| Summary: | 碩士 === 國立雲林科技大學 === 電子與資訊工程研究所 === 93 === Since network attacking technique keep renewing quickly everyday, the network safely is now facing a serious challenge. Although there are many ideas and methods being suggested to protect the network security, however, most of these methods could only achieve the purpose of passive protection. In order to stop these attacks from their unacceptable behavior, a better method must be use. For example, one of the methods is to identifying the actual source of attack packet sent across the Internet, by using the technology call “IP traceback”. As a result, these attacks can be catch immediately. By using “IP traceback”, people will behave themselves because the law will give attacker proper judgments, and therefore, the chances of network attacking will be reduce.
However, the most difficulty of “IP traceback” is that attacker can create a fake source address. As a result, “IP traceback” is unable to detect the attacker’s proper location by packet’s source address. To solve fake source address problem, we use an egress router to assign a signature. When discovery attack behavior, people can to test and verify packet’s signature, and therefore, attacker’s original location will be found.
In this paper will use the identity-based signatures technique based on elliptic curve cryptosystems, make a packet signature mechanism which verify use the common IP address to perform in Linux system (IP-Based Packet Signature, abbreviated as IPBPS). Will carry out the signature on the router inevitably to reduce the efficiency, therefore this system will unify “Network-based Intrusion Detection System” (abbreviated as NIDS).
When NIDS is investigated to the suspicious package, namely send the order and require Egress router to carry out stamped signature to those pass packages. We can find the attacker’s original location through verifying the stamped signature on the package in the victim''s NIDS.
|
|---|
