政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/114944
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113485/144472 (79%)
Visitors : 51390763      Online Users : 816
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/114944


    Title: 網路匯集點的Flooding訊務偵測與自動通告系統
    Flooding Detection and Notification System over Aggregate Network
    Authors: 楊素秋
    曾黎明
    Keywords: PortScan spam packet flooding Flooding detection System
    Date: 2007
    Issue Date: 2017-11-30 14:30:05 (UTC+8)
    Abstract: 依據多年的區網管理經驗,我們發現:絕大部分的abuse 抱怨事件均源自用戶的忽視電腦安全,致大量主機成為spammer持續散播廣告信,發動 DDoS攻擊的掩護工具.然而,遭誤用的系統會持續,頻繁地建立網路連接到單一或多部主機.所以,不僅源自遭感染主機的flow連接與封包量會超量增加,其超量訊務持續時段也明顯拉長.依據這些Flooding異常特徵,本研究運用節點router Netflow 轉送紀錄, 實做Flooding異常訊務偵測(Flooding Detection System, FDS).
    系統首先選定適當的傳訊特徵, 讀取 NetFlow data,累計/排序相關的訊務數值,再據以偵測flooding異常訊務,協助管理人員監看PortScan, Spam,及UDP Packet flooding的具體傳訊數據. 此外,系統也萃取flooding source IP, 連接RWhois IP管理資訊server 查詢對應的管理人員資訊,自動email通知網管,協助端點用戶修補遭感染的系統,主動阻截攻擊或廣告信訊務.
    The rapid growth in DoS attack, spam and mass-mail viruses has increased the need to develop effective approaches for detecting the significant flooding anomaly. As all traffic between the public Internet and the customer’s desktop are interconnected through ISP’s access router, it might be feasible and effective for adding an extra level flooding filtering over aggregate networks for detecting the source hosts that launch flooding based DoS attack and delivery huge amount of spam.
    This work makes use of the transportation traffic log gathered from backbone router to develop flooding detection system (FDS) that measures and detects the extremely anomalous traffic according to the bulk distribution aspect of the obvious anomalies, including: packet flooding attack, portscan, spam distribution, and packet flooding attack.
    FDS system has been deployed in one regional network center over a TANet (Taiwan Academic Network) network center for offering an extra level filtering and assisting network users grasping the significantly anomalous traffic.
    Relation: 2007台灣網際網路研討會論文發表論文
    網際與資訊安全(含資訊倫理、智慧財產權保護)
    Data Type: conference
    Appears in Collections:[TANet Conference] Conference Papers

    Files in This Item:

    File Description SizeFormat
    784.pdf573KbAdobe PDF2847View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback