中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/8863
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78818/78818 (100%)
Visitors : 34467327      Online Users : 827
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/8863


    Title: 抵禦DDoS攻擊之階層式聯合防衛系統;A Hierarchical Cooperative Defending System against DDoS Attacks
    Authors: 林柏昇;Po-Sheng Lin
    Contributors: 資訊工程研究所
    Keywords: 入侵預防系統;網路安全;聯防機制;分散式阻絕服務攻擊;Network Security;Hierarchical Cooperative Defending system;DDoS;Log-based Prevention
    Date: 2004-07-15
    Issue Date: 2009-09-22 11:36:39 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 網路安全隨著網路蓬勃發展愈顯重要,各種網路入侵事件層出不窮,使傳統的資訊安全市場產生巨變,不斷翻新的網路入侵技術、類型多變的病毒與網蟲攻擊,藉著貫通全球的網際網路和電子郵件散發。面對攻擊工具流通快速且普遍被濫用,反觀一般使用者對網路安全普遍漠視形成強烈的對比,這種情況使得網路安全問題越來越嚴重。資訊安全的重要性與攻擊者入侵問題,近年持續受到企業與政府關切;其中又以分散式阻絕服務 (Distributed Denial of Service,簡稱DDoS) 攻擊對網路所造成威脅及損害最為嚴重。同時許多論文提出各類型的防禦機制來對抗DDoS攻擊。然而攻擊方式愈來愈多,攻擊模式相較於過去也更加複雜,因此抵禦這類網路攻擊的困難度不斷增加。 本文提出階層式聯合防衛DDoS攻擊系統架構;聯合網路型入侵預防系統 (WallGuard) ,主機型入侵預防系統 (WallAgent) 及區域派送員 (Domain dispatcher) 三個元件,組成階層式聯合防衛機制。WallGuard負責多網域間聯防工作,實作流量統計與控制路由設備過濾攻擊。同時利用區域劃分的概念,WallGuard可以進一步的透過所管轄之Domain dispatcher通報子網路下的WallAgent共同防衛DDoS攻擊,將攻擊阻絕在最近攻擊者端。另外提出分析系統記錄檔之預防機制防止DDoS攻擊發生,達到事前的預防效果。 With the rise of internet, network security has also become important. Various incidents of intrusion emerges which make great changes in the traditional market of information security. Continuous innovating internet intrusion techniques, changeful viruses, and worm attacks, it spreads through global internet and e-mails. Attack tools travel fast and has been misapplies; which makes a great contradiction when we observe how the general users ignore network security. Such situation is becoming worse, thus, it has received great concerns from both the cooperation and the government. And among them, the attack of Distributed Denial of Service, DDoS, causes more threats and damages to the internet than that of others. At the same time, many dissertations have proposed every kind of defending mechanism to confront DDoS attacks. However, the more attacks there are, the more complicated the attack modules; therefore, the difficulties of defending these internet attacks increases. This paper proposes a hierarchical cooperative defending system against DDoS attacks, uniting its subsidiary systems WallGuard, WallAgent, and domain dispatcher to defend DDoS attacks. WallGuard is in charge of defense cooperatively in DDoS attack and it implements traffic statistics and controls the devices of router to filter the attacks. WallGuard can announce to the WallAgent in the subnet through the governed domain dispatcher to cooperatively defense the attacks of DDoS by using the concept of the division of area. It is also proposed to analyze the logs of system to prevent the DDoS attacks
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明