The Design of an Intelligent Flooding Unthreat Network Architecture

碩士 === 國立清華大學 === 通訊工程研究所 === 92 === Nowadays, flooding attack is the most common network threat and to alleviation this kind of attack is the most important security topic. Attacker makes a large amount of traffic to consume the bandwidth which causes network congestion and limits new connection es...

Full description

Bibliographic Details
Main Authors: Hui-Lan Lee, 李慧蘭
Other Authors: Nen-Fu Huang
Format: Others
Language:en_US
Published: 2004
Online Access:http://ndltd.ncl.edu.tw/handle/65104637724859581314
id ndltd-TW-092NTHU5650033
record_format oai_dc
spelling ndltd-TW-092NTHU56500332015-10-13T13:08:04Z http://ndltd.ncl.edu.tw/handle/65104637724859581314 The Design of an Intelligent Flooding Unthreat Network Architecture 智慧型泛濫攻擊防禦網路架構之設計 Hui-Lan Lee 李慧蘭 碩士 國立清華大學 通訊工程研究所 92 Nowadays, flooding attack is the most common network threat and to alleviation this kind of attack is the most important security topic. Attacker makes a large amount of traffic to consume the bandwidth which causes network congestion and limits new connection establishment from other users. They also waste server capacity, cause the server always busy and deny services for normal users. These are well-known DoS attack and DDoS attack. All of current “security information management” (SIM) products only provide functions to report events, to monitor, and to trigger alerts. No active alleviation procedure is included, thus they can only detect attack without any prevention. Heterogeneous network security devices including SIM, statistically-based IDS, protocol anomaly IDS and firewall have been widely implemented in the most networks. In this thesis, based on heterogeneous network, we not only propose a flooding unthreat network (FUN) architecture to integrate different types of IDS systems but also explore a better intelligence mechanism to deterrent flooding attack. The “black list” and “fair allocation list” mechanisms are designed to block the attack traffic at its ingress firewall. The simulation result and performance improvement of the proposed FUN system are also illustrated. Nen-Fu Huang 黃能富 2004 學位論文 ; thesis 49 en_US
collection NDLTD
language en_US
format Others
sources NDLTD
description 碩士 === 國立清華大學 === 通訊工程研究所 === 92 === Nowadays, flooding attack is the most common network threat and to alleviation this kind of attack is the most important security topic. Attacker makes a large amount of traffic to consume the bandwidth which causes network congestion and limits new connection establishment from other users. They also waste server capacity, cause the server always busy and deny services for normal users. These are well-known DoS attack and DDoS attack. All of current “security information management” (SIM) products only provide functions to report events, to monitor, and to trigger alerts. No active alleviation procedure is included, thus they can only detect attack without any prevention. Heterogeneous network security devices including SIM, statistically-based IDS, protocol anomaly IDS and firewall have been widely implemented in the most networks. In this thesis, based on heterogeneous network, we not only propose a flooding unthreat network (FUN) architecture to integrate different types of IDS systems but also explore a better intelligence mechanism to deterrent flooding attack. The “black list” and “fair allocation list” mechanisms are designed to block the attack traffic at its ingress firewall. The simulation result and performance improvement of the proposed FUN system are also illustrated.
author2 Nen-Fu Huang
author_facet Nen-Fu Huang
Hui-Lan Lee
李慧蘭
author Hui-Lan Lee
李慧蘭
spellingShingle Hui-Lan Lee
李慧蘭
The Design of an Intelligent Flooding Unthreat Network Architecture
author_sort Hui-Lan Lee
title The Design of an Intelligent Flooding Unthreat Network Architecture
title_short The Design of an Intelligent Flooding Unthreat Network Architecture
title_full The Design of an Intelligent Flooding Unthreat Network Architecture
title_fullStr The Design of an Intelligent Flooding Unthreat Network Architecture
title_full_unstemmed The Design of an Intelligent Flooding Unthreat Network Architecture
title_sort design of an intelligent flooding unthreat network architecture
publishDate 2004
url http://ndltd.ncl.edu.tw/handle/65104637724859581314
work_keys_str_mv AT huilanlee thedesignofanintelligentfloodingunthreatnetworkarchitecture
AT lǐhuìlán thedesignofanintelligentfloodingunthreatnetworkarchitecture
AT huilanlee zhìhuìxíngfànlàngōngjīfángyùwǎnglùjiàgòuzhīshèjì
AT lǐhuìlán zhìhuìxíngfànlàngōngjīfángyùwǎnglùjiàgòuzhīshèjì
AT huilanlee designofanintelligentfloodingunthreatnetworkarchitecture
AT lǐhuìlán designofanintelligentfloodingunthreatnetworkarchitecture
_version_ 1717732246698328064