雷欽隆臺灣大學：電機工程學研究所段光秦Tuan, Kuang-ChinKuang-ChinTuan2007-11-262018-07-062007-11-262018-07-062004http://ntur.lib.ntu.edu.tw//handle/246246/53076分散式阻絕服務攻擊對於今日的網際網路是一項很大的威脅，由於網際網路本身在傳遞過程中並不會紀錄中間過程的狀態，如果攻擊者想要隱藏本身的位址，對於想要利用接收到的封包來找出這個封包的實際來源而言，是一件很困難的事。為了要明確這些攻擊的責任，每個封包的來源必須被找出來，這一類的問題就叫做 IP 追蹤回溯問題。在本論文中，提出了一個包含TTL 值之驗證版本封包標記方法以及重建攻擊路徑的演算法，這演算法是根據 TTL 值來計算經過的路由數目，進而重建攻擊路徑，找到攻擊來源。本論文的方法改善了Savage 等人所提出的方法，對於分散式阻絕服務攻擊能提供更強的適用性，來找出封包的實際來源。除此之外，本論文的方法使用訊息驗證碼 （MAC）來當作封包的標記，並且將其放入 IP 標頭中的識別欄位。如此一來，提供了對於封包標記本身的驗證，使得攻擊者無法偽冒或更改封包標記，而不被發現。Distributed Denial of Service (DDoS) Attacks are a great threat to today’s Internet. Due to the stateless nature of the Internet, it is difficult to accurately determine the true source of an IP packet if the attacker wishes to conceal it. To institute responsibility for these attacks, the source of individual packets must be identified. This kind of problem is called IP traceback problem. In this paper, a TTL (time-to-live) value including authentication version of marking scheme and an algorithm of reconstruction using TTL-based hop count computation[5] are proposed. The proposed scheme is aim to rebuild the attack path and trace the true source of attack even under DdoS attacks. The proposed scheme improve Savage et al.’s scheme[3] that is vulnerable to DDoS attacks. Furthermore, the proposed scheme uses Message Authentication Code (MAC) as marking and put it in the IP identification field. This provides authentication to the marking of the packet. Nobody can forge or tamper the marking of the packet evading the authentication.LIST OF FIGURES vii CHINESE ABSTRACT viii ENGLISH ABSTRACT ix CHAPTER 1 INTRODUCTION 1 1.1 Motivation 1 1.2 Related Concept 3 1.2.1 IP traceback 3 1.2.2 False Positive and False Negative 4 1.3 Topics to be Studied 5 CHAPTER 2 PRELIMINARIES 7 2.1 Related Research 7 2.2 Edge Sampling IP Marking Scheme 9 2.3 Encoding and Path Reconstruction 11 2.4 Limitation and Challenge of Encoded Edge Fragment Sampling 13 CHAPTER 3 THE PROPOSED SCHEMES 15 3.1 Assumptions 15 3.3 The Marking Procedure 17 3.3.1 The Authenticated Version of Advanced Marking Scheme 18 3.3.2 The TTL Value Including Marking Scheme 19 3.4 The Path Reconstruction Procedure 21 3.4.1 TTL-Based Hop-Count Computation 21 3.4.2 Building IP to Hop-Count Mapping Table 23 3.4.3 The Preliminary Setup 23 3.4.4 The Proposed Reconstruction Algorithm 24 CHAPTER 4 ANALYSIS 27 4.1 Robustness 28 4.2 Security 28 4.2.1 Authentication 28 4.2.2 Security of Time-Released Key 29 4.2.3 Detection of Spoofed IP Packet 30 4.3 Deployment 31 4.4 Expected Packet Number 31 CHAPTER 5 CONCLUSION 33 BIBLIOGRAPHY 35248996 bytesapplication/pdfen-US存活時間封包標記分散式阻絕服務攻擊TTLDDoS attacksIP markingthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/53076/1/ntu-93-P91921003-1.pdf