《DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance》 PDF 免费下载

今天看到群里有人发“每日安全热点”,我看到有一本PDF书籍叫“DDoS攻击:进化,检测,预防,反应和容忍”,寻思着下载下来看看,结果打开发现此PDF书籍,其实是英文的,是国人翻译过来的标题。

结果,我在互联网上搜索此《DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance》PDF书籍,要么是付费的,要么需要积分,要么需要购买等一系列问题。

 

或许有些志同道合的人也有此需求,因此,今天我将免费分享出来给有缘的人!

 

以下是书籍的目录内容:

1、Introduction 1

1.1 Anomalies in Networks . . . . . . . . . . . . . . . . . . 2

1.2 Distributed Denial-of-Service (DDoS) Attacks . . . . . . 3

1.3 Causes of DDoS Attacks . . . . . . . . . . . . . . . . . . 4

1.4 Targets of DDoS Attacks . . . . . . . . . . . . . . . . . 5

1.5 Launching of DDoS Attacks . . . . . . . . . . . . . . . . 5

1.6 Current Trends in Botnet Technology . . . . . . . . . . 6

1.7 Machine Learning in DDoS Attack Handling . . . . . . . 6

1.7.1 Traffic Attributes and User-Parameter Selection 7

1.7.2 Selection of Metrics or Measures . . . . . . . . . 7

1.7.3 Analysis of Data . . . . . . . . . . . . . . . . . . 8

1.7.4 Mode of Detection . . . . . . . . . . . . . . . . . 8

1.7.5 Generation of Alarm Information and Reaction . 9

1.8 DDoS Defense . . . . . . . . . . . . . . . . . . . . . . . . 9

1.9 Modules of a DDoS Defense System . . . . . . . . . . . 10

1.10 Types of DDoS Defense Systems . . . . . . . . . . . . . 11

1.10.1 Based on Approach . . . . . . . . . . . . . . . . . 11

1.10.1.1 DDoS Detection . . . . . . . . . . . . . 11

1.10.1.2 DDoS Prevention . . . . . . . . . . . . 11

1.10.1.3 DDoS Response . . . . . . . . . . . . . 11

1.10.1.4 DDoS Tolerance . . . . . . . . . . . . . 12

1.10.2 Based on Nature of Control . . . . . . . . . . . . 12

1.10.2.1 Centralized DDoS Defense . . . . . . . 12

1.10.2.2 Hierarchical DDoS Defense . . . . . . . 12

1.10.2.3 Distributed DDoS Defense . . . . . . . 13

1.10.3 Based on Defense Infrastructure . . . . . . . . . 13

1.10.3.1 Host-Based DDoS Defense . . . . . . . 13

1.10.3.2 Network-Based DDoS Defense . . . . . 14

1.10.4 Based on Defense Location . . . . . . . . . . . . 14

1.10.4.1 Victim-End DDoS Defense . . . . . . . 14

1.10.4.2 Source-End DDoS Defense . . . . . . . 15

1.10.4.3 Intermediate Network DDoS Defense . 15

1.10.5 Based on Technique Used . . . . . . . . . . . . . 15

1.10.5.1 Misuse Detection . . . . . . . . . . . . . 15

1.10.5.2 Anomaly Detection . . . . . . . . . . . 16

1.11 DDoS Tools and Systems . . . . . . . . . . . . . . . . . 16

1.12 DDoS Defense Evaluation . . . . . . . . . . . . . . . . . 17

1.13 Prior Work . . . . . . . . . . . . . . . . . . . . . . . . . 17

1.14 Contribution of This Book . . . . . . . . . . . . . . . . . 20

1.15 Organization of This Book . . . . . . . . . . . . . . . . . 20

 

