簡易檢索 / 詳目顯示

研究生: 胡展榮
Hu, Zhan-Rong
論文名稱: 利用適應性驗證減緩資料命名網路之內容汙染研究
Mitigating Content Poisoning by Adaptive Content Verification in Named Data Networking
指導教授: 陳伶志
Chen, Ling-Jyh
學位類別: 碩士
Master
系所名稱: 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2016
畢業學年度: 104
語文別: 中文
論文頁數: 45
中文關鍵詞: 資料命名網路內容汙染汙染攻擊
英文關鍵詞: Named Data Networking, Content Poisoning, Poisoning attack
DOI URL: https://doi.org/10.6345/NTNU202204352
論文種類: 學術論文
相關次數: 點閱:74下載:9
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 摘  要

    資料命名網路 (Named Data Networking, NDN)被視為下一個世代的網路架構候選人之一,憑藉著本身的基礎架構設計,資料命名網路可以解決一些目前以IP為基底的網際網路所遇到的難題以及限制,並且能夠增加資料的存取效率以及網路頻寬使用率,然而,即便資料命名網路可以應付目前網際網路所遇到的困境,但是新的攻擊型態也會針對資料命名網路的架構設計而隨之產生,像是內容汙染攻擊,就是針對資料命名網路的基礎架構設計而出現的攻擊方式。
    在此篇論文中,我們提出了一種新穎的方法,藉由路由器跟資料要求者合作的方式,來共同抵禦內容汙染的攻擊,並且會根據目前網路中受到的攻擊情況強弱來採取不同的應對方式,而這種應對方式我們稱之為適應性驗證 (Adaptive Content Verification, ACV),藉由適應性驗證,我們可以避免帶給路由器過多的負擔或者是使得資料要求者獲取太多的受到汙染的內容,同時,我們也可以有效地減緩內容汙染的攻擊。

    摘要 Ⅱ 圖表目錄 Ⅴ 第一章 緒論 1 第二章 背景以及相關研究 5 2.1 資料命名網路總覽 5 2.2 相關研究 9 第三章 問題定義 13 第四章 方法:適應性驗證 15 4.1 基本概念 15 4.2 主要流程 17 4.3 動態機率 19 第五章 實驗及分析 23  5.1 尋找較好的α 23  5.2 位於不同hop的路由器所產生之驗證次數 28 5.3 與固定機率的比較 32 5.4 隨機Topology 38 第六章 結論及未來 41 參考文獻 43

