摘要: | 身負企業營運重責大任的網站伺服器在面對網路阻絕服務攻擊(DoS)時,往往造成服務連通率嚴重降低或甚至中止服務,在仍無法完全杜絕攻擊之狀況下,本論文提出應用移動式代理人之網路協同防衛系統,以減少網站伺服器系統受阻絕服務攻擊的損害,提昇多數使用者連線成功的機率,使服務可以繼續被多數使用者存取為目標。 防禦系統由協防之多個網路節點進行訊務監控,收集通過各個網路節點欲到達網站伺服器之TCP連線請求訊務,作為這個網路節點的訊務樣式參考,並作為判斷具攻擊訊務之依據,並以限制通過之連線請求訊務作為防禦,使該區之所有連線請求訊務被部分丟棄。如果判斷攻擊訊務為真,則可降低伺服器受到的損害,與不進行防禦比較起來,其它路由方向進入的使用者獲得服務的機會增加了;如果瞬間湧入的是正常使用者之連線請求,造成封包重傳以致完成連線之時間變長或者是逾時而無法連線,因系統仍在正常服務狀態,所以使用者數不是太多時則嘗試多次後應可獲得服務。但如果攻擊訊務匯入至此協防網路節點之數量並不多時,則無法判斷出攻擊狀況;然而整體而言伺服器之效能應能容忍這些小量的攻擊封包,所以伺服器系統應該仍能繼續提供服務。 本系統應用移動式代理人之技術,達到防禦系統於伺服器端與協防端透過移式代理人進行程式分派及訊務收集,以增加管理之彈性。並提出應用移動式代理人概念之監測代理人、伺服器代理人及指揮代理人,使系統的運作更具靈活性及符合其運作模式,目前本系統已完成監測代理人之實作,並透過實測驗證其功能。 When under the Denial of Service(DoS) attacking, the enterprises' mission-critical systems often only provide low service rate to the user or even stop the service. Since the DoS threaten seems will never disappear, this paper proposed a mobile agent-based network cooperated defense systems to reduce the injuries that network server is suffering, and increase the amount of users can successfully access the service. The server will gain more defense ability from multiple cooperated network node via collecting the TCP connection request traffic and treated it as the traffic pattern of that network node. When the traffic against the safe, the system will issue a command to network node to restrict the SYN packet forwarding. If the judgment is true, then the injury of the server is reduced. Compared with the case without cooperated network node's defense, the successful accessing users come from other network node is increased; if the huge amount of SYN traffic are from legitimate users, it will cause packet retransmit and have longer establishment time, or just timeout. Because the server is not under attacking, so if the user number is not so much, after some other retries the connection will be setup. If the attacking traffic is small, then it will not be treated as attacks and will harm the server, but since the attacking traffic is not much, so the server should have the ability to provide service continually. The system is implemented with mobile agent technology, so codes are dispatched from management system side to network node side, so the systems management is with more flexible. This paper also proposed the mobile agent-based monitoring agent, server agent and commander agent to let the system can operate agilely as in reality world. At present phase, the system has already implemented monitoring agent, and do some experimental tests to verify its function. |