今天看到群里有人发“每日安全热点”,我看到有一本PDF书籍叫“DDoS攻击:进化,检测,预防,反应和容忍”,寻思着下载下来看看,结果打开发现此PDF书籍,其实是英文的,是国人翻译过来的标题。
结果,我在互联网上搜索此《DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance》PDF书籍,要么是付费的,要么需要积分,要么需要购买等一系列问题。
或许有些志同道合的人也有此需求,因此,今天我将免费分享出来给有缘的人!
以下是书籍的目录内容:
1、Introduction 1
1.1 Anomalies in Networks . . . . . . . . . . . . . . . . . . 2
1.2 Distributed Denial-of-Service (DDoS) Attacks . . . . . . 3
1.3 Causes of DDoS Attacks . . . . . . . . . . . . . . . . . . 4
1.4 Targets of DDoS Attacks . . . . . . . . . . . . . . . . . 5
1.5 Launching of DDoS Attacks . . . . . . . . . . . . . . . . 5
1.6 Current Trends in Botnet Technology . . . . . . . . . . 6
1.7 Machine Learning in DDoS Attack Handling . . . . . . . 6
1.7.1 Traffic Attributes and User-Parameter Selection 7
1.7.2 Selection of Metrics or Measures . . . . . . . . . 7
1.7.3 Analysis of Data . . . . . . . . . . . . . . . . . . 8
1.7.4 Mode of Detection . . . . . . . . . . . . . . . . . 8
1.7.5 Generation of Alarm Information and Reaction . 9
1.8 DDoS Defense . . . . . . . . . . . . . . . . . . . . . . . . 9
1.9 Modules of a DDoS Defense System . . . . . . . . . . . 10
1.10 Types of DDoS Defense Systems . . . . . . . . . . . . . 11
1.10.1 Based on Approach . . . . . . . . . . . . . . . . . 11
1.10.1.1 DDoS Detection . . . . . . . . . . . . . 11
1.10.1.2 DDoS Prevention . . . . . . . . . . . . 11
1.10.1.3 DDoS Response . . . . . . . . . . . . . 11
1.10.1.4 DDoS Tolerance . . . . . . . . . . . . . 12
1.10.2 Based on Nature of Control . . . . . . . . . . . . 12
1.10.2.1 Centralized DDoS Defense . . . . . . . 12
1.10.2.2 Hierarchical DDoS Defense . . . . . . . 12
1.10.2.3 Distributed DDoS Defense . . . . . . . 13
1.10.3 Based on Defense Infrastructure . . . . . . . . . 13
1.10.3.1 Host-Based DDoS Defense . . . . . . . 13
1.10.3.2 Network-Based DDoS Defense . . . . . 14
1.10.4 Based on Defense Location . . . . . . . . . . . . 14
1.10.4.1 Victim-End DDoS Defense . . . . . . . 14
1.10.4.2 Source-End DDoS Defense . . . . . . . 15
1.10.4.3 Intermediate Network DDoS Defense . 15
1.10.5 Based on Technique Used . . . . . . . . . . . . . 15
1.10.5.1 Misuse Detection . . . . . . . . . . . . . 15
1.10.5.2 Anomaly Detection . . . . . . . . . . . 16
1.11 DDoS Tools and Systems . . . . . . . . . . . . . . . . . 16
1.12 DDoS Defense Evaluation . . . . . . . . . . . . . . . . . 17
1.13 Prior Work . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.14 Contribution of This Book . . . . . . . . . . . . . . . . . 20
1.15 Organization of This Book . . . . . . . . . . . . . . . . . 20
2、DDoS, Machine Learning, Measures 23
2.1 Issues in Internet Design . . . . . . . . . . . . . . . . . . 25
2.1.1 Complex Edge but Simple Core . . . . . . . . . . 25
2.1.2 Link Bandwidth Mismatch between Core and Edge 25
2.1.3 Routing Principles . . . . . . . . . . . . . . . . . 26
2.1.4 Lack of Centralized Network Management . . . . 26
2.1.5 Sharing of Reserved Resources across Data Centers 26
2.2 DDoS Attacks and Their Types . . . . . . . . . . . . . . 27
2.2.1 Agent-Handler and IRC-Based DDoS Attack Gen-eration . . . . . . . . . . . . . . . . . . . . . . . . 28
2.2.2 Types of DDoS Attacks . . . . . . . . . . . . . . 28
2.2.2.1 Layer-Specific DDoS Attacks . . . . . . 28
2.2.2.2 Direct and Reflector-Based DDoS Attacks 30
2.2.2.3 Direct and Indirect DDoS Attacks . . . 31
2.2.2.4 High-Rate and Low-Rate DDoS Attacks 31
2.2.2.5 Attack Types Based on Rate Dynamics 32
2.3 DDoS Attack Targets . . . . . . . . . . . . . . . . . . . 33
2.3.1 On Infrastructure . . . . . . . . . . . . . . . . . . 33
2.3.2 On Link . . . . . . . . . . . . . . . . . . . . . . . 33
2.3.3 On Router . . . . . . . . . . . . . . . . . . . . . 34
2.3.4 On OS . . . . . . . . . . . . . . . . . . . . . . . . 34
2.3.5 On Defense Mechanism . . . . . . . . . . . . . . 34
2.4 Current Trends in DDoS Attacks . . . . . . . . . . . . . 34
2.5 Strength of DDoS Attackers . . . . . . . . . . . . . . . . 36
2.6 Desired Characteristics of DDoS Defense System . . . . 37
2.7 Recent DDoS Attacks . . . . . . . . . . . . . . . . . . . 38
2.8 Machine Learning Background . . . . . . . . . . . . . . 39
2.8.1 Supervised and Unsupervised Machine Learning 40
2.8.2 Measures: Similarity and Dissimilarity . . . . . . 41
2.8.2.1 Dissimilarity Measures . . . . . . . . . 42
2.8.2.2 Correlation Measures . . . . . . . . . . 43
2.8.2.3 f-Divergence Measures . . . . . . . . . 46
2.8.2.4 Information Metrics . . . . . . . . . . . 48
2.8.3 Discussion . . . . . . . . . . . . . . . . . . . . . . 49
2.9 Some Empirical Studies . . . . . . . . . . . . . . . . . . 50
2.9.1 Using Information Metrics . . . . . . . . . . . . . 50
2.9.1.1 Testbed Used . . . . . . . . . . . . . . . 52
2.9.1.2 Datasets Used . . . . . . . . . . . . . . 53
2.9.1.3 Results of Empirical Study . . . . . . . 53
2.9.1.4 Discussion . . . . . . . . . . . . . . . . 59
2.9.2 Using Correlation Measures . . . . . . . . . . . . 59
2.9.2.1 An Example . . . . . . . . . . . . . . . 60
2.9.3 Using f-Divergence Measures . . . . . . . . . . . 62
2.9.3.1 Results . . . . . . . . . . . . . . . . . . 65
2.9.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 69
2.10 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 70
3、Botnets: Trends and Challenges 73
3.1 DDoS Attacks Using Stationary Botnets . . . . . . . . . 74
3.1.1 Botnet Characteristics . . . . . . . . . . . . . . . 74
3.1.2 Botnet Models . . . . . . . . . . . . . . . . . . . 75
3.1.2.1 Agent Handler Model . . . . . . . . . . 76
3.1.2.2 IRC-Based Model . . . . . . . . . . . . 76
3.1.2.3 Web-Based Model . . . . . . . . . . . . 77
3.1.3 Botnet Formation Life Cycle . . . . . . . . . . . 78
3.1.4 Stationary Botnet Architecture . . . . . . . . . . 78
3.1.4.1 Botnet Topology . . . . . . . . . . . . . 78
3.1.4.2 Protocols Used . . . . . . . . . . . . . . 79
3.1.4.3 Botnet C&C Systems . . . . . . . . . . 80
3.1.5 Some Stationary Botnets . . . . . . . . . . . . . 83
3.1.6 DDoS Attacks Using Mobile Botnets . . . . . . 89
3.1.6.1 Mobile Botnet Characteristics . . . . . 89
3.1.6.2 C&C Mechanisms in Mobile Botnet . . 90
3.1.7 Some Mobile Botnets . . . . . . . . . . . . . . . 93
3.2 Chapter Summary and Recommendations . . . . . . . . 94
4、DoS Detection 97
4.1 Modules of a DDoS Defense Solution . . . . . . . . . . . 98
4.1.1 Monitoring . . . . . . . . . . . . . . . . . . . . . 98
4.1.2 Detection . . . . . . . . . . . . . . . . . . . . . . 98
4.1.3 Reaction . . . . . . . . . . . . . . . . . . . . . . . 99
4.2 Types of DDoS Defense Solutions . . . . . . . . . . . . . 99
4.2.1 Based on Approach Used . . . . . . . . . . . . . 99
4.2.2 Based on Nature of Control . . . . . . . . . . . . 100
4.2.2.1 Centralized DDoS Defense . . . . . . . 100
4.2.2.2 Hierarchical DDoS Defense . . . . . . . 102
4.2.2.3 Distributed DDoS Defense . . . . . . . 102
4.2.3 Based on Defense Infrastructure . . . . . . . . . 103
4.2.3.1 Host-Based DDoS Defense . . . . . . . 103
4.2.3.2 Network-Based DDoS Defense . . . . . 104
4.2.4 Based on Defense Location . . . . . . . . . . . . 104
