Lau Nga Sin. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2004. / Includes bibliographical references (leaves 101-110). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Research Motivation --- p.2 / Chapter 1.2 --- Problem Statement --- p.3 / Chapter 1.3 --- Research Objectives --- p.4 / Chapter 1.4 --- Structure of the Thesis --- p.6 / Chapter 2 --- Background Study on DDoS Attacks --- p.8 / Chapter 2.1 --- Distributed Denial of Service Attacks --- p.8 / Chapter 2.1.1 --- DDoS Attack Architecture --- p.9 / Chapter 2.1.2 --- DDoS Attack Taxonomy --- p.11 / Chapter 2.1.3 --- DDoS Tools --- p.19 / Chapter 2.1.4 --- DDoS Detection --- p.21 / Chapter 2.2 --- DDoS Countermeasure: Attack Source Traceback --- p.23 / Chapter 2.2.1 --- Link Testing --- p.23 / Chapter 2.2.2 --- Logging --- p.24 / Chapter 2.2.3 --- ICMP-based traceback --- p.26 / Chapter 2.2.4 --- Packet marking --- p.28 / Chapter 2.2.5 --- Comparison of various IP Traceback Schemes --- p.31 / Chapter 2.3 --- DDoS Countermeasure: Packet Filtering --- p.33 / Chapter 2.3.1 --- Ingress Filtering --- p.33 / Chapter 2.3.2 --- Egress Filtering --- p.34 / Chapter 2.3.3 --- Route-based Packet Filtering --- p.35 / Chapter 2.3.4 --- IP Traceback-based Packet Filtering --- p.36 / Chapter 2.3.5 --- Router-based Pushback --- p.37 / Chapter 3 --- Domain-based IP Traceback Scheme --- p.40 / Chapter 3.1 --- Overview of our IP Traceback Scheme --- p.41 / Chapter 3.2 --- Assumptions --- p.44 / Chapter 3.3 --- Proposed Packet Marking Scheme --- p.45 / Chapter 3.3.1 --- IP Markings with Edge Sampling --- p.46 / Chapter 3.3.2 --- Domain-based Design Motivation --- p.48 / Chapter 3.3.3 --- Mathematical Principle --- p.49 / Chapter 3.3.4 --- Marking Mechanism --- p.51 / Chapter 3.3.5 --- Storage Space of the Marking Fields --- p.56 / Chapter 3.3.6 --- Packet Marking Integrity --- p.57 / Chapter 3.3.7 --- Path Reconstruction --- p.58 / Chapter 4 --- Route-based Packet Filtering Scheme --- p.62 / Chapter 4.1 --- Placement of Filters --- p.63 / Chapter 4.1.1 --- At Sources' Networks --- p.64 / Chapter 4.1.2 --- At Victim's Network --- p.64 / Chapter 4.2 --- Proposed Packet Filtering Scheme --- p.65 / Chapter 4.2.1 --- Classification of Packets --- p.66 / Chapter 4.2.2 --- Filtering Mechanism --- p.67 / Chapter 5 --- Performance Evaluation --- p.70 / Chapter 5.1 --- Simulation Setup --- p.70 / Chapter 5.2 --- Experiments on IP Traceback Scheme --- p.72 / Chapter 5.2.1 --- Performance Metrics --- p.72 / Chapter 5.2.2 --- Choice of Marking Probabilities --- p.73 / Chapter 5.2.3 --- Experimental Results --- p.75 / Chapter 5.3 --- Experiments on Packet Filtering Scheme --- p.82 / Chapter 5.3.1 --- Performance Metrics --- p.82 / Chapter 5.3.2 --- Choices of Filtering Probabilities --- p.84 / Chapter 5.3.3 --- Experimental Results --- p.85 / Chapter 5.4 --- Deployment Issues --- p.91 / Chapter 5.4.1 --- Backward Compatibility --- p.91 / Chapter 5.4.2 --- Processing Overheads to the Routers and Network --- p.93 / Chapter 5.5 --- Evaluations --- p.95 / Chapter 6 --- Conclusion --- p.96 / Chapter 6.1 --- Contributions --- p.96 / Chapter 6.2 --- Discussions and future work --- p.99 / Bibliography --- p.110
| Identifer | oai:union.ndltd.org:cuhk.edu.hk/oai:cuhk-dr:cuhk_324920 |
| Date | January 2004 |
| Contributors | Lau, Nga Sin., Chinese University of Hong Kong Graduate School. Division of Computer Science and Engineering. |
| Source Sets | The Chinese University of Hong Kong |
| Language | English, Chinese |
| Detected Language | English |
| Type | Text, bibliography |
| Format | print, xi, 110 leaves : ill. ; 30 cm. |
| Rights | Use of this resource is governed by the terms and conditions of the Creative Commons “Attribution-NonCommercial-NoDerivatives 4.0 International” License (http://creativecommons.org/licenses/by-nc-nd/4.0/) |
Page generated in 0.0022 seconds