DC 欄位 |
值 |
語言 |
DC.contributor | 資訊工程學系 | zh_TW |
DC.creator | 王凱平 | zh_TW |
DC.creator | Kai-Ping Wang | en_US |
dc.date.accessioned | 2004-7-19T07:39:07Z | |
dc.date.available | 2004-7-19T07:39:07Z | |
dc.date.issued | 2004 | |
dc.identifier.uri | http://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=91522045 | |
dc.contributor.department | 資訊工程學系 | zh_TW |
DC.description | 國立中央大學 | zh_TW |
DC.description | National Central University | en_US |
dc.description.abstract | 近年來利用分散式阻絕服務攻擊(DDoS)事件層出不窮,而這些攻擊都有一些共同特點:利用某些系統的安全漏洞進行攻擊,且攻擊者就會入侵使用者的系統,並進而操縱使用者系統成為攻擊的跳板,造成網路癱瘓。
在DDoS攻擊擴散的同時,如果能迅速確認網路各節點的健康狀況(physical condition)並啟動相對應機制的話,將可隔離並縮小攻擊者所造成的攻擊區域。本論文利用主動式網路(Active Network)快速散佈策略(policy)的優點,逐步對網路中每個節點進行偵測,先將整個網路分成三個區域:安全區域(safe area)、可疑區域(uncertain area)、攻擊區域(attacked area)。接著,利用主動式網路封包攜帶特定攻擊的解毒疫苗,修補可疑區域內各節點的安全漏洞。最後,整個網路拓樸可以明確區分出安全區域與攻擊區域,達到阻絕攻擊的目的。
本論文規劃之系統-主動式網路DDoS抵禦系統(Active DDoS Defense System,簡稱ADDS)採用主動式網路做為疫苗的傳輸媒介,並且使用Active Network Transfer System(ANTS)作為主動式網路的執行環境(execution environments,簡稱EE),使用者不需要再額外建立一個傳輸協定即可將客制化的程式放在膠囊(capsules)中傳輸,達到程式化網路(programming network)目的。
根據本論文第四章中模擬數據得知,相較於沒有防守機制時,使用ADDS可以讓網路存活時間(network survival time)增加232%,並且在攻擊發生時平均降低CPU使用率(CPU utilization wasted by undetected attacks)33.55%;但相對的,也有9.98%合法封包會被誤判成攻擊封包(legal traffic dropped rate)。 | zh_TW |
dc.description.abstract | The events of DDoS attacks grow rapidly in recent years, and these attacks all contain some common features: if the user did not repair these securities loophole as soon as possible, those attackers will make use of the safe loophole of some systems to carry on attacks and invade the system of the user becoming the zombie of the attacker. It will cause the network to paralyze and can’’t provide service.
If network can confirm the physical condition of each node and starts cleaning mechanisms when DDoS attacks start spreading, it will isolate and shrink attacker’’s affairs. This thesis uses the advantage of Active Network, fast on distributing policies, to detect every node gradually. It will be divided whole network into three areas: safe area, uncertain area and attacked area. And then repair the safe loophole of each network node by making use of Active Network packets to take the particular attack antivirus. Finally, the whole network topology can be divided into safe area and attacked area, and restrain DDoS attacks.
This thesis proposed Active DDoS Defense System (ADDS), it uses Active Network Transfer System (ANTS) to the chosen execution environment (EE). ANTS is a popular EE and uses capsules to transport user’’s program. Simulation results show that ADDS is able to make network survival time increase 224%, and while attacks occurrence reduces the CPU rate wasted by undetected attacks 34.58%. But ADDS also make the legal traffic dropped rate increase 8.12%. | en_US |
DC.subject | 主動式網路DDoS抵禦系統 | zh_TW |
DC.subject | 主動式網路 | zh_TW |
DC.subject | 分散式阻絕攻擊 | zh_TW |
DC.subject | ANTS | zh_TW |
DC.subject | ADDS | en_US |
DC.subject | Active Network | en_US |
DC.subject | DDoS | en_US |
DC.subject | ANTS | en_US |
DC.title | 以主動式網路抵禦DDoS攻擊 | zh_TW |
dc.language.iso | zh-TW | zh-TW |
DC.title | Active Defense against DDoS Attacks | en_US |
DC.type | 博碩士論文 | zh_TW |
DC.type | thesis | en_US |
DC.publisher | National Central University | en_US |