2、DDoS, Machine Learning, Measures 23

2.1 Issues in Internet Design . . . . . . . . . . . . . . . . . . 25

2.1.1 Complex Edge but Simple Core . . . . . . . . . . 25

2.1.2 Link Bandwidth Mismatch between Core and Edge 25

2.1.3 Routing Principles . . . . . . . . . . . . . . . . . 26

2.1.4 Lack of Centralized Network Management . . . . 26

2.1.5 Sharing of Reserved Resources across Data Centers 26

2.2 DDoS Attacks and Their Types . . . . . . . . . . . . . . 27

2.2.1 Agent-Handler and IRC-Based DDoS Attack Gen-eration . . . . . . . . . . . . . . . . . . . . . . . . 28

2.2.2 Types of DDoS Attacks . . . . . . . . . . . . . . 28

2.2.2.1 Layer-Specific DDoS Attacks . . . . . . 28

2.2.2.2 Direct and Reflector-Based DDoS Attacks 30

2.2.2.3 Direct and Indirect DDoS Attacks . . . 31

2.2.2.4 High-Rate and Low-Rate DDoS Attacks 31

2.2.2.5 Attack Types Based on Rate Dynamics 32

2.3 DDoS Attack Targets . . . . . . . . . . . . . . . . . . . 33

2.3.1 On Infrastructure . . . . . . . . . . . . . . . . . . 33

2.3.2 On Link . . . . . . . . . . . . . . . . . . . . . . . 33

2.3.3 On Router . . . . . . . . . . . . . . . . . . . . . 34

2.3.4 On OS . . . . . . . . . . . . . . . . . . . . . . . . 34

2.3.5 On Defense Mechanism . . . . . . . . . . . . . . 34

2.4 Current Trends in DDoS Attacks . . . . . . . . . . . . . 34

2.5 Strength of DDoS Attackers . . . . . . . . . . . . . . . . 36

2.6 Desired Characteristics of DDoS Defense System . . . . 37

2.7 Recent DDoS Attacks . . . . . . . . . . . . . . . . . . . 38

2.8 Machine Learning Background . . . . . . . . . . . . . . 39

2.8.1 Supervised and Unsupervised Machine Learning 40

2.8.2 Measures: Similarity and Dissimilarity . . . . . . 41

2.8.2.1 Dissimilarity Measures . . . . . . . . . 42

2.8.2.2 Correlation Measures . . . . . . . . . . 43

2.8.2.3 f-Divergence Measures . . . . . . . . . 46

2.8.2.4 Information Metrics . . . . . . . . . . . 48

2.8.3 Discussion . . . . . . . . . . . . . . . . . . . . . . 49

2.9 Some Empirical Studies . . . . . . . . . . . . . . . . . . 50

2.9.1 Using Information Metrics . . . . . . . . . . . . . 50

2.9.1.1 Testbed Used . . . . . . . . . . . . . . . 52

2.9.1.2 Datasets Used . . . . . . . . . . . . . . 53

2.9.1.3 Results of Empirical Study . . . . . . . 53

2.9.1.4 Discussion . . . . . . . . . . . . . . . . 59

2.9.2 Using Correlation Measures . . . . . . . . . . . . 59

2.9.2.1 An Example . . . . . . . . . . . . . . . 60

2.9.3 Using f-Divergence Measures . . . . . . . . . . . 62

2.9.3.1 Results . . . . . . . . . . . . . . . . . . 65

2.9.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 69

2.10 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 70

 

3、Botnets: Trends and Challenges 73

3.1 DDoS Attacks Using Stationary Botnets . . . . . . . . . 74

3.1.1 Botnet Characteristics . . . . . . . . . . . . . . . 74

3.1.2 Botnet Models . . . . . . . . . . . . . . . . . . . 75

3.1.2.1 Agent Handler Model . . . . . . . . . . 76

3.1.2.2 IRC-Based Model . . . . . . . . . . . . 76

3.1.2.3 Web-Based Model . . . . . . . . . . . . 77

3.1.3 Botnet Formation Life Cycle . . . . . . . . . . . 78

3.1.4 Stationary Botnet Architecture . . . . . . . . . . 78

3.1.4.1 Botnet Topology . . . . . . . . . . . . . 78

3.1.4.2 Protocols Used . . . . . . . . . . . . . . 79

3.1.4.3 Botnet C&C Systems . . . . . . . . . . 80

3.1.5 Some Stationary Botnets . . . . . . . . . . . . . 83

3.1.6 DDoS Attacks Using Mobile Botnets . . . . . . 89

3.1.6.1 Mobile Botnet Characteristics . . . . . 89

3.1.6.2 C&C Mechanisms in Mobile Botnet . . 90

3.1.7 Some Mobile Botnets . . . . . . . . . . . . . . . 93

3.2 Chapter Summary and Recommendations . . . . . . . . 94

 

