博碩士論文 88522029 詳細資訊

姓名 彭銘樹(Ming-Shu Peng )  查詢紙本館藏   畢業系所 資訊工程研究所
論文名稱 應用移動式代理人之網路協同防衛系統
(Mobile Agent-Based Network Cooperated Defense Systems)
檔案 [Endnote RIS 格式]    [Bibtex 格式]    至系統瀏覽論文 ( 永不開放)
摘要(中) 身負企業營運重責大任的網站伺服器在面對網路阻絕服務攻擊(DoS)時,往往造成服務連通率嚴重降低或甚至中止服務,在仍無法完全杜絕攻擊之狀況下,本論文提出應用移動式代理人之網路協同防衛系統,以減少網站伺服器系統受阻絕服務攻擊的損害,提昇多數使用者連線成功的機率,使服務可以繼續被多數使用者存取為目標。
摘要(英) When under the Denial of Service(DoS) attacking, the enterprises' mission-critical systems often only provide low service rate to the user or even stop the service. Since the DoS threaten seems will never disappear, this paper proposed a mobile agent-based network cooperated defense systems to reduce the injuries that network server is suffering, and increase the amount of users can successfully access the service.
The server will gain more defense ability from multiple cooperated network node via collecting the TCP connection request traffic and treated it as the traffic pattern of that network node. When the traffic against the safe, the system will issue a command to network node to restrict the SYN packet forwarding. If the judgment is true, then the injury of the server is reduced. Compared with the case without cooperated network node's defense, the successful accessing users come from other network node is increased; if the huge amount of SYN traffic are from legitimate users, it will cause packet retransmit and have longer establishment time, or just timeout. Because the server is not under attacking, so if the user number is not so much, after some other retries the connection will be setup. If the attacking traffic is small, then it will not be treated as attacks and will harm the server, but since the attacking traffic is not much, so the server should have the ability to provide service continually.
The system is implemented with mobile agent technology, so codes are dispatched from management system side to network node side, so the systems management is with more flexible. This paper also proposed the mobile agent-based monitoring agent, server agent and commander agent to let the system can operate agilely as in reality world. At present phase, the system has already implemented monitoring agent, and do some experimental tests to verify its function.
關鍵字(中) ★ SYN flooding attack
★  分散式阻絕服務攻擊
★  協同防衛
★  移動式代理人
★  訊務樣式
★  阻絕服務攻擊
關鍵字(英) ★ cooperated defense
★  DDoS
★  DoS
★  mobile agent
★  SYN flooding
★  traffic pattern
論文目次 目錄
第 1 章 緒論1
1.1 網路安全1
1.2 研究目標2
1.3 論文架構3
第 2 章 相關研究4
2.1 DoS/DDoS攻擊4
2.1.1 TCP/IP的缺陷4
2.1.2 DoS攻擊種類6
2.1.3 DDoS網路攻擊7
2.2 DoS/DDoS攻擊之防禦策略9
2.2.1 網站伺服器防禦措施9
2.2.2 訊務削減10
2.2.3 防火牆防禦阻絕服務功能11
2.2.4 安全的網路環境14
2.2.5 存活觀念16
2.3 移動式代理人(Mobile agent)簡介17
2.3.1 Mobile agent之優點18
2.3.2 Mobile agent之系統運作圖19
2.3.3 Mobile agent應用與發展20
2.3.4 Mobile agent 系統介紹21
第 3 章 應用移動式代理人網路協同防衛系統之設計及實作24
3.1 功能需求與網路環境之假設24
3.2 伺服器代理人之設計26
3.3 監測代理人之設計29
3.4 指揮代理人之設計34
3.5 系統防禦能力42
3.6 系統實作環境45
第 4 章 系統實測48
4.1 系統測試環境48
4.2 系統實測結果52
4.2.1 實測案例列表52
4.2.2 案例1: 所有使用者正常存取效能紀錄53
4.2.3 案例2: 出現阻絕服務攻擊者,但未採取防禦措施之效能紀錄53
4.2.4 案例3: 採取協同防禦措施之效能紀錄54
4.2.5 案例4: 出現阻絕服務攻擊者,但未採取防禦措施之效能紀錄55
4.2.6 案例5: 防禦以嚴密網路節點訊務樣式為依據之效能紀錄56
4.3 系統測試結論57
第 5 章 結論及未來發展之方向58
參考文獻 [1]CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks, http://www.cert.org/advisories/CA-1996-21.html
[2]CERT Advisory CA-1996-26 Denial-of-Service Attack via ping, http://www.cert.org/advisories/CA-1996-26.html
[3]CERT Advisory CA-1996-01 UDP Port Denial-of-Service Attack, http://www.cert.org/advisories/CA-1996-01.html
[4]CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks, http://www.cert.org/advisories/CA-1998-01.html
[5]DDoS attack tool timeline, http://staff.washington.edu/dittrich/talks/sec2000/ timeline.html
[6]A.S. Tanenbaum, Computer Networks, Prentice-Hall International, Inc, pp 413-416, pp 524-536, 1996.
[7]CERT Incident Note IN-99-07, http://www.cert.org/incident_notes/ IN-99-07.html
[8]CERT Incident Note IN-2000-05, http://www.cert.org/incident_notes/ IN-2000-05.html
[9]S.-L. Wu and L.-D. Chou, "Simulations for solutions of TCP SYN flooding attacks," Proceedings of the Eighth National Conference on Information Security, Kaoshong, Taiwan, R.O.C., pp. 71-79, May 1998.
[10]L.-D. Chou and S.-J. Fong, "Preventive strategies to reduce the effect of TCP SYN flooding attack," Proceedings of the 2nd Conference on Information Management and Its Application in Law Enforcement, Taoyuan, Taiwan, R.O.C., pp. 91-96, May 1997.
[11]L.-D. Chou and S.-L. Wu, "Precautionary measures against TCP SYN flooding attacks," Proceedings of IFIP WCC 2000-World Computer Congress: The 15th International Conference on Information Security, Beijing, China, Aug. 2000.
[12]Policing and Shaping Overview, http://www.cisco.com/univercd/cc/td/doc /product /software/ios120/12cgcr/qos_c/qcpart4/index.htm.
[13]呂維毅, ATM網路新世紀 實務進階篇, 和碩科技, pp. 26-40, Aug. 1996.
[14]N.A. Noureldien and I.M. Osman, "A stateful inspection module architecture," TENCON 2000. Proceedings, Vol. 2, pp 259-265, 24-27 Sept. 2000.
[15]CheckPoint FireWall-1 Technical Overview, http://www.checkpoint.com/ products/firewall-1/.
[16]X. Geng and A.B. Whinston, "Defeating distributed denial of service attacks, " IT Professional, pp 36-42, July-Aug. 2000.
[17]S.-K. Huang, "防止攻擊跳板主機的安全管理策略," 2000 年第二屆網際空間:資訊、法律與社會, Dec 2000, pp. 121-127.
[18]The NetBSD Packages Collection: security/ddos-scan, http://www.jp.netbsd.org/ ja/JP/Documentation/Packages/list/security/ddos-scan/README.html
[19]18 February, 2000 Detect DDoS Components, http://www2.axent.com/ swat/index.cfm
[20]D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," RFC 2827, http://www.ietf.org/rfc/ rfc2827.txt, May 2000.
[21]H.F. Lipson and D.A. Fisher, "A New Technical and Business Perspective on Security," Proceedings of the 1999 New Security Paradigms Workshop, Caledon Hills, Ontario, Canada, September 22-24, 1999.
[22]P. Bellavista, A. Corradi and C. Stefanelli, "An integrated management environment for network resources and services," IEEE Journal on Selected Areas in Communications, Vol. 188, No. 5, pp 676-685, May 2000.
[23]M.G. Ceruti, "Mobile agents in network-centric warfare", Proceedings of 5th International Symposium on Autonomous Decentralized Systems, pp. 243-246, 26-28 Mar. 2001.
[24]P. Marques, P. Simoes, L. Silva, F. Boavida and J. Silva, "Providing applications with mobile agent technology," Open Architectures and Network Programming Proceedings, pp 129-136, 2001 IEEE, 2001.
[25]P. Bellavista, A. Corradi and C. Stefanelli, "CORBA solutions for interoperability in mobile agent environments," Proceedings of the International Symposium on Distributed Objects and Applications, DOA '00., pp 283-292, 21-23 Sept. 2000.
[26]GMD FOKUS, and IBM Corp, Mobile Agent Facility Specification, Joint Submission supported by Crystaliz Inc., General Magic Inc., the Open Group, OMG TC Document orbos/98-03-09, ftp://ftp.omg.org/pub/docs/orbos/98-03-09.pdf.
[27]H. Reiser and G. Vogt, "Threat analysis and security architecture of mobile agent based management systems," Proceedings of Network Operations and Management Symposium, pp. 979-980, 10-14 Apr. 2000.
[28]F. Hohl, "A framework to protect mobile agents by using reference states," Proceedings of 20th International Conference on Distributed Computing Systems, 2000, pp. 410 - 417, 10-13 Apr. 2000.
[29]J.-H. Wang, J.-P. Hu and K. Hu, "Security design of mobile agent system," Proceedings of Workshop on Database and Expert Systems Applications, pp. 426 - 430, 4-8 Sept. 2000.
[30]J.-Y. Park, D.-I. Lee and H.-H. Lee, "Data protection in mobile agents; one-time key based approach", Proceedings of 5th International Symposium on Autonomous Decentralized Systems, pp. 411-418, 26-28 Mar. 2001.
[31]D'Agents Software Release 2.0, http://agent.cs.dartmouth.edu/software /agent2.0/
[32]The TACOMA project, http://www.tacoma.cs.uit.no/
[33]Voyager overview, http://www.objectspace.com/products/voyager/
[34]Concordia Technology - At a Glance, http://www.concordiaagents.com /documents.htm
[35]Grasshopper-The Agent Platform, http://www.grasshopper.de/
[36]Y.-W. Chen, K.-S. Hsiang and T.-Y. Hsieng, "Study on the Prevention of SYN Flooding by Using Traffic Policing," Proceedings of Network Operations and Management Symposium, Hawaii, pp. 593-604, April, 2000.
[37]R. Caceres, N. Duffield, A. Feldmann, J.D. Friedmann, A. Greenberg, R. Greer, T. Johnson, C.R. Kalmanek, B. Krishnamurthy, D. Lavelle, P.P. Mishra, J. Rexford, K.K. Ramakrishnan, F.D. True and J.E. van der Merwe, "Measurement and analysis of IP network usage and behavior," IEEE Communications Magazine, Vol. 38, No. 5, pp 141-151, May 2000.
[38]WinPcap: the Free Packet Capture Architecture for Windows, http://netgroup -serv.polito.it/winpcap
[39]WinDump: tcpdump for Windows, http://netgroup-serv.polito.it/windump/
[40]Cabletron Systems, SSR8 CLI Reference Manual.
[41]IBM Aglets Software Development Kit, http://www.trl.ibm.com/aglets.
指導教授 周立德(Li-Der Chou) 審核日期 2001-7-20
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