中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/8844
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78852/78852 (100%)
Visitors : 37839844      Online Users : 535
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/8844


    Title: 分散式阻斷服務下之過載保護機制;An Overload Protection Mechanism Under DDoS Attack
    Authors: 謝彥偉;Yen-Wei Hsieh
    Contributors: 資訊工程研究所
    Keywords: 路由器;過載保護;分散式阻斷服務;壅塞;router;overload protection;DDoS;congestion
    Date: 2004-07-14
    Issue Date: 2009-09-22 11:36:04 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 近年來許多的網路攻擊突顯出網際網路上諸多的弱點,其中造成損害最大的可謂為分散式阻斷服務(DDoS),對於許多既存的防禦方法來說分散式的攻擊很難去防止。隨著網際網路的普及,在網路上愈來愈容易找到含有弱點的主機,有心的攻擊者可利用這些主機的弱點,來攻擊其它特定的網路主機,造成一般正常的使用者無法使用該主機的服務。 由於分散式阻斷服務有著壅塞和連續的特性,因此常常會因路由器的負載過重而造成封包無法正常傳遞。大多數的防禦機制都很難在壅塞的網路上做通訊,更遑論在發生攻擊時,再來做防禦。有鑑於此,本文提出分散式阻斷服務下之過載保護機制,可在攻擊發生時迅速且確實的將攻擊封包加以分流,並予以阻擋流量過大的來源,並將路由器的負載降低,以提供其它正常使用者的封包得以順利傳遞,並可配合其它的異常流量偵測演算法加強防禦的效果。 我們藉由建立實體的測試網路來實驗在受到分散式阻斷服務攻擊時,本文所提的方法之成效。實驗結果證明採用這套方法後可以在受到攻擊時能有效的減輕攻擊所造成的影響。 Many attacks on the internet reveal much vulnerability in recent years; causing the largest damage among them we called DDoS. For much existent defense strategies, the DDoS is hard to prevent. With the popularity of the internet, it is more and more easily to find vulnerable server; some intent attacker will use these weakness to attack the particular server that the service can’t be available to the legitimate user . Due to DDoS has characteristic of congestion and continuity, so that the packet can’t be forwarded normally because of router-overloading. Most defense mechanism can’t communicate through the congested network; it is unnecessary to say that if attacks occur, other protection mechanism will work. In view of this, this paper proposed the overload protection mechanism under DDoS that it can bypass the attacking packet quickly and precisely also defend large source and decrease loading of router when attacks occur in order to transmit packet fluently for other legitimate user. Moreover, it can work with other defense mechanism to enhance the performance of protection mechanism. We use the physical topology to simulate the performance of our protection mechanism under DDoS attack. The result of our experiment evidenced that overload protection mechanism is practical and decreases the influence effectively.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明