Title page for 88522029


[Back to Results | New Search]

Student Number 88522029
Author Ming-Shu Peng(彭銘樹)
Author's Email Address No Public.
Statistics This thesis had been viewed 1508 times. Download 11 times.
Department Computer Science and Information Engineering
Year 2000
Semester 2
Degree Master
Type of Document Master's Thesis
Language zh-TW.Big5 Chinese
Title Mobile Agent-Based Network Cooperated Defense Systems
Date of Defense 2001-07-20
Page Count 62
Keyword
  • cooperated defense
  • DDoS
  • DoS
  • mobile agent
  • SYN flooding
  • traffic pattern
  • Abstract When under the Denial of Service(DoS) attacking, the enterprises' mission-critical systems often only provide low service rate to the user or even stop the service. Since the DoS threaten seems will never disappear, this paper proposed a mobile agent-based network cooperated defense systems to reduce the injuries that network server is suffering, and increase the amount of users can successfully access the service.
    The server will gain more defense ability from multiple cooperated network node via collecting the TCP connection request traffic and treated it as the traffic pattern of that network node. When the traffic against the safe, the system will issue a command to network node to restrict the SYN packet forwarding. If the judgment is true, then the injury of the server is reduced. Compared with the case without cooperated network node's defense, the successful accessing users come from other network node is increased; if the huge amount of SYN traffic are from legitimate users, it will cause packet retransmit and have longer establishment time, or just timeout. Because the server is not under attacking, so if the user number is not so much, after some other retries the connection will be setup. If the attacking traffic is small, then it will not be treated as attacks and will harm the server, but since the attacking traffic is not much, so the server should have the ability to provide service continually.
    The system is implemented with mobile agent technology, so codes are dispatched from management system side to network node side, so the systems management is with more flexible. This paper also proposed the mobile agent-based monitoring agent, server agent and commander agent to let the system can operate agilely as in reality world. At present phase, the system has already implemented monitoring agent, and do some experimental tests to verify its function.
    Table of Content 目錄
    第 1 章 緒論1
    1.1 網路安全1
    1.2 研究目標2
    1.3 論文架構3
    第 2 章 相關研究4
    2.1 DoS/DDoS攻擊4
    2.1.1 TCP/IP的缺陷4
    2.1.2 DoS攻擊種類6
    2.1.3 DDoS網路攻擊7
    2.2 DoS/DDoS攻擊之防禦策略9
    2.2.1 網站伺服器防禦措施9
    2.2.2 訊務削減10
    2.2.3 防火牆防禦阻絕服務功能11
    2.2.4 安全的網路環境14
    2.2.5 存活觀念16
    2.3 移動式代理人(Mobile agent)簡介17
    2.3.1 Mobile agent之優點18
    2.3.2 Mobile agent之系統運作圖19
    2.3.3 Mobile agent應用與發展20
    2.3.4 Mobile agent 系統介紹21
    第 3 章 應用移動式代理人網路協同防衛系統之設計及實作24
    3.1 功能需求與網路環境之假設24
    3.2 伺服器代理人之設計26
    3.3 監測代理人之設計29
    3.4 指揮代理人之設計34
    3.5 系統防禦能力42
    3.6 系統實作環境45
    第 4 章 系統實測48
    4.1 系統測試環境48
    4.2 系統實測結果52
    4.2.1 實測案例列表52
    4.2.2 案例1: 所有使用者正常存取效能紀錄53
    4.2.3 案例2: 出現阻絕服務攻擊者,但未採取防禦措施之效能紀錄53
    4.2.4 案例3: 採取協同防禦措施之效能紀錄54
    4.2.5 案例4: 出現阻絕服務攻擊者,但未採取防禦措施之效能紀錄55
    4.2.6 案例5: 防禦以嚴密網路節點訊務樣式為依據之效能紀錄56
    4.3 系統測試結論57
    第 5 章 結論及未來發展之方向58
    Reference [1]CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks, http://www.cert.org/advisories/CA-1996-21.html
    [2]CERT Advisory CA-1996-26 Denial-of-Service Attack via ping, http://www.cert.org/advisories/CA-1996-26.html
    [3]CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack, http://www.cert.org/advisories/CA-1996-01.html
    [4]CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks, http://www.cert.org/advisories/CA-1998-01.html
    [5]DDoS attack tool timeline, http://staff.washington.edu/dittrich/talks/sec2000/ timeline.html
    [6]A.S. Tanenbaum, Computer Networks, Prentice-Hall International, Inc, pp 413-416, pp 524-536, 1996.
    [7]CERT Incident Note IN-99-07, http://www.cert.org/incident_notes/ IN-99-07.html
    [8]CERT Incident Note IN-2000-05, http://www.cert.org/incident_notes/ IN-2000-05.html
    [9]S.-L. Wu and L.-D. Chou, "Simulations for solutions of TCP SYN flooding attacks," Proceedings of the Eighth National Conference on Information Security, Kaoshong, Taiwan, R.O.C., pp. 71-79, May 1998.
    [10]L.-D. Chou and S.-J. Fong, "Preventive strategies to reduce the effect of TCP SYN flooding attack," Proceedings of the 2nd Conference on Information Management and Its Application in Law Enforcement, Taoyuan, Taiwan, R.O.C., pp. 91-96, May 1997.
    [11]L.-D. Chou and S.-L. Wu, "Precautionary measures against TCP SYN flooding attacks," Proceedings of IFIP WCC 2000-World Computer Congress: The 15th International Conference on Information Security, Beijing, China, Aug. 2000.
    [12]Policing and Shaping Overview, http://www.cisco.com/univercd/cc/td/doc /product /software/ios120/12cgcr/qos_c/qcpart4/index.htm.
    [13]呂維毅, ATM網路新世紀 實務進階篇, 和碩科技, pp. 26-40, Aug. 1996.
    [14]N.A. Noureldien and I.M. Osman, "A stateful inspection module architecture," TENCON 2000. Proceedings, Vol. 2, pp 259-265, 24-27 Sept. 2000.
    [15]CheckPoint FireWall-1 Technical Overview, http://www.checkpoint.com/ products/firewall-1/.
    [16]X. Geng and A.B. Whinston, "Defeating distributed denial of service attacks, " IT Professional, pp 36-42, July-Aug. 2000.
    [17]S.-K. Huang, "防止攻擊跳板主機的安全管理策略," 2000 年第二屆網際空間:資訊、法律與社會, Dec 2000, pp. 121-127.
    [18]The NetBSD Packages Collection: security/ddos-scan, http://www.jp.netbsd.org/ ja/JP/Documentation/Packages/list/security/ddos-scan/README.html
    [19]18 February, 2000 Detect DDoS Components, http://www2.axent.com/ swat/index.cfm
    [20]D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," RFC 2827, http://www.ietf.org/rfc/ rfc2827.txt, May 2000.
    [21]H.F. Lipson and D.A. Fisher, "A New Technical and Business Perspective on Security," Proceedings of the 1999 New Security Paradigms Workshop, Caledon Hills, Ontario, Canada, September 22-24, 1999.
    [22]P. Bellavista, A. Corradi and C. Stefanelli, "An integrated management environment for network resources and services," IEEE Journal on Selected Areas in Communications, Vol. 188, No. 5, pp 676-685, May 2000.
    [23]M.G. Ceruti, "Mobile agents in network-centric warfare", Proceedings of 5th International Symposium on Autonomous Decentralized Systems, pp. 243-246, 26-28 Mar. 2001.
    [24]P. Marques, P. Simoes, L. Silva, F. Boavida and J. Silva, "Providing applications with mobile agent technology," Open Architectures and Network Programming Proceedings, pp 129-136, 2001 IEEE, 2001.
    [25]P. Bellavista, A. Corradi and C. Stefanelli, "CORBA solutions for interoperability in mobile agent environments," Proceedings of the International Symposium on Distributed Objects and Applications, DOA '00., pp 283-292, 21-23 Sept. 2000.
    [26]GMD FOKUS, and IBM Corp, Mobile Agent Facility Specification, Joint Submission supported by Crystaliz Inc., General Magic Inc., the Open Group, OMG TC Document orbos/98-03-09, ftp://ftp.omg.org/pub/docs/orbos/98-03-09.pdf.
    [27]H. Reiser and G. Vogt, "Threat analysis and security architecture of mobile agent based management systems," Proceedings of Network Operations and Management Symposium, pp. 979-980, 10-14 Apr. 2000.
    [28]F. Hohl, "A framework to protect mobile agents by using reference states," Proceedings of 20th International Conference on Distributed Computing Systems, 2000, pp. 410 - 417, 10-13 Apr. 2000.
    [29]J.-H. Wang, J.-P. Hu and K. Hu, "Security design of mobile agent system," Proceedings of Workshop on Database and Expert Systems Applications, pp. 426 - 430, 4-8 Sept. 2000.
    [30]J.-Y. Park, D.-I. Lee and H.-H. Lee, "Data protection in mobile agents; one-time key based approach", Proceedings of 5th International Symposium on Autonomous Decentralized Systems, pp. 411-418, 26-28 Mar. 2001.
    [31]D'Agents Software Release 2.0, http://agent.cs.dartmouth.edu/software /agent2.0/
    [32]The TACOMA project, http://www.tacoma.cs.uit.no/
    [33]Voyager overview, http://www.objectspace.com/products/voyager/
    [34]Concordia Technology - At a Glance, http://www.concordiaagents.com /documents.htm
    [35]Grasshopper-The Agent Platform, http://www.grasshopper.de/
    [36]Y.-W. Chen, K.-S. Hsiang and T.-Y. Hsieng, "Study on the Prevention of SYN Flooding by Using Traffic Policing," Proceedings of Network Operations and Management Symposium, Hawaii, pp. 593-604, April, 2000.
    [37]R. Caceres, N. Duffield, A. Feldmann, J.D. Friedmann, A. Greenberg, R. Greer, T. Johnson, C.R. Kalmanek, B. Krishnamurthy, D. Lavelle, P.P. Mishra, J. Rexford, K.K. Ramakrishnan, F.D. True and J.E. van der Merwe, "Measurement and analysis of IP network usage and behavior," IEEE Communications Magazine, Vol. 38, No. 5, pp 141-151, May 2000.
    [38]WinPcap: the Free Packet Capture Architecture for Windows, http://netgroup -serv.polito.it/winpcap
    [39]WinDump: tcpdump for Windows, http://netgroup-serv.polito.it/windump/
    [40]Cabletron Systems, SSR8 CLI Reference Manual.
    [41]IBM Aglets Software Development Kit, http://www.trl.ibm.com/aglets.
    Advisor
  • Li-Der Chou(周立德)
  • Files
  • 88522029.pdf
  • disapprove authorization
    Date of Submission 2001-07-20

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have dissertation-related questions, please contact with the NCU library extension service section.
    Our service phone is (03)422-7151 Ext. 57407,E-mail is also welcomed.