English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 64745/64745 (100%)
造訪人次 : 20503337      線上人數 : 424
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/8863


    題名: 抵禦DDoS攻擊之階層式聯合防衛系統;A Hierarchical Cooperative Defending System against DDoS Attacks
    作者: 林柏昇;Po-Sheng Lin
    貢獻者: 資訊工程研究所
    關鍵詞: 入侵預防系統;網路安全;聯防機制;分散式阻絕服務攻擊;Network Security;Hierarchical Cooperative Defending system;DDoS;Log-based Prevention
    日期: 2004-07-15
    上傳時間: 2009-09-22 11:36:39 (UTC+8)
    出版者: 國立中央大學圖書館
    摘要: 網路安全隨著網路蓬勃發展愈顯重要,各種網路入侵事件層出不窮,使傳統的資訊安全市場產生巨變,不斷翻新的網路入侵技術、類型多變的病毒與網蟲攻擊,藉著貫通全球的網際網路和電子郵件散發。面對攻擊工具流通快速且普遍被濫用,反觀一般使用者對網路安全普遍漠視形成強烈的對比,這種情況使得網路安全問題越來越嚴重。資訊安全的重要性與攻擊者入侵問題,近年持續受到企業與政府關切;其中又以分散式阻絕服務 (Distributed Denial of Service,簡稱DDoS) 攻擊對網路所造成威脅及損害最為嚴重。同時許多論文提出各類型的防禦機制來對抗DDoS攻擊。然而攻擊方式愈來愈多,攻擊模式相較於過去也更加複雜,因此抵禦這類網路攻擊的困難度不斷增加。 本文提出階層式聯合防衛DDoS攻擊系統架構;聯合網路型入侵預防系統 (WallGuard) ,主機型入侵預防系統 (WallAgent) 及區域派送員 (Domain dispatcher) 三個元件,組成階層式聯合防衛機制。WallGuard負責多網域間聯防工作,實作流量統計與控制路由設備過濾攻擊。同時利用區域劃分的概念,WallGuard可以進一步的透過所管轄之Domain dispatcher通報子網路下的WallAgent共同防衛DDoS攻擊,將攻擊阻絕在最近攻擊者端。另外提出分析系統記錄檔之預防機制防止DDoS攻擊發生,達到事前的預防效果。 With the rise of internet, network security has also become important. Various incidents of intrusion emerges which make great changes in the traditional market of information security. Continuous innovating internet intrusion techniques, changeful viruses, and worm attacks, it spreads through global internet and e-mails. Attack tools travel fast and has been misapplies; which makes a great contradiction when we observe how the general users ignore network security. Such situation is becoming worse, thus, it has received great concerns from both the cooperation and the government. And among them, the attack of Distributed Denial of Service, DDoS, causes more threats and damages to the internet than that of others. At the same time, many dissertations have proposed every kind of defending mechanism to confront DDoS attacks. However, the more attacks there are, the more complicated the attack modules; therefore, the difficulties of defending these internet attacks increases. This paper proposes a hierarchical cooperative defending system against DDoS attacks, uniting its subsidiary systems WallGuard, WallAgent, and domain dispatcher to defend DDoS attacks. WallGuard is in charge of defense cooperatively in DDoS attack and it implements traffic statistics and controls the devices of router to filter the attacks. WallGuard can announce to the WallAgent in the subnet through the governed domain dispatcher to cooperatively defense the attacks of DDoS by using the concept of the division of area. It is also proposed to analyze the logs of system to prevent the DDoS attacks
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    0KbUnknown417檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋  - 隱私權政策聲明