| Summary: | 碩士 === 元智大學 === 資訊工程學系 === 92 === Various Internet invasion events have been greatly increasing. Regardless of how they are accessing from host theft or by DDoS attack, the purpose of the intruders is either to gain company intellectual property or to jeopardize company website functions. As a result, the company that undertakes such attacks will inevitably cause business financial loss. Therefore, it is necessary that the evolution of intrusion detection system will help network security a step further ahead by providing a more secure networking environment. Generally, intrusion detection systems use an approach known as the signature-based detection method. Its disadvantage is the disability to detect novel attacks and cannot handle heavy traffic. The nature of the signature-based detection is, as we are now aware of, the packet lost which results in the loss of crucial tracking information to the suspected invasions.
The main concept of the thesis is to make use of load-balance techniques for network traffic distribution on the intrusion detection system in order to ensure the efficiency of packet handling ability of the system without restraint to a stand-alone hardware. Experiments have designed which simulated the invasion environment and verified that the system performance is well improved. In other words, the overall packet loss rate of the proposed intrusion detection system has reduced significantly in a variety of experiments conducted.
|
|---|