4.2.4.1 Victim-End DDoS Defense . . . . . . . 105
4.2.4.2 Source-End DDoS Defense . . . . . . . 105
4.2.4.3 Intermediate Network DDoS Defense . 106
4.2.5 Based on Techniques Used . . . . . . . . . . . . . 107
4.3 DDoS Detection Techniques . . . . . . . . . . . . . . . . 108
4.3.1 Misuse Detection . . . . . . . . . . . . . . . . . . 109
4.3.1.1 Signature-Based DDoS Detection . . . . 110
4.3.1.2 Rule-Based Detection . . . . . . . . . . 110
4.3.1.3 State-Transition Techniques . . . . . . 110
4.3.2 Anomaly-Based DDoS Detection . . . . . . . . . 111
4.3.2.1 Statistical Techniques . . . . . . . . . . 111
4.3.2.2 Machine Learning and Data Mining Tech-niques . . . . . . . . . . . . . . . . . . . 120
4.3.2.3 Soft Computing Techniques . . . . . . . 131
4.3.2.4 Knowledge-Based Techniques . . . . . . 137
4.4 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 141
5、DDoS Prevention 145
5.1 DDoS Prevention Techniques . . . . . . . . . . . . . . . 145
5.1.1 IP Traceback . . . . . . . . . . . . . . . . . . . . 146
5.1.1.1 Link Testing . . . . . . . . . . . . . . . 150
5.1.1.2 Packet Marking . . . . . . . . . . . . . 151
5.1.1.3 Packet Logging . . . . . . . . . . . . . . 153
5.1.1.4 ICMP Traceback Messages . . . . . . . 154
5.1.1.5 Discussion . . . . . . . . . . . . . . . . 154
5.1.2 Filtering Techniques . . . . . . . . . . . . . . . . 155
5.1.2.1 Ingress and Egress Filtering . . . . . . . 155
5.1.2.2 Router-Based Packet Filtering (RPF) . 157
5.1.2.3 Source Address Validity Enforcement(SAVE) Protocol . . . . . . . . . . . . . 158
5.1.3 Rate Control . . . . . . . . . . . . . . . . . . . . 159
5.2 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 159
6、DDoS Reaction and Tolerance 161
6.1 Intrusion Response System (IRS) . . . . . . . . . . . . . 161
6.1.1 Intrusion Response (IR) and Its Types . . . . . . 162
6.1.1.1 A Model to Demonstrate Relationshipsamong Responses . . . . . . . . . . . . 163
6.1.2 Development of IRSs: Approaches, Methods, and Techniques . . . . . . . . . . . . . . . . . . . . . 165
6.1.2.1 Based on the Degree of Automation . . 165
6.1.2.2 Based on the Approach Used for Trig-gering Responses . . . . . . . . . . . . . 167
6.1.2.3 Based on Adaptability . . . . . . . . . . 168
6.1.2.4 Based on Promptness in Response Gen-eration . . . . . . . . . . . . . . . . . . 169
6.1.2.5 Based on the Level of Cooperation . . . 169
6.1.2.6 Based on Versatility in Reacting to Un-seen Situations . . . . . . . . . . . . . . 170
6.1.3 Some Example Intrusion Response Systems . . . 171
6.1.3.1 Cooperative Intrusion Traceback and Re-sponse Architecture (CITRA) . . . . . 171
6.1.3.2 Distributed Management Architecture for Cooperative Detection and Reaction 172
6.1.3.3 EMERALD . . . . . . . . . . . . . . . . 173
6.1.3.4 CSM . . . . . . . . . . . . . . . . . . . 174
6.1.3.5 Adaptive, Agent-Based IRS (AAIRS) . 175
6.1.3.6 ALPHATECH . . . . . . . . . . . . . . 175
6.1.3.7 SITAR . . . . . . . . . . . . . . . . . . 176
6.1.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 177
6.2 DDoS Tolerance Approaches and Methods . . . . . . . . 177
6.2.1 Multi-Level IDS-Based Approaches . . . . . . . . 179
6.2.2 Middleware Algorithm-Based Approaches . . . . 182
6.2.3 Recovery-Based Approaches . . . . . . . . . . . . 185
6.2.4 Discussion . . . . . . . . . . . . . . . . . . . . . . 190
6.3 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 191
7、Tools and Systems 193
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 193
7.2 Types of Network Security Tools . . . . . . . . . . . . . 195