4、DoS Detection 97

4.1 Modules of a DDoS Defense Solution . . . . . . . . . . . 98

4.1.1 Monitoring . . . . . . . . . . . . . . . . . . . . . 98

4.1.2 Detection . . . . . . . . . . . . . . . . . . . . . . 98

4.1.3 Reaction . . . . . . . . . . . . . . . . . . . . . . . 99

4.2 Types of DDoS Defense Solutions . . . . . . . . . . . . . 99

4.2.1 Based on Approach Used . . . . . . . . . . . . . 99

4.2.2 Based on Nature of Control . . . . . . . . . . . . 100

4.2.2.1 Centralized DDoS Defense . . . . . . . 100

4.2.2.2 Hierarchical DDoS Defense . . . . . . . 102

4.2.2.3 Distributed DDoS Defense . . . . . . . 102

4.2.3 Based on Defense Infrastructure . . . . . . . . . 103

4.2.3.1 Host-Based DDoS Defense . . . . . . . 103

4.2.3.2 Network-Based DDoS Defense . . . . . 104

4.2.4 Based on Defense Location . . . . . . . . . . . . 104

4.2.4.1 Victim-End DDoS Defense . . . . . . . 105

4.2.4.2 Source-End DDoS Defense . . . . . . . 105

4.2.4.3 Intermediate Network DDoS Defense . 106

4.2.5 Based on Techniques Used . . . . . . . . . . . . . 107

4.3 DDoS Detection Techniques . . . . . . . . . . . . . . . . 108

4.3.1 Misuse Detection . . . . . . . . . . . . . . . . . . 109

4.3.1.1 Signature-Based DDoS Detection . . . . 110

4.3.1.2 Rule-Based Detection . . . . . . . . . . 110

4.3.1.3 State-Transition Techniques . . . . . . 110

4.3.2 Anomaly-Based DDoS Detection . . . . . . . . . 111

4.3.2.1 Statistical Techniques . . . . . . . . . . 111

4.3.2.2 Machine Learning and Data Mining Tech-niques . . . . . . . . . . . . . . . . . . . 120

4.3.2.3 Soft Computing Techniques . . . . . . . 131

4.3.2.4 Knowledge-Based Techniques . . . . . . 137

4.4 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 141

 

5、DDoS Prevention 145

5.1 DDoS Prevention Techniques . . . . . . . . . . . . . . . 145

5.1.1 IP Traceback . . . . . . . . . . . . . . . . . . . . 146

5.1.1.1 Link Testing . . . . . . . . . . . . . . . 150

5.1.1.2 Packet Marking . . . . . . . . . . . . . 151

5.1.1.3 Packet Logging . . . . . . . . . . . . . . 153

5.1.1.4 ICMP Traceback Messages . . . . . . . 154

5.1.1.5 Discussion . . . . . . . . . . . . . . . . 154

5.1.2 Filtering Techniques . . . . . . . . . . . . . . . . 155

5.1.2.1 Ingress and Egress Filtering . . . . . . . 155

5.1.2.2 Router-Based Packet Filtering (RPF) . 157

5.1.2.3 Source Address Validity Enforcement(SAVE) Protocol . . . . . . . . . . . . . 158

5.1.3 Rate Control . . . . . . . . . . . . . . . . . . . . 159

5.2 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 159

 

6、DDoS Reaction and Tolerance 161

6.1 Intrusion Response System (IRS) . . . . . . . . . . . . . 161

6.1.1 Intrusion Response (IR) and Its Types . . . . . . 162

6.1.1.1 A Model to Demonstrate Relationshipsamong Responses . . . . . . . . . . . . 163

6.1.2 Development of IRSs: Approaches, Methods, and Techniques . . . . . . . . . . . . . . . . . . . . . 165

6.1.2.1 Based on the Degree of Automation . . 165

6.1.2.2 Based on the Approach Used for Trig-gering Responses . . . . . . . . . . . . . 167

6.1.2.3 Based on Adaptability . . . . . . . . . . 168

6.1.2.4 Based on Promptness in Response Gen-eration . . . . . . . . . . . . . . . . . . 169

6.1.2.5 Based on the Level of Cooperation . . . 169

6.1.2.6 Based on Versatility in Reacting to Un-seen Situations . . . . . . . . . . . . . . 170

6.1.3 Some Example Intrusion Response Systems . . . 171

6.1.3.1 Cooperative Intrusion Traceback and Re-sponse Architecture (CITRA) . . . . . 171

6.1.3.2 Distributed Management Architecture for Cooperative Detection and Reaction 172

6.1.3.3 EMERALD . . . . . . . . . . . . . . . . 173

6.1.3.4 CSM . . . . . . . . . . . . . . . . . . . 174

6.1.3.5 Adaptive, Agent-Based IRS (AAIRS) . 175

6.1.3.6 ALPHATECH . . . . . . . . . . . . . . 175

6.1.3.7 SITAR . . . . . . . . . . . . . . . . . . 176

6.1.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 177

6.2 DDoS Tolerance Approaches and Methods . . . . . . . . 177

6.2.1 Multi-Level IDS-Based Approaches . . . . . . . . 179

6.2.2 Middleware Algorithm-Based Approaches . . . . 182

6.2.3 Recovery-Based Approaches . . . . . . . . . . . . 185

6.2.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 190

6.3 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 191

 

