網路安全隨著網路蓬勃發展愈顯重要,各種網路入侵事件層出不窮,使傳統的資訊安全市場產生巨變,不斷翻新的網路入侵技術、類型多變的病毒與網蟲攻擊,藉著貫通全球的網際網路和電子郵件散發。面對攻擊工具流通快速且普遍被濫用,反觀一般使用者對網路安全普遍漠視形成強烈的對比,這種情況使得網路安全問題越來越嚴重。資訊安全的重要性與攻擊者入侵問題,近年持續受到企業與政府關切;其中又以分散式阻絕服務 (Distributed Denial of Service,簡稱DDoS) 攻擊對網路所造成威脅及損害最為嚴重。同時許多論文提出各類型的防禦機制來對抗DDoS攻擊。然而攻擊方式愈來愈多,攻擊模式相較於過去也更加複雜,因此抵禦這類網路攻擊的困難度不斷增加。 本文提出階層式聯合防衛DDoS攻擊系統架構;聯合網路型入侵預防系統 (WallGuard) ,主機型入侵預防系統 (WallAgent) 及區域派送員 (Domain dispatcher) 三個元件,組成階層式聯合防衛機制。WallGuard負責多網域間聯防工作,實作流量統計與控制路由設備過濾攻擊。同時利用區域劃分的概念,WallGuard可以進一步的透過所管轄之Domain dispatcher通報子網路下的WallAgent共同防衛DDoS攻擊,將攻擊阻絕在最近攻擊者端。另外提出分析系統記錄檔之預防機制防止DDoS攻擊發生,達到事前的預防效果。 With the rise of internet, network security has also become important. Various incidents of intrusion emerges which make great changes in the traditional market of information security. Continuous innovating internet intrusion techniques, changeful viruses, and worm attacks, it spreads through global internet and e-mails. Attack tools travel fast and has been misapplies; which makes a great contradiction when we observe how the general users ignore network security. Such situation is becoming worse, thus, it has received great concerns from both the cooperation and the government. And among them, the attack of Distributed Denial of Service, DDoS, causes more threats and damages to the internet than that of others. At the same time, many dissertations have proposed every kind of defending mechanism to confront DDoS attacks. However, the more attacks there are, the more complicated the attack modules; therefore, the difficulties of defending these internet attacks increases. This paper proposes a hierarchical cooperative defending system against DDoS attacks, uniting its subsidiary systems WallGuard, WallAgent, and domain dispatcher to defend DDoS attacks. WallGuard is in charge of defense cooperatively in DDoS attack and it implements traffic statistics and controls the devices of router to filter the attacks. WallGuard can announce to the WallAgent in the subnet through the governed domain dispatcher to cooperatively defense the attacks of DDoS by using the concept of the division of area. It is also proposed to analyze the logs of system to prevent the DDoS attacks