    參考文獻

    [1] Lixia Zhang, Alexander Afanasyev, Jeffrey Burke, Van Jacobson, kc claffy, Patrick Crowley, Christos Papadopoulos, Lan Wang and Beichuan Zhang, "Named data networking (ndn) project," Technical Report NDN-0001, Xerox Palo Alto Research Center-PARC, 2010.
    [2] Jacobson Van, Diana K. Smetters, James D. Thornton, Michael F. Plass, Nicholas H. Briggs and Rebecca L. Braynard, "Networking named content," ACM International Conference on Emerging Networking Experiments and Technologies, 2009.
    [3] Bengt Ahlgren, Christian Dannewitz, Claudio Imbrenda, Dirk Kutscher, and Börje Ohlman, “A survey of information-centric networking,” IEEE Communications Magazine, vol. 50, no. 7, pp. 26-36, 2012.
    [4] “Content centric networking (CCNx) project,” http://www.ccnx.org.
    [5] Afanasyev Alexander, Ilya Moiseenko, and Lixia Zhang, "ndnSIM: NDN simulator for NS-3," Technical Report NDN-002, University of California, Los Angeles, 2012.
    [6] Spyridon Mastorakis, Alexander Afanasyev, Ilya Moiseenko and Lixia Zhang, “ndnSIM 2.0: A new version of the NDN simulator for NS-3,” NDN, Technical Report NDN-0028, University of California, Los Angeles, 2015
    [7] Klein Amit, "BIND 8 DNS cache poisoning," 2007.
    [8] Antonio Lioy, Fabio Maino, Marius Marian, Daniele Mazzocchi, "DNS security," Terena Networking Conference, 2000.
    [9] Naoum Naoumov and Keith Ross, “Exploiting p2p systems for ddos attacks,” ACM International Conference on Scalable Information Systems, 2006.
    [10] Klein Amit, "Web cache poisoning attacks," Encyclopedia of Cryptography and Security, Springer US, pp. 1373-1373, 2011
    [11] Guo Fanglu, Jiawu Chen, and Tzi-cker Chiueh, "Spoof detection for preventing dos attacks against dns servers," IEEE International Conference on Distributed Computing Systems, 2006.
    [12] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, “RFC 4033: DNS security introduction and requirements,” 2005.
    [13] Jian Liang, Naoum Naoumova and Keith W. Ross, “The Index Poisoning Attack in P2P File Sharing Systems,” IEEE International Conference on Computer Communications (infocom’06), 2006.
    [14] Matthias Vallentin and Yahel Ben-David, “Persistent browser cache poisoning,” 2010.
    [15] Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic and Yan Chen, “Internet cache pollution attacks and countermeasures,” IEEE International Conference on Network Protocols, 2006.
    [16] Alberto Compagno, Mauro Conti, Paolo Gasti and Gene Tsudik, “Poseidon: Mitigating interest flooding DDoS attacks in named data networking.”, IEEE Conference on Local Computer Networks, 2013.
    [17] Alexander Afanasyev, Priya Mahadevan, Ilya Moiseenko, Ersin Uzun and Lixia Zhang, “Interest flooding attack and countermeasures in Named Data Networking,” IFIP Networking Conference, 2013.
    [18] Alberto Compagno, Mauro Conti, Paolo Gasti and Gene Tsudik, “NDN interest flooding attacks and countermeasures,” Annual Computer Security Applications Conference, 2012.
    [19] Seungoh Choi, Kwangsoo Kim, Seongmin Kim and Byeong-hee Roh, "Threat of DoS by interest flooding attack in content-centric networking." The International Conference on Information Networking, 2013.
    [20] Somaya Arianfar, Teemu Koponen, Barath Raghavan and Scott Shenker, “On preserving privacy in content-oriented networks,” ACM SIGCOMM Workshop on Information-Centric Networking, 2011.
    [21] Steven DiBenedetto, Paolo Gasti, Gene Tsudik and Ersin Uzun, “ANDaNA: Anonymous named data networking application.” NDSS, 2011.
    [22] Gergely Acs, Mauro Conti, Paolo Gasti, Cesar Ghali and Gene Tsudik, "Cache privacy in named-data networking," IEEE International Conference on Distributed Computing Systems, 2013.
    [23] Smetters Diana and Van Jacobson, “Securing network content,” Technical report, PARC, 2009.
    [24] Mengjun Xie, Indra Widjaja and Haining Wang, "Enhancing cache robustness for content-centric networking," IEEE International Conference on Computer Communications (infocom’12), 2012.
    [25] Mauro Conti, Paolo Gasti and Marco Teoli, "A lightweight mechanism for detection of cache pollution attacks in Named Data Networking," Computer Networks vol. 57, issue.16, pp. 3178-3191, 2013.
    [26] Paolo Gasti, Gene Tsudik, Ersin Uzun and Lixia Zhang, "DoS and DDoS in named data networking," IEEE International Conference on Computer Communication and Networks , 2013.
    [27] Igor Ribeiro, Antonio Rocha, Celio Albuquerque and Flavio Guimaraes, “On the possibility of mitigating content pollution in content-centric networking,” IEEE Conference on Local Computer Networks, 2014.
    [28] Cesar Ghali, Gene Tsudik and Ersin Uzun, “Needle in a haystack: Mitigating content poisoning in named-data networking,” NDSS Workshop on Security of Emerging Networking Technologies, 2014.
    [29] “NS-3 Simulator,” http://www.nsnam.org/
    [30] Alberto Medina, Anukool Lakhina, Ibrahim Matta and John Byers, “BRITE: An approach to universal topology generation,” IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 2001
    [31] “Named Data Networking Forwarding Daemon,” http://named-data.net/doc/NFD/current/

    下載圖示
    QR CODE