| 摘要: | 隨著Internet 的快速擴展,人們得以廣泛地分享知識,進行各種網路交易.但駭客也利用各種途徑感染連網主機,並利用龐大的傀儡軍團散播廣告/病毒信 (spam/virus mail),掃瞄弱點(portscan), 發動DDoS 攻擊,詐騙銀行帳號(phishing). 為防堵駭客透過蠕蟲,email 病毒,潛藏網站的病毒, 感染用戶主機. 隨著組織對資訊安全的重視,在端點主機(end user)防護與網段的異常偵測方面漸有改善. 但對於廣範圍網路的防護則相當缺乏. 本計劃側重於 網路彙集點的異常偵測與防護工作. 藉由對網路異常行為與特性的分析:包括: portscan, spam, packet flooding 攻擊, P2P infringement traffic 選定適當的異常訊務特徵變量, 撰寫訊務累計/排序,與多元異常變量偵測程式, 實做Flooding 異常訊務偵測與通告系統. 該系統除了能將偵測得異常PortScan 弱點掃瞄, Spam 廣告垃圾信件, UDP Packet flood, 及 P2P infringement 源端主機 IP 位址,及傳訊特徵變量的具體數據外,更可結合 網路routing 資訊, 自動將量測的異常訊務數值自動email 通知網路管理人員與用戶,儘速修補感染的系統,主動阻截DDoS 攻擊或爛送的廣告信.利用網路總閘門位置,提供全面,廣範圍的安全防護。The rapid growth in DoS attack, spam and mass-mail viruses has increased the need to develop effective approaches for detecting the significant flooding anomaly. As all traffic between the public Internet and the customer』s desktop are interconnected through ISP』s access router, it might be feasible and effective for adding an extra level flooding filtering over aggregate networks for detecting the source hosts that launch flooding based DoS attack and delivery huge amount of spam. This work makes use of the transportation traffic log gathered from backbone router to develop flooding detection system (FDS) that measures and detects the extremely anomalous traffic according to the bulk distribution aspect of the obvious anomalies, including: packet flooding attack, portscan, spam distribution, and P2P traffic distribution. FDS system has been deployed in one regional network center over a TANet (Taiwan Academic Network) network center for offering an extra level filtering and assisting network users grasping the significantly anomalous traffic. 研究期間:9608 ~ 9707 |