7、Tools and Systems 193

7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 193

7.2 Types of Network Security Tools . . . . . . . . . . . . . 195

7.2.1 Information Gathering Tools . . . . . . . . . . . 195

7.2.1.1 Sniffing Tools . . . . . . . . . . . . . . . 195

7.2.1.2 Network Mapping/Scanning Tools . . . 201

7.2.2 Attack Launching Tools . . . . . . . . . . . . . . 203

7.2.2.1 Trojans . . . . . . . . . . . . . . . . . . 204

7.2.2.2 Transport and Network Layer Denial-of-Service Attacks . . . . . . . . . . . . 205

7.2.2.3 Application Layer Attack Tools . . . . 210

7.2.2.4 Additional Attack Tools . . . . . . . . . 212

7.2.3 Network Monitoring Tools . . . . . . . . . . . . . 214

7.2.3.1 Visualization and Analysis Tools . . . . 215

7.3 Observations . . . . . . . . . . . . . . . . . . . . . . . . 216

7.4 TUCANNON+: DDoS Attack-Generation and Monitor-ing Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

7.4.1 TUCannon: Attack-Generation Module . . . . . 220

7.4.2 Server Sub-module of TUCannon . . . . . . . . . 220

7.4.3 Client Sub-module . . . . . . . . . . . . . . . . . 222

7.4.4 Scalability of TUCannon . . . . . . . . . . . . . 223

7.4.5 Speed of TUCannon . . . . . . . . . . . . . . . . 223

7.4.6 Reflector Attack . . . . . . . . . . . . . . . . . . 223

7.5 TUCannon Architecture . . . . . . . . . . . . . . . . . . 224

7.5.1 Server Architecture . . . . . . . . . . . . . . . . . 224

7.5.2 Client Architecture . . . . . . . . . . . . . . . . . 225

7.6 TUMonitor . . . . . . . . . . . . . . . . . . . . . . . . . 226

7.6.1 TUMonitor: An Overview . . . . . . . . . . . . . 226

7.6.2 TUMonitor Architecture . . . . . . . . . . . . . . 229

7.6.3 Visualization with TUMonitor . . . . . . . . . . 231

7.7 DDoS Defense Systems . . . . . . . . . . . . . . . . . . . 231

7.7.1 Systems that Respond to Intrusion . . . . . . . . 232

7.7.1.1 Architectures of Some Well-Known De-fense Systems . . . . . . . . . . . . . . 233

7.7.2 Some Commercial and Academic Defense Systems 237

7.7.3 Discussion . . . . . . . . . . . . . . . . . . . . . . 247

7.8 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 247

 

8、Conclusion and Research Challenges 249

8.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 249

8.1.1 Source IP Spoofing . . . . . . . . . . . . . . . . . 250

8.1.2 Degree of Randomization . . . . . . . . . . . . . 250

8.1.3 Isolation vs. Combination . . . . . . . . . . . . . 250

8.1.4 Realistic TCP SYN Flooding . . . . . . . . . . . 251

8.1.5 Removal of Unique Characteristics . . . . . . . . 251

8.1.6 Low-Cost and Limited Bandwidth Attack . . . . 251

8.2 Research Challenges . . . . . . . . . . . . . . . . . . . . 252

8.2.1 Developing a Generic DDoS Defense Mechanism 252

8.2.2 Integration of Packet/Flow Monitoring and De-tection . . . . . . . . . . . . . . . . . . . . . . . . 252

8.2.3 Developing DDoS-Tolerant Architecture . . . . . 253

8.2.4 Developing a Cost-Effective Source-End Defense 253

8.2.5 Developing an Efficient Dynamic Firewall . . . . 253

8.2.6 Hybridization Issues to Support Real-Time Performance with QoS . . . . . . . . . . . . . . . 253

8.2.7 Heuristics for Accurate Estimation of Defense Parameters . . . . . . . . . . . . . . . . . . . . . 254

8.2.8 Developing a Robust and Cost-Effective Proxim-ity Measure . . . . . . . . . . . . . . . . . . . . . . . 254

8.2.9 Standard for Unbiased Evaluation of Defense So-lutions . . . . . . . . . . . . . . . . . . . . . . . . 254

8.2.10 Large-Scale Testbed for Defense Validation . . . 254

 

DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance

 

免费下载地址:

百度网盘链接: https://pan.baidu.com/s/1RwliUJZSA_mWukSete4vvQ 提取码: avd4

如链接有失效,请评论区留言或Q上联系我!

 

总结:

此书籍我看了看,还是蛮不错的,不过英文我是看不懂的,我是用的谷歌文档翻译来看的。

    A+
发布日期:2019年07月24日 10:45:13  所属分类:PDF
最后更新时间:2019-07-24 10:45:13
付杰
  • ¥ 198.0元
  • 市场价:398.0元
  • ¥ 298.0元
  • 市场价:598.0元
  • ¥ 299.0元
  • 市场价:599.0元
  • ¥ 49.0元
  • 市场价:199.0元

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: