政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/114944
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文笔数/总笔数 : 113311/144292 (79%)
造访人次 : 50919069      在线人数 : 805
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    请使用永久网址来引用或连结此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/114944


    题名: 網路匯集點的Flooding訊務偵測與自動通告系統
    Flooding Detection and Notification System over Aggregate Network
    作者: 楊素秋
    曾黎明
    关键词: PortScan spam packet flooding Flooding detection System
    日期: 2007
    上传时间: 2017-11-30 14:30:05 (UTC+8)
    摘要: 依據多年的區網管理經驗,我們發現:絕大部分的abuse 抱怨事件均源自用戶的忽視電腦安全,致大量主機成為spammer持續散播廣告信,發動 DDoS攻擊的掩護工具.然而,遭誤用的系統會持續,頻繁地建立網路連接到單一或多部主機.所以,不僅源自遭感染主機的flow連接與封包量會超量增加,其超量訊務持續時段也明顯拉長.依據這些Flooding異常特徵,本研究運用節點router Netflow 轉送紀錄, 實做Flooding異常訊務偵測(Flooding Detection System, FDS).
    系統首先選定適當的傳訊特徵, 讀取 NetFlow data,累計/排序相關的訊務數值,再據以偵測flooding異常訊務,協助管理人員監看PortScan, Spam,及UDP Packet flooding的具體傳訊數據. 此外,系統也萃取flooding source IP, 連接RWhois IP管理資訊server 查詢對應的管理人員資訊,自動email通知網管,協助端點用戶修補遭感染的系統,主動阻截攻擊或廣告信訊務.
    The rapid growth in DoS attack, spam and mass-mail viruses has increased the need to develop effective approaches for detecting the significant flooding anomaly. As all traffic between the public Internet and the customer’s desktop are interconnected through ISP’s access router, it might be feasible and effective for adding an extra level flooding filtering over aggregate networks for detecting the source hosts that launch flooding based DoS attack and delivery huge amount of spam.
    This work makes use of the transportation traffic log gathered from backbone router to develop flooding detection system (FDS) that measures and detects the extremely anomalous traffic according to the bulk distribution aspect of the obvious anomalies, including: packet flooding attack, portscan, spam distribution, and packet flooding attack.
    FDS system has been deployed in one regional network center over a TANet (Taiwan Academic Network) network center for offering an extra level filtering and assisting network users grasping the significantly anomalous traffic.
    關聯: 2007台灣網際網路研討會論文發表論文
    網際與資訊安全(含資訊倫理、智慧財產權保護)
    数据类型: conference
    显示于类别:[TANET 台灣網際網路研討會] 會議論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    784.pdf573KbAdobe PDF2847检视/开启


    在政大典藏中所有的数据项都受到原著作权保护.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回馈