研究生: |
胡展榮 Hu, Zhan-Rong |
---|---|
論文名稱: |
利用適應性驗證減緩資料命名網路之內容汙染研究 Mitigating Content Poisoning by Adaptive Content Verification in Named Data Networking |
指導教授: |
陳伶志
Chen, Ling-Jyh |
學位類別: |
碩士 Master |
系所名稱: |
資訊工程學系 Department of Computer Science and Information Engineering |
論文出版年: | 2016 |
畢業學年度: | 104 |
語文別: | 中文 |
論文頁數: | 45 |
中文關鍵詞: | 資料命名網路 、內容汙染 、汙染攻擊 |
英文關鍵詞: | Named Data Networking, Content Poisoning, Poisoning attack |
DOI URL: | https://doi.org/10.6345/NTNU202204352 |
論文種類: | 學術論文 |
相關次數: | 點閱:74 下載:9 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
摘 要
資料命名網路 (Named Data Networking, NDN)被視為下一個世代的網路架構候選人之一,憑藉著本身的基礎架構設計,資料命名網路可以解決一些目前以IP為基底的網際網路所遇到的難題以及限制,並且能夠增加資料的存取效率以及網路頻寬使用率,然而,即便資料命名網路可以應付目前網際網路所遇到的困境,但是新的攻擊型態也會針對資料命名網路的架構設計而隨之產生,像是內容汙染攻擊,就是針對資料命名網路的基礎架構設計而出現的攻擊方式。
在此篇論文中,我們提出了一種新穎的方法,藉由路由器跟資料要求者合作的方式,來共同抵禦內容汙染的攻擊,並且會根據目前網路中受到的攻擊情況強弱來採取不同的應對方式,而這種應對方式我們稱之為適應性驗證 (Adaptive Content Verification, ACV),藉由適應性驗證,我們可以避免帶給路由器過多的負擔或者是使得資料要求者獲取太多的受到汙染的內容,同時,我們也可以有效地減緩內容汙染的攻擊。
參考文獻
[1] Lixia Zhang, Alexander Afanasyev, Jeffrey Burke, Van Jacobson, kc claffy, Patrick Crowley, Christos Papadopoulos, Lan Wang and Beichuan Zhang, "Named data networking (ndn) project," Technical Report NDN-0001, Xerox Palo Alto Research Center-PARC, 2010.
[2] Jacobson Van, Diana K. Smetters, James D. Thornton, Michael F. Plass, Nicholas H. Briggs and Rebecca L. Braynard, "Networking named content," ACM International Conference on Emerging Networking Experiments and Technologies, 2009.
[3] Bengt Ahlgren, Christian Dannewitz, Claudio Imbrenda, Dirk Kutscher, and Börje Ohlman, “A survey of information-centric networking,” IEEE Communications Magazine, vol. 50, no. 7, pp. 26-36, 2012.
[4] “Content centric networking (CCNx) project,” http://www.ccnx.org.
[5] Afanasyev Alexander, Ilya Moiseenko, and Lixia Zhang, "ndnSIM: NDN simulator for NS-3," Technical Report NDN-002, University of California, Los Angeles, 2012.
[6] Spyridon Mastorakis, Alexander Afanasyev, Ilya Moiseenko and Lixia Zhang, “ndnSIM 2.0: A new version of the NDN simulator for NS-3,” NDN, Technical Report NDN-0028, University of California, Los Angeles, 2015
[7] Klein Amit, "BIND 8 DNS cache poisoning," 2007.
[8] Antonio Lioy, Fabio Maino, Marius Marian, Daniele Mazzocchi, "DNS security," Terena Networking Conference, 2000.
[9] Naoum Naoumov and Keith Ross, “Exploiting p2p systems for ddos attacks,” ACM International Conference on Scalable Information Systems, 2006.
[10] Klein Amit, "Web cache poisoning attacks," Encyclopedia of Cryptography and Security, Springer US, pp. 1373-1373, 2011
[11] Guo Fanglu, Jiawu Chen, and Tzi-cker Chiueh, "Spoof detection for preventing dos attacks against dns servers," IEEE International Conference on Distributed Computing Systems, 2006.
[12] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, “RFC 4033: DNS security introduction and requirements,” 2005.
[13] Jian Liang, Naoum Naoumova and Keith W. Ross, “The Index Poisoning Attack in P2P File Sharing Systems,” IEEE International Conference on Computer Communications (infocom’06), 2006.
[14] Matthias Vallentin and Yahel Ben-David, “Persistent browser cache poisoning,” 2010.
[15] Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic and Yan Chen, “Internet cache pollution attacks and countermeasures,” IEEE International Conference on Network Protocols, 2006.
[16] Alberto Compagno, Mauro Conti, Paolo Gasti and Gene Tsudik, “Poseidon: Mitigating interest flooding DDoS attacks in named data networking.”, IEEE Conference on Local Computer Networks, 2013.
[17] Alexander Afanasyev, Priya Mahadevan, Ilya Moiseenko, Ersin Uzun and Lixia Zhang, “Interest flooding attack and countermeasures in Named Data Networking,” IFIP Networking Conference, 2013.
[18] Alberto Compagno, Mauro Conti, Paolo Gasti and Gene Tsudik, “NDN interest flooding attacks and countermeasures,” Annual Computer Security Applications Conference, 2012.
[19] Seungoh Choi, Kwangsoo Kim, Seongmin Kim and Byeong-hee Roh, "Threat of DoS by interest flooding attack in content-centric networking." The International Conference on Information Networking, 2013.
[20] Somaya Arianfar, Teemu Koponen, Barath Raghavan and Scott Shenker, “On preserving privacy in content-oriented networks,” ACM SIGCOMM Workshop on Information-Centric Networking, 2011.
[21] Steven DiBenedetto, Paolo Gasti, Gene Tsudik and Ersin Uzun, “ANDaNA: Anonymous named data networking application.” NDSS, 2011.
[22] Gergely Acs, Mauro Conti, Paolo Gasti, Cesar Ghali and Gene Tsudik, "Cache privacy in named-data networking," IEEE International Conference on Distributed Computing Systems, 2013.
[23] Smetters Diana and Van Jacobson, “Securing network content,” Technical report, PARC, 2009.
[24] Mengjun Xie, Indra Widjaja and Haining Wang, "Enhancing cache robustness for content-centric networking," IEEE International Conference on Computer Communications (infocom’12), 2012.
[25] Mauro Conti, Paolo Gasti and Marco Teoli, "A lightweight mechanism for detection of cache pollution attacks in Named Data Networking," Computer Networks vol. 57, issue.16, pp. 3178-3191, 2013.
[26] Paolo Gasti, Gene Tsudik, Ersin Uzun and Lixia Zhang, "DoS and DDoS in named data networking," IEEE International Conference on Computer Communication and Networks , 2013.
[27] Igor Ribeiro, Antonio Rocha, Celio Albuquerque and Flavio Guimaraes, “On the possibility of mitigating content pollution in content-centric networking,” IEEE Conference on Local Computer Networks, 2014.
[28] Cesar Ghali, Gene Tsudik and Ersin Uzun, “Needle in a haystack: Mitigating content poisoning in named-data networking,” NDSS Workshop on Security of Emerging Networking Technologies, 2014.
[29] “NS-3 Simulator,” http://www.nsnam.org/
[30] Alberto Medina, Anukool Lakhina, Ibrahim Matta and John Byers, “BRITE: An approach to universal topology generation,” IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 2001
[31] “Named Data Networking Forwarding Daemon,” http://named-data.net/doc/NFD/current/