능력 토큰을 이용한 SYN 범람 공격 방어 프레임워크
A Framework to Defend SYN Flooding Attack by Using Capability-Token of Client
- 발행기관 亞洲大學校 情報通信專門大學院
- 지도교수 劉昇和, 金東圭
- 발행년도 2005
- 학위수여년월 2005. 8
- 학위명 석사
- 학과 및 전공 정보통신전문대학원 정보통신공학과
- 본문언어 한국어
초록/요약
Nowadays, Internet infrastructure has quickly grown up. Additionally, DDoS attacks have been serious threat on Internet infrastructure ever since Internet was established. These attacks block and limit legitimate user’s access links against the intended services. The methods of these attacks are consuming the network resources or remote victim’s resources by flooding packets on the network. A characteristic of DDoS attacks is that the flooded attack packets are source IP spoofed packets. Attacker even can manipulate all the fields of IP header. Consequently by using IP spoofing technique, attackers can flood spoofed IP packets on Internet that consume limited Internet resources. It is hard to filer these attack packets because it is also hard to identify normal packets and attacks packets. The SYN flooding attacks disturb TCP / IP 3-way handshaking between normal user and victim host. SYN flooding attacks use weakness of TCP/IP protocol. These attacks are easy to implement and efficient to disturb services between normal users and victim hosts. In this paper, we proposed framework to cope with flooding based DDoS attacks. In our method, the victims can survive from DDoS flooding based attacks.
more목차
목차
제1장 서론 = 1
제2장 관련 연구 = 3
제1절 피해호스트 기반 필터링 방법 = 4
제1항 PI(Path identification) = 4
제2항 Hop-count Filtering = 6
제3항 Puzzle Auction = 7
제4항 SYN Cookie = 10
제2절 라우터 기반 패킷 필터링 = 12
제1항 Ingress Filtering = 12
제2항 Pushback = 13
제3항 SIFF(a Stateless Internet Flow Filter) = 15
제3장 제안하는 방법 = 19
제1절 디자인 = 22
제2절 해쉬 함수의 입력 변수 = 22
제4장 제안된 방법의 분석 = 23
제1절 고려사항 = 24
제5장 결론 = 26
