Please use this identifier to cite or link to this item:
標題: DDoS攻擊與SYN Flood偵測之研究
A Study of DDoS and Detection of SYN Flood
作者: 彭志翔
Peng, Chih-Hsiang
關鍵字: 分散式阻斷服務攻擊
feature selection
centroid-based classification
出版社: 資訊管理學系所
引用: [1] Kotikalapudi, R. and Sriram, C., "Associating Internet Usage with Depressive Behavior Among College Students", IEEE Technology and Society Magazine, 2012, vol.31, pp.73-80 [2] Joerg, K., Andrea and G. K., "Consumer acceptance of the mobile Internet", MARKETING LETTERS, 2012, vol. 23, pp. 917-928 [3] Feily, M., "A Survey of Botnet and Botnet Detection", Third Internaiotnal Conference On Emerging Security Information, Systems and Technologies, 2009, pp. 268-273 [4] Baker, W.H., "Is Information Security Under Control?: Investigating Quality in Information Security Management", Security & Privacy, 2007, vol.5, pp. 36-44 [5] Hwang, S.Y. and Lee,C.H., "Reliable Web service selection in choreographed environments", Decision Support Systems, 2013, vol.54, pp. 4796-1476 [6] Plohmann, D. and Elmar, G. P., "Case Study of the Miner Botnet", International Conference on Cyber Conflict, 2012, pp. 1-16 [7] Sun, W., "The Botnet Defense and Control", 2011 International Conference on Information Technology, Computer Engineering and Management Sciences, 2011, vol.4, pp. 339-342 [8] Zang, L., "A Survey on Latest Botnet Attack and Defense", 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, 2011, pp. 53-60 [9] Zargar, S., "A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks", Communications Surveys & Tutorials, pp. 1-24 [10] Ma, X. and Guan, X.,"A Novel IRC Botnet Detection Method Based on Packet Size Sequence", 2010 IEEE International Conference on Communications, 2010, pp. 1-5 [11] Wang, Z. and Li, F., "The Research of Detecting IRC Botnet Based on K- means Algorithms", 2010 Second International Conference on Communication Systems, Networks and Applications, 2010, vol. 1, pp. 208-210 [12] Wang, Z., "The Detection of IRC Botnet Based on Abnormal Behavior", 2010 Second International Conference on Multimedia and Information Technology, 2010, vol.2, pp. 146-149 [13] Mazzariello, C., "IRC Traffic Analysis for Botnet Detection", Fourth International Conference on Information Assurance and Security, 2008, pp. 318-323 [14] Wang, Y., Jin, Z. and Zhang, W., "Analysis of Botnet Attack and Defense Technology", 2011 International Conference on Computer Science and Service System, 2011, pp. 3021-3023 [15] Zhu, Z., Lu, G., Chen, Y., Roberts, P. and Han, K., "Botnet Research Survey", 32nd Annual IEEE International Conference on Computer Software and Applications, 2008, pp. 967-972 [16] Dittrich, D., "P2P as botnet command and control: A deeper insight", 3rd International Conference on Malicious and Unwanted Software, 2008, pp. 41-48 [17] Wei, W., Chen, F., Xia, Y. and Jin, G., "A Rank Correlation Based Detection against Distributed Reflection DoS Attacks", Communications Letters, 2013, vol.17, pp. 173-175 [18] Zhang, C. W., Cai, C. P., Chen, W. F., Luo, X. and Yin, J., "Flow level detection and filtering of low-rate DDoS", COMPUTER NETWORKS, 2012, vol.56, pp. 3417-3431 [19] Yu, S., Zhou, W., Doss, R. amd Jia, W., "Traceback of DDoS Attacks Using Entropy Variations", IEEE Transactions on Parallel and Distributed Systems, 2011, vol. 22, pp. 412-425 [20] Haris, S.H.C., "TCP SYN flood detection based on payload analysis", IEEE Student Conference on Research and Development, 2010, pp. 149-153 [21] Lau, F., Rubin, S. H., Smith, M. H. and Trajkovic, L., "Distributed denial of service attacks", 2000 IEEE International Conference on Systems, Man, and Cybernetics, 2000, vol. 3, pp. 2275-2280 [22] Dhinakaran, C. and Lee, J. K., "An Empirical Study of Spam and Spam Vulnerable email Accounts", Future Generation Communication and Networking, 2007, vol. 1, pp. 408-413 [23] Xia, H., Fu, Y., Zhou, J. and Xia, Q., "Intelligent spam filtering for massive short message stream", The International Journal for Computation and Mathematics in Electrical and Electronic Engineering, 2013, vol. 32, pp. 586-596 [24] Rahmani, H., Sahli, N. and Kamoun, F., "DDoS flooding attack detection scheme based on F-divergence", Computer Communications, vol.35, pp. 1380-1391 [25] Casas, P., Mazel, J. and Owezarski, P., "Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge", Computer Communications, 2012, vol.35, pp. 772-783 [26] Li, M. H. and Li, M., "An Adaptive Approach for Defending against DDoS Attacks", MATHEMATICAL PROBLEMS IN ENGINEERING, 2010, vol. 2010, pp. 1-15 [27] Stevanovic, D., Vlajic, N. and An, A. J., "Detection of malicious and non-malicious website visitors using unsupervised neural network learning", APPLIED SOFT COMPUTING, vol. 13, pp. 698-708 [28] Modi, C., Patel, D., Borisaniya, B., Patel, H., Pater, A. and Rajarajan, M., "A survey of intrusion detection techniques in Cloud", Journal of Network and Computer Applications, 2013, vol.36, pp.42-57 [29] Zaman, S. and Karray, F., "Lightweight IDS Based on Features Selection and IDS Classification Scheme", International Conference on Computational Science and Engineering, 2009, vol. 3, pp. 365-370 [30] Antonio, A., Aznarteb, J. L., and Bemitezc, J. M., “Empirical study of feature selection methods based on individual feature evaluation for classification problems”, Expert Systems with Applications, 2010, Vol.38, pp.8170-8177. [31] Guyon, I., and Elisseeff, A., “An introduction to variable and feature selection”, The Journal of Machine Learning Research, 2003, Vol.3, pp.1157-1182. [32] Sachdeva, M., Singh, G., Kmar, K., and Singh, K, “DDoS Incidents and their Impact: A Review”, The Inrernation Arab Journal of Information Technology, 2010, Vol.7, pp.14-21.. [33] Pachghare, V. K., Kulkarni, P., and Nikam, D. M, “Intrusion Detection System Using Self Organising Maps”, International Conference on Intelligent Agent and Multi-Agent Systems, 2006, pp.22-24. [34] Sangkatsanee, P., Wattanapongsakorn, N., and Charnsripinyo, C., “Practical real-time intrusion detection using machine learning approaches”, Computer Communications, 2011, Vol.34, pp.2227-2235. [35] Su, M. Y., “Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers”, Expert Systems with Applications, 2011, Vol.38, pp.3492-349. [36] Kim. M., Na, H., Chae, K. Bang, H., and Na, J., “A Combined Data Mining Approach for DDoS Attack Detection”, Information Networking , 2004, Vol.3090, pp.943-950. [37] Wuu, L. C., “A practice of the intrusion prevention system”, IEEE Region 10 Conference, 2007, pp.1-4. [38] Ohsita, Y., Ata, S. and Murata, M., "Deployable Overlay Network for Defense against Distributed SYN Flood Attacks", 14th International Conference on Computer Communications and Networks, 2005, pp. 407-412 [39] Lee, K., Kim, J., Han, Y. and Kim, S., "DDoS attack detection method using cluster analysis", Expert Systems with Applications, 2008, Vol.34, pp. 1659-1665 [40] Xiao, B., "An active detecting method against SYN flooding attack", 11th International Conference on Parallel and Distributed Systems, 2005, Vol. 5, pp. 709-715 [41] Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A. and Rajarajan, M., "A survey of intrusion detection techniques in Cloud", Journal of Network and Computer Applications, 2013, Vol.36, pp. 45-57 [42] Liao, H. J., Lin, C. R., Lin, Y. C. and Tung, K. Y., "Intrusion detection system: A comprehensive review", Journal of Network and Computer Applications, 2013, Vol. 36, pp. 16-24 [43] Tsai, C. H. and Lin, C. Y., "A triangle area based nearest neighbors approach to intrusion detection", Pattern Recognition, 2009, vol. 43, pp. 222-229 [44] Li, Y., Guo, L., Tian, Z. H. and Lu, T. B., "A lightweight web server anomaly detection method based on transductive scheme and genetic algorithms", Computer Communications, 2008, vol. 31, pp. 4018-4025 [45] Tjhai G. C., Furnell S. M., Papadaki, M. and Glarke, N. L., "A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm", Computers & Security, 2010, Vol.29, pp. 712-723 [46] Law, K. H. and Kwok, L. F., "IDS False Alarm Filtering Using KNN Classifier", Information Security Applications, 2005, Vol. 3325, pp. 114-121 [47] Kim, M., Na, H., Chae, K., Bang, H. and Na, J., "A Combined Data Mining Approach for DDoS Attack Detection", Information Networking. Networking Technologies for Broadband and Mobile Networks, 2004, Vol.3090, pp. 943-950
摘要: 然網路帶來許多便利性,但也潛藏著許多攻擊。隨著殭屍網路的發展,這些攻擊的規模也持續成長中。分散式阻斷服務攻擊是殭屍網路造成的攻擊之一,而在眾多的分散式阻斷服務攻擊中,SYN flood 較為普遍而且也嚴重造成可用性的大大降低。為了提升資訊安全,入侵偵測系統被提出來作為偵測攻擊的工具,而一個完善的入侵偵測系統則包含了特徵選取和偵測等部分。此研究的目的在於提出一個可以偵測SYN flood 的架構,首先對殭屍網路的現況作描述,接下來六個特徵值被選取當作偵測SYN flood 特徵值,並使用相關分析對每個特徵值作分析。最後,一個可以偵測SYN flood 的架構被提出,這個架構使用植基於質心的分類器來對封包資料作分群。此架構整體而言有高的效能,擁有97.6% 的偵測率,97.2%的準確率和2.3% 的誤判率。
With the rapid growth of technology, Internet has become a tool that can solve many problems in life. Although the usage of Internet is practical and it can also enhance overall efficiency, it exists several kinds of attacks in Internet. Distributed denial of service is one of the attacks that are caused by botnet. In several kinds of Distributed denial of service, SYN flood happens more often and reduces availability. To enhance information security, intrusion detection system is proposed to detect attacks from Internet. In a complete intrusion detection system, feature selection and detection are two topics that will influence overall performance. The goal of this study is to propose a framework that can detect SYN flood effectively. To design a complete framework, the information of current botnet is needed, which includes the architecture of botnet, attacks, the methodology of detecting botnet and the technique. Before designing an intrusion detection system, feature selection is needed, and it is completed in a statistic method called correlation analysis. Finally, a framework that is used to detect SYN flood is proposed, which centroid-based classification is applied in detection phase. With the proposed framework, it can detect SYN flood with high performance, which the detection rate is 97.6 percent, the accuracy rate is 97.2 percent and the false alarm rate is 2.3 percent.
其他識別: U0005-2406201315350700
Appears in Collections:資訊管理學系



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.