PMS, 분산 서비스 거부 공격에 대한 방어 전략
PMS, a DEFENSIVE APPROACH AGAINST DDOS ATTACK
- 주제(키워드) DDOS , Packet Marking , DDOS Attack & Defence
- 발행기관 아주대학교
- 지도교수 홍만표
- 발행년도 2006
- 학위수여년월 2006. 8
- 학위명 석사
- 학과 및 전공 정보통신전문대학원 정보통신공학과
- 본문언어 영어
초록/요약
Distributed Denial of Service attack is a challenging threat to current internet world. Due to thousands of vulnerable machines connected to internet, hackers need little preparation to launch a highly destructive attack. Attacks can be easily downloaded and launched through these fertilized zombie machines. While defense mechanisms and trace back is highly inefficient due to high number of attack machines. Researchers and commercial organizations are putting all there efforts to deal with the DDoS attack problem but the problem is still unsolved. In this thesis we discussed the DDoS problem in two directions: 1) Cause of problem. 2) Design (architecture and implementation) of defense of DDoS problem which we named PMS that highly prevents the spoofed IP packets to consume legitimate internet bandwidth. In PMS, the packet is marked by the routers which come along the path to the destination. The packets traveling along the same path will have the same marking which will be dynamically changed after certain span of time. PMS can not only defend against the DDoS attack but also it can deal with the TCP hijacking and multicast source spoofing attacks. PMS defense mechanism just needs to identify only one malicious packet to identify the attack. PMS also supports incremental deployment which enhances its effectiveness against the DDoS attack. PMS scheme effectively defend the network from DDoS attack.
more목차
1 Introduction 1
2 Classification of DoS attacks 4
2.1 Data Flood 4
2.2 Network Level Attack 4
2.3 OS Level Attack 5
2.4 Application Level Attack 5
2.5 Buffer Overflow Attack 5
2.6 Protocol exploitation Attack 5
3 Classification by DDoS Attack 6
3.1 Categorization by Level of Computerization 7
3.1.1 Instruction based DDoS Attacks 7
3.1.2 Semi-Preset DDoS Attacks 8
3.1.3 Preset DDoS Attacks 8
3.2 Categorization by DDoS Attack Network 8
3.2.1 Agent Handler Model Attacks 8
3.2.2 IRC-Based Model Attacks 8
3.3 Categorization by Oppressed Vulnerability 9
3.3.1 Flood Attacks 9
3.3.2 Intensification Attack 9
3.3.3 Protocol Exploit Attack 10
3.3.4 Malicious Formed Attacks 10
3.4 Categorization by Influence 10
3.4.1 Disorderly Attack 10
3.4.2 Degrading Attack 10
3.5 Categorization by attack intensity dynamics 11
3.5.1 Continuous Intensity Attack 11
3.5.2 Variable Intensity Attack 11
4 Discussion 12
4.1 DDoS Attack Methods 12
4.1.1 SYN Flood 12
4.1.2 UDP flood 12
4.1.3 ICMP attack 12
4.1.4 Mail Bomb 12
4.1.5 TCP reset 13
4.1.6 CGI request 13
4.2 Limitations 13
4.3 Interface 13
5 DDoS attack tools 16
5.1 Agent-Based Attack Tools 16
5.2 IRC Based Attack Tools 17
6 DDoS Defense Challenges 18
6.1 Distributed Defense Solution 18
Distributed Defense Solution 18
6.2 Intelligent Traffic Management 18
6.3 Deficiency of meticulous attack information 18
6.4 Impenetrability of outsized Testing 18
6.5 Victim filtering 19
6.6 Support incremental deployment 19
7.1 Categorization by Submissive Defense Mechanism 21
7.1.1 Identifying Mechanism 21
7.1.2 Counter Mechanism 22
7.2 Categorization by Counter Defense Mechanism 22
7.2.1 Base end defense 23
7.2.2 Mapping Trace Back 23
7.2.3 Packet Marking Trace Back 23
7.2.4 Protocol-Based Defense 23
7.3 Categorization by Action 23
7.4 Categorization by Defense Deployment Position 24
7.4.1 Basis Network Mechanism 24
7.4.2 Transitional Network Mechanism 25
7.4.3 Destination Network Mechanism 25
8 Contribution of Taxonomy 26
9 PMS Marking Scheme 27
Marking space in IP header 30
Packet marking by router 30
Router stability 30
TTL based Hop?Count Check 30
Marking 31
Effects of Path Stability 32
Limitations 32
10 Filtering Mechanism 33
10.1 Basic Filtering Scheme 33
10.2 Threshold Filtering 33
11 Simulation Environment and Results 34
12 Related Work 38
13 Conclusion 40
14 Reference 41