7.2.1 Information Gathering Tools . . . . . . . . . . . 195
7.2.1.1 Sniffing Tools . . . . . . . . . . . . . . . 195
7.2.1.2 Network Mapping/Scanning Tools . . . 201
7.2.2 Attack Launching Tools . . . . . . . . . . . . . . 203
7.2.2.1 Trojans . . . . . . . . . . . . . . . . . . 204
7.2.2.2 Transport and Network Layer Denial-of-Service Attacks . . . . . . . . . . . . 205
7.2.2.3 Application Layer Attack Tools . . . . 210
7.2.2.4 Additional Attack Tools . . . . . . . . . 212
7.2.3 Network Monitoring Tools . . . . . . . . . . . . . 214
7.2.3.1 Visualization and Analysis Tools . . . . 215
7.3 Observations . . . . . . . . . . . . . . . . . . . . . . . . 216
7.4 TUCANNON+: DDoS Attack-Generation and Monitor-ing Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
7.4.1 TUCannon: Attack-Generation Module . . . . . 220
7.4.2 Server Sub-module of TUCannon . . . . . . . . . 220
7.4.3 Client Sub-module . . . . . . . . . . . . . . . . . 222
7.4.4 Scalability of TUCannon . . . . . . . . . . . . . 223
7.4.5 Speed of TUCannon . . . . . . . . . . . . . . . . 223
7.4.6 Reflector Attack . . . . . . . . . . . . . . . . . . 223
7.5 TUCannon Architecture . . . . . . . . . . . . . . . . . . 224
7.5.1 Server Architecture . . . . . . . . . . . . . . . . . 224
7.5.2 Client Architecture . . . . . . . . . . . . . . . . . 225
7.6 TUMonitor . . . . . . . . . . . . . . . . . . . . . . . . . 226
7.6.1 TUMonitor: An Overview . . . . . . . . . . . . . 226
7.6.2 TUMonitor Architecture . . . . . . . . . . . . . . 229
7.6.3 Visualization with TUMonitor . . . . . . . . . . 231
7.7 DDoS Defense Systems . . . . . . . . . . . . . . . . . . . 231
7.7.1 Systems that Respond to Intrusion . . . . . . . . 232
7.7.1.1 Architectures of Some Well-Known De-fense Systems . . . . . . . . . . . . . . 233
7.7.2 Some Commercial and Academic Defense Systems 237
7.7.3 Discussion . . . . . . . . . . . . . . . . . . . . . . 247
7.8 Chapter Summary . . . . . . . . . . . . . . . . . . . . . 247
8、Conclusion and Research Challenges 249
8.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 249
8.1.1 Source IP Spoofing . . . . . . . . . . . . . . . . . 250
8.1.2 Degree of Randomization . . . . . . . . . . . . . 250
8.1.3 Isolation vs. Combination . . . . . . . . . . . . . 250
8.1.4 Realistic TCP SYN Flooding . . . . . . . . . . . 251
8.1.5 Removal of Unique Characteristics . . . . . . . . 251
8.1.6 Low-Cost and Limited Bandwidth Attack . . . . 251
8.2 Research Challenges . . . . . . . . . . . . . . . . . . . . 252
8.2.1 Developing a Generic DDoS Defense Mechanism 252
8.2.2 Integration of Packet/Flow Monitoring and De-tection . . . . . . . . . . . . . . . . . . . . . . . . 252
8.2.3 Developing DDoS-Tolerant Architecture . . . . . 253
8.2.4 Developing a Cost-Effective Source-End Defense 253
8.2.5 Developing an Efficient Dynamic Firewall . . . . 253
8.2.6 Hybridization Issues to Support Real-Time Performance with QoS . . . . . . . . . . . . . . . 253
8.2.7 Heuristics for Accurate Estimation of Defense Parameters . . . . . . . . . . . . . . . . . . . . . 254
8.2.8 Developing a Robust and Cost-Effective Proxim-ity Measure . . . . . . . . . . . . . . . . . . . . . . . 254
8.2.9 Standard for Unbiased Evaluation of Defense So-lutions . . . . . . . . . . . . . . . . . . . . . . . . 254
8.2.10 Large-Scale Testbed for Defense Validation . . . 254
免费下载地址:
百度网盘链接: https://pan.baidu.com/s/1RwliUJZSA_mWukSete4vvQ 提取码: avd4
如链接有失效,请评论区留言或Q上联系我!
总结:
此书籍我看了看,还是蛮不错的,不过英文我是看不懂的,我是用的谷歌文档翻译来看的。