近年來的許多網路攻擊突顯出網路上許多的弱點,更加顯示了網路安全的重 要性。其中造成損害最大的可說是分散式阻斷服務攻擊 (Distributed Denial of Service, 簡稱DDoS)。 由於DDoS 攻擊是大量且分散的,沒有任何防護措施的伺服器,在受到DDoS 攻擊時,可能在數分鐘內就會被癱瘓,所以抵禦DDoS 攻擊的防禦措施很重要。 我們提出利用監測系統和重疊網路的技術來及時啟動防禦系統,隱藏服務主機的 位置,阻擋分散式阻絕服務攻擊,並提供正常的服務給合法使用者。重疊網路 (Overlay Network)係指利用Proxy 等技術,將某應用伺服器多點散布在廣大的 網路中,以達到增進網路安全之目的。在攻擊發生時,可以立刻有效的針對分散 的攻擊加以阻擋來保護伺服器。 我們藉由建立實體的測試網路來實驗我們所提系統的可行性。實驗結果證明 本系統可以有效的阻擋攻擊。 Many attacks on the internet reveal much vulnerability in recent years that more emphasizes the importance of the security of Internet. Among them, DDoS causes the largest damage. Due to DDoS attack is huge and distributed, so that the servers with no protection may be to become paralyzed under attacks in several minutes. So the defense mechanism against DDoS is very important. We proposal is that using detection system and overlay network to start defense system in time, to hide the location of servers, to resist DDoS attacks and to provide services to legitimate users. What Overlay Network means is that using proxy to distribute some service server over the internet, so that to achieve the purpose of enhancing internet security. When attacks happens, it can effectively resist distributed attacks to protect servers. We use the physical topology to experiment the practice of our system. The result of our experiment evidenced that our system cat effectively resist attacks.