中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/8844
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 78818/78818 (100%)
造访人次 : 34693516      在线人数 : 1555
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/8844


    题名: 分散式阻斷服務下之過載保護機制;An Overload Protection Mechanism Under DDoS Attack
    作者: 謝彥偉;Yen-Wei Hsieh
    贡献者: 資訊工程研究所
    关键词: 路由器;過載保護;分散式阻斷服務;壅塞;router;overload protection;DDoS;congestion
    日期: 2004-07-14
    上传时间: 2009-09-22 11:36:04 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 近年來許多的網路攻擊突顯出網際網路上諸多的弱點,其中造成損害最大的可謂為分散式阻斷服務(DDoS),對於許多既存的防禦方法來說分散式的攻擊很難去防止。隨著網際網路的普及,在網路上愈來愈容易找到含有弱點的主機,有心的攻擊者可利用這些主機的弱點,來攻擊其它特定的網路主機,造成一般正常的使用者無法使用該主機的服務。 由於分散式阻斷服務有著壅塞和連續的特性,因此常常會因路由器的負載過重而造成封包無法正常傳遞。大多數的防禦機制都很難在壅塞的網路上做通訊,更遑論在發生攻擊時,再來做防禦。有鑑於此,本文提出分散式阻斷服務下之過載保護機制,可在攻擊發生時迅速且確實的將攻擊封包加以分流,並予以阻擋流量過大的來源,並將路由器的負載降低,以提供其它正常使用者的封包得以順利傳遞,並可配合其它的異常流量偵測演算法加強防禦的效果。 我們藉由建立實體的測試網路來實驗在受到分散式阻斷服務攻擊時,本文所提的方法之成效。實驗結果證明採用這套方法後可以在受到攻擊時能有效的減輕攻擊所造成的影響。 Many attacks on the internet reveal much vulnerability in recent years; causing the largest damage among them we called DDoS. For much existent defense strategies, the DDoS is hard to prevent. With the popularity of the internet, it is more and more easily to find vulnerable server; some intent attacker will use these weakness to attack the particular server that the service can’t be available to the legitimate user . Due to DDoS has characteristic of congestion and continuity, so that the packet can’t be forwarded normally because of router-overloading. Most defense mechanism can’t communicate through the congested network; it is unnecessary to say that if attacks occur, other protection mechanism will work. In view of this, this paper proposed the overload protection mechanism under DDoS that it can bypass the attacking packet quickly and precisely also defend large source and decrease loading of router when attacks occur in order to transmit packet fluently for other legitimate user. Moreover, it can work with other defense mechanism to enhance the performance of protection mechanism. We use the physical topology to simulate the performance of our protection mechanism under DDoS attack. The result of our experiment evidenced that overload protection mechanism is practical and decreases the influence effectively.
    显示于类别:[資訊工程研究所] 博碩士論文

    文件中的档案:

    档案 大小格式浏览次数


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明