分散式阻絕服務攻擊之防禦 - 基於知識庫模型的偵測與過濾方法

Abstract

隨著網際網路的快速發展與複雜度增高，安全性問題已經變成一個非常重要的議題之一。在這樣的安全性議題下，分散式阻絕服務攻擊已儼然形成一個極具殺傷力的攻擊，但是這樣的攻擊至今卻還沒有一個完整的防禦方法。在傳統上，網路管理者使用偵測與過濾的方來解決分散式阻絕服務攻擊的問題，在遭受攻擊時試圖以人工的方式來偵測並過濾封包以減輕傷害；然而在偵測到攻擊後卻只有極少數的網路管理者擁有相關的專業知識來處理過濾封包的問題。因此，我們提出了一個利用知識庫模型的防禦方法來解決分散式阻絕服務的攻擊。在這個模型裡，我們首先使用進入控制管理模組從平常的網路訊息中取得如黑名單與白名單的前置知識，然後當攻擊來臨時使用這些前置知識來當作我們的過濾策略。最後我們使用柏克萊大學所發展的網路模擬器提出一個模擬測試來對我們的防禦系統作評價，而最後的評價結果顯示出當分散式阻絕攻擊產生時，我們可以保護大部分的經常使用者繼續使用服務。

With the rapid development of Internet, the Internet is becoming more and more complicated. The security is one of the most important issues today in Internet. Under the issues of security, distributed denial of service attack is a critical problem and has not been solved completely yet. To solve this problem, the administrators traditionally use the detecting and filtering approach to mitigate the damage caused by distributed DoS attacks. However, only few administrators have the expertise to filter out garbage traffic even if the occurrence of distributed DoS attacks are detected. Therefore, a knowledge-based model is proposed to defend distributed DoS attacks. In this model, the prior knowledge such as access control information is acquired from the ordinary network information by our proposed access control information maintenance module firstly. These access control information are then used to be the filtering policy of the defending system when the attack traffic is coming. The simulation study using Berkeley Network Simulator is also proposed to evaluate our defending system. Finally, the evaluation study shows that most of the frequent users can be protected in the defending system.