The Design of an Intelligent Flooding Unthreat Network Architecture
碩士 === 國立清華大學 === 通訊工程研究所 === 92 === Nowadays, flooding attack is the most common network threat and to alleviation this kind of attack is the most important security topic. Attacker makes a large amount of traffic to consume the bandwidth which causes network congestion and limits new connection es...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2004
|
Online Access: | http://ndltd.ncl.edu.tw/handle/65104637724859581314 |
id |
ndltd-TW-092NTHU5650033 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-092NTHU56500332015-10-13T13:08:04Z http://ndltd.ncl.edu.tw/handle/65104637724859581314 The Design of an Intelligent Flooding Unthreat Network Architecture 智慧型泛濫攻擊防禦網路架構之設計 Hui-Lan Lee 李慧蘭 碩士 國立清華大學 通訊工程研究所 92 Nowadays, flooding attack is the most common network threat and to alleviation this kind of attack is the most important security topic. Attacker makes a large amount of traffic to consume the bandwidth which causes network congestion and limits new connection establishment from other users. They also waste server capacity, cause the server always busy and deny services for normal users. These are well-known DoS attack and DDoS attack. All of current “security information management” (SIM) products only provide functions to report events, to monitor, and to trigger alerts. No active alleviation procedure is included, thus they can only detect attack without any prevention. Heterogeneous network security devices including SIM, statistically-based IDS, protocol anomaly IDS and firewall have been widely implemented in the most networks. In this thesis, based on heterogeneous network, we not only propose a flooding unthreat network (FUN) architecture to integrate different types of IDS systems but also explore a better intelligence mechanism to deterrent flooding attack. The “black list” and “fair allocation list” mechanisms are designed to block the attack traffic at its ingress firewall. The simulation result and performance improvement of the proposed FUN system are also illustrated. Nen-Fu Huang 黃能富 2004 學位論文 ; thesis 49 en_US |
collection |
NDLTD |
language |
en_US |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立清華大學 === 通訊工程研究所 === 92 === Nowadays, flooding attack is the most common network threat and to alleviation this kind of attack is the most important security topic. Attacker makes a large amount of traffic to consume the bandwidth which causes network congestion and limits new connection establishment from other users. They also waste server capacity, cause the server always busy and deny services for normal users. These are well-known DoS attack and DDoS attack. All of current “security information management” (SIM) products only provide functions to report events, to monitor, and to trigger alerts. No active alleviation procedure is included, thus they can only detect attack without any prevention. Heterogeneous network security devices including SIM, statistically-based IDS, protocol anomaly IDS and firewall have been widely implemented in the most networks. In this thesis, based on heterogeneous network, we not only propose a flooding unthreat network (FUN) architecture to integrate different types of IDS systems but also explore a better intelligence mechanism to deterrent flooding attack. The “black list” and “fair allocation list” mechanisms are designed to block the attack traffic at its ingress firewall. The simulation result and performance improvement of the proposed FUN system are also illustrated.
|
author2 |
Nen-Fu Huang |
author_facet |
Nen-Fu Huang Hui-Lan Lee 李慧蘭 |
author |
Hui-Lan Lee 李慧蘭 |
spellingShingle |
Hui-Lan Lee 李慧蘭 The Design of an Intelligent Flooding Unthreat Network Architecture |
author_sort |
Hui-Lan Lee |
title |
The Design of an Intelligent Flooding Unthreat Network Architecture |
title_short |
The Design of an Intelligent Flooding Unthreat Network Architecture |
title_full |
The Design of an Intelligent Flooding Unthreat Network Architecture |
title_fullStr |
The Design of an Intelligent Flooding Unthreat Network Architecture |
title_full_unstemmed |
The Design of an Intelligent Flooding Unthreat Network Architecture |
title_sort |
design of an intelligent flooding unthreat network architecture |
publishDate |
2004 |
url |
http://ndltd.ncl.edu.tw/handle/65104637724859581314 |
work_keys_str_mv |
AT huilanlee thedesignofanintelligentfloodingunthreatnetworkarchitecture AT lǐhuìlán thedesignofanintelligentfloodingunthreatnetworkarchitecture AT huilanlee zhìhuìxíngfànlàngōngjīfángyùwǎnglùjiàgòuzhīshèjì AT lǐhuìlán zhìhuìxíngfànlàngōngjīfángyùwǎnglùjiàgòuzhīshèjì AT huilanlee designofanintelligentfloodingunthreatnetworkarchitecture AT lǐhuìlán designofanintelligentfloodingunthreatnetworkarchitecture |
_version_ |
1717732246698328064 |