| Summary: | 碩士 === 國立中正大學 === 通訊工程學系 === 98 === As the development of the network technology, people rely on network more and more. The network security becomes more and more important. However, the scale of many network attacks is large now, such as DoS and DDoS. So, for the single defense host, the large-scale network attacks cause the paralysis of the host one by one. Immediately, the attack will spread to all computers of the world. So the most efficient defense method is to set up a cooperative defense network between the enterprises. In addition, every enterprise has its own requirement for security defense. So it is necessary to provide different security defense services for each enterprise.
According to the requirement above, we propose a SLA-based cooperative defense network structure and a mechanism of the security policy management. Through our devices on the transport network, it will monitor the packet that includes the feature of attack. If it detects the behavior of attacks, it will send information