dc.description.abstract | When under the Denial of Service(DoS) attacking, the enterprises' mission-critical systems often only provide low service rate to the user or even stop the service. Since the DoS threaten seems will never disappear, this paper proposed a mobile agent-based network cooperated defense systems to reduce the injuries that network server is suffering, and increase the amount of users can successfully access the service.
The server will gain more defense ability from multiple cooperated network node via collecting the TCP connection request traffic and treated it as the traffic pattern of that network node. When the traffic against the safe, the system will issue a command to network node to restrict the SYN packet forwarding. If the judgment is true, then the injury of the server is reduced. Compared with the case without cooperated network node's defense, the successful accessing users come from other network node is increased; if the huge amount of SYN traffic are from legitimate users, it will cause packet retransmit and have longer establishment time, or just timeout. Because the server is not under attacking, so if the user number is not so much, after some other retries the connection will be setup. If the attacking traffic is small, then it will not be treated as attacks and will harm the server, but since the attacking traffic is not much, so the server should have the ability to provide service continually.
The system is implemented with mobile agent technology, so codes are dispatched from management system side to network node side, so the systems management is with more flexible. This paper also proposed the mobile agent-based monitoring agent, server agent and commander agent to let the system can operate agilely as in reality world. At present phase, the system has already implemented monitoring agent, and do some experimental tests to verify its function. | en_US |