excellent graduate degree dissertation topics show

Research on Attack Source Traceback in Distributed Denial-of-Service Attacks

Author: JingYiZuo
Tutor: ZhangGenDu
School: Fudan University
Course: Applied Computer Technology
Keywords: Internet security distributed denial-of-service attacks attack source traceback IP traceback probabilistic packet marking rate limit incremental deployment cooperative defense
CLC: TP393.08
Type: PhD thesis
Year: 2006
Downloads: 597
Quote: 11
Read: Download Dissertation

Abstract


Distributed denial-of-service (DDoS) attack is one of the major threats to the current Internet. Existing traditional countermeasures, such as firewalls and intrusion detection systems, can not do very well only by passive defense policy. The distributed nature of DDoS attack problem desiderates a distributed defense solution. Attack source traceback is a new defense technique to indentify the sources of DDoS attacks. It is an important step of distributed defense for DDoS attacks, and a key technique of network forensics technology.The research of this dissertation focuses on the source traceback in DDoS attacks. Through taxonomy of DDoS attacks and defense mechanisms, this dissertation analyzes the principle of the DDoS attack, points out the important role which the traceback technique plays in DDoS attack defense, and analyzes the challenges which the traceback research is facing. After presenting the definition and the state of the art of the traceback problem, the main research of this dissertation focuses on following three problems: traceback speed, security and deployment of the traceback system, and application of the traceback technique. The main contributions of this dissertation are as follows.1. Improvement on the traceback speed.In order to improve the traceback speed, three new traceback algorithms are proposed one after the other, including "adaptive edge marking scheme (AEMS)", "log-assisted probabilistic packet marking scheme (LAPPM)", and "logless fast IP traceback (LFIT)" algorithm. Theoretical analysis and simulation results have shown that these three algorithms could speed up attack source traceback to different extent.(1) A Reverse-Validation Based IP Traceback SchemeOn the basis of analysis about one of the traditional probabilistic packet marking (PPM) schemes - advanced marking scheme (AMS), a reverse-validation IP traceback scheme, which no longer requires the too strong assumption of AMS, is proposed. And in order to improve other adaptive algorithms, AEMS is proposed. Theoreticanalysis and simulation results have shown it can converge more quickly and stably than AMS.(2) Log-Assisted Probabilistic Packet Marking AlgorithmFurther research shows that low marking packet utilization is the main reason for no further improvement of traceback speed. In order to traceback attackers as quickly as possible, the LAPPM algorithm is proposed. This algorithm has two distinct advantages, namely less convergence time than previous PPM schemes and much less log overhead than other log-based schemes.(3) Logless Fast IP Traceback AlgorithmIn order to avoid the extra bandwidth occupied by log transmission in LAPPM, a logless traceback algorithm (LFIT) is proposed. This algorithm not only has the comparative traceback speed with LAPPM, but also leverages the in-band channel to implement marking information collection. In addition, the algorithm uses the flow mark to transform the traditional packet traceback into flow traceback.2. Security and deployment of the traceback system.Security and deployment issues are the obstacles of practical application and further development of traceback techniques. In order to solve these two problems in end-host traceback schemes, a hierarchical IP traceback system (HITS) is proposed. On the one hand, through changing the traceback subject and utilizing a service-consumer profit driven mode, all participants of the traceback process could benefit from the deployment of traceback system. This design constructs an incentive mechanism for the deployment of traceback system. On the other hand, an integrate security solution, which includes security of the traceback system, authentication of traceback requests and results, and authentication of traceback information (marking information), is proposed to ensure the traceback results educed by HITS are more credible and authoritative. The flexible security and deployment mechanisms of HITS provide a cooperative platform for traceback across different domains.3. Applicaton of the traceback technique.With the development of traceback technique, more and more studies about traceback application will be conducted. In this dissertation an IP traceback-based rate limit algorithm is proposed. It leverages the traceback technique not only to mitigate the DDoS attack effect as close to attack source as possible, but also to improve the throughput of legitimate traffic under various types of attacks.In addition, an overlay-based distributed rate limit framework (O~2-DN) isproposed to improve the current rate limit measures. This defense framework could not only ensure the security of rate limit, but also construct a cooperative environment for distributed rate limit across several domains.

Related Dissertations

  1. Implementation and Research of Illegal Websites Detection System Based on Comparison Methods,TP393.08
  2. The Research of Attack Source Traceback in Distributed Denial-of-Service Attacks Based on VoIP,TP393.08
  3. Application Research of Intrusion Prevention System in the Field of Education Network,TP393.08
  4. Design and Implementation of Credit Management System for Rural Credit Cooperatives,TP311.52
  5. Reliability Calculation and Risk Assessment for Salt-rock Gas Storage Caverns during Operation Time,TE122.2
  6. IP Traceback Technology and Its Application to Defense of DDoS Attack,TP393.08
  7. Research on Countermeasures to Denial of Service Attack and IP Traceback Scheme,TP393.08
  8. The Plan, Design and Construction of Digital Campus,TP393.18
  9. Research on Probabilistic Packet Marking Based Intrusion Traceback Technology,TP393.08
  10. Telecom operators IP Internet Security Services Research,TP393.08
  11. Bifurcation of A Predator-prey System with A Nonlinear Incidence Rate,O175
  12. Dynamic - static combination of probabilistic packet marking technology,TP393.08
  13. The Research and Implementation of Captcha Recognition System,TP391.41
  14. Network Security Design and Implementation of TCT Corporation,TP393.08
  15. Research and Implementation of Probability Packet Marking Based IP Traceback,TP393.08
  16. P2P Botnet Detection in Small and Medium LAN,TP393.1
  17. The Research on How to Locate Attack Source for Computer Forensics,D918.2
  18. Research on IP Traceback Technology Based on DDoS Attack,TP393.08
  19. The Design and Realization of Embedded Application System Security System,TP393.08
  20. On Our Internet Securities Trading and Perfection of It’s Legal System,D922.287
  21. Design and Research of Security Event Analysis Platform Based on Data Mining Technoledge,TP311.52

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile