博碩士論文 91522045 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊工程學系zh_TW
DC.creator王凱平zh_TW
DC.creatorKai-Ping Wangen_US
dc.date.accessioned2004-7-19T07:39:07Z
dc.date.available2004-7-19T07:39:07Z
dc.date.issued2004
dc.identifier.urihttp://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=91522045
dc.contributor.department資訊工程學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract近年來利用分散式阻絕服務攻擊(DDoS)事件層出不窮,而這些攻擊都有一些共同特點:利用某些系統的安全漏洞進行攻擊,且攻擊者就會入侵使用者的系統,並進而操縱使用者系統成為攻擊的跳板,造成網路癱瘓。 在DDoS攻擊擴散的同時,如果能迅速確認網路各節點的健康狀況(physical condition)並啟動相對應機制的話,將可隔離並縮小攻擊者所造成的攻擊區域。本論文利用主動式網路(Active Network)快速散佈策略(policy)的優點,逐步對網路中每個節點進行偵測,先將整個網路分成三個區域:安全區域(safe area)、可疑區域(uncertain area)、攻擊區域(attacked area)。接著,利用主動式網路封包攜帶特定攻擊的解毒疫苗,修補可疑區域內各節點的安全漏洞。最後,整個網路拓樸可以明確區分出安全區域與攻擊區域,達到阻絕攻擊的目的。 本論文規劃之系統-主動式網路DDoS抵禦系統(Active DDoS Defense System,簡稱ADDS)採用主動式網路做為疫苗的傳輸媒介,並且使用Active Network Transfer System(ANTS)作為主動式網路的執行環境(execution environments,簡稱EE),使用者不需要再額外建立一個傳輸協定即可將客制化的程式放在膠囊(capsules)中傳輸,達到程式化網路(programming network)目的。 根據本論文第四章中模擬數據得知,相較於沒有防守機制時,使用ADDS可以讓網路存活時間(network survival time)增加232%,並且在攻擊發生時平均降低CPU使用率(CPU utilization wasted by undetected attacks)33.55%;但相對的,也有9.98%合法封包會被誤判成攻擊封包(legal traffic dropped rate)。zh_TW
dc.description.abstractThe events of DDoS attacks grow rapidly in recent years, and these attacks all contain some common features: if the user did not repair these securities loophole as soon as possible, those attackers will make use of the safe loophole of some systems to carry on attacks and invade the system of the user becoming the zombie of the attacker. It will cause the network to paralyze and can’’t provide service. If network can confirm the physical condition of each node and starts cleaning mechanisms when DDoS attacks start spreading, it will isolate and shrink attacker’’s affairs. This thesis uses the advantage of Active Network, fast on distributing policies, to detect every node gradually. It will be divided whole network into three areas: safe area, uncertain area and attacked area. And then repair the safe loophole of each network node by making use of Active Network packets to take the particular attack antivirus. Finally, the whole network topology can be divided into safe area and attacked area, and restrain DDoS attacks. This thesis proposed Active DDoS Defense System (ADDS), it uses Active Network Transfer System (ANTS) to the chosen execution environment (EE). ANTS is a popular EE and uses capsules to transport user’’s program. Simulation results show that ADDS is able to make network survival time increase 224%, and while attacks occurrence reduces the CPU rate wasted by undetected attacks 34.58%. But ADDS also make the legal traffic dropped rate increase 8.12%.en_US
DC.subject主動式網路DDoS抵禦系統zh_TW
DC.subject主動式網路zh_TW
DC.subject分散式阻絕攻擊zh_TW
DC.subjectANTSzh_TW
DC.subjectADDSen_US
DC.subjectActive Networken_US
DC.subjectDDoSen_US
DC.subjectANTSen_US
DC.title以主動式網路抵禦DDoS攻擊zh_TW
dc.language.isozh-TWzh-TW
DC.titleActive Defense against DDoS Attacksen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明