中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/8866
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41664335      Online Users : 1629
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/8866


    Title: 以主動式網路抵禦DDoS攻擊;Active Defense against DDoS Attacks
    Authors: 王凱平;Kai-Ping Wang
    Contributors: 資訊工程研究所
    Keywords: 主動式網路DDoS抵禦系統;主動式網路;分散式阻絕攻擊;ANTS;ADDS;Active Network;DDoS;ANTS
    Date: 2004-07-13
    Issue Date: 2009-09-22 11:36:43 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 近年來利用分散式阻絕服務攻擊(DDoS)事件層出不窮,而這些攻擊都有一些共同特點:利用某些系統的安全漏洞進行攻擊,且攻擊者就會入侵使用者的系統,並進而操縱使用者系統成為攻擊的跳板,造成網路癱瘓。 在DDoS攻擊擴散的同時,如果能迅速確認網路各節點的健康狀況(physical condition)並啟動相對應機制的話,將可隔離並縮小攻擊者所造成的攻擊區域。本論文利用主動式網路(Active Network)快速散佈策略(policy)的優點,逐步對網路中每個節點進行偵測,先將整個網路分成三個區域:安全區域(safe area)、可疑區域(uncertain area)、攻擊區域(attacked area)。接著,利用主動式網路封包攜帶特定攻擊的解毒疫苗,修補可疑區域內各節點的安全漏洞。最後,整個網路拓樸可以明確區分出安全區域與攻擊區域,達到阻絕攻擊的目的。 本論文規劃之系統-主動式網路DDoS抵禦系統(Active DDoS Defense System,簡稱ADDS)採用主動式網路做為疫苗的傳輸媒介,並且使用Active Network Transfer System(ANTS)作為主動式網路的執行環境(execution environments,簡稱EE),使用者不需要再額外建立一個傳輸協定即可將客制化的程式放在膠囊(capsules)中傳輸,達到程式化網路(programming network)目的。 根據本論文第四章中模擬數據得知,相較於沒有防守機制時,使用ADDS可以讓網路存活時間(network survival time)增加232%,並且在攻擊發生時平均降低CPU使用率(CPU utilization wasted by undetected attacks)33.55%;但相對的,也有9.98%合法封包會被誤判成攻擊封包(legal traffic dropped rate)。 The events of DDoS attacks grow rapidly in recent years, and these attacks all contain some common features: if the user did not repair these securities loophole as soon as possible, those attackers will make use of the safe loophole of some systems to carry on attacks and invade the system of the user becoming the zombie of the attacker. It will cause the network to paralyze and can't provide service. If network can confirm the physical condition of each node and starts cleaning mechanisms when DDoS attacks start spreading, it will isolate and shrink attacker's affairs. This thesis uses the advantage of Active Network, fast on distributing policies, to detect every node gradually. It will be divided whole network into three areas: safe area, uncertain area and attacked area. And then repair the safe loophole of each network node by making use of Active Network packets to take the particular attack antivirus. Finally, the whole network topology can be divided into safe area and attacked area, and restrain DDoS attacks. This thesis proposed Active DDoS Defense System (ADDS), it uses Active Network Transfer System (ANTS) to the chosen execution environment (EE). ANTS is a popular EE and uses capsules to transport user's program. Simulation results show that ADDS is able to make network survival time increase 224%, and while attacks occurrence reduces the CPU rate wasted by undetected attacks 34.58%. But ADDS also make the legal traffic dropped rate increase 8.12%.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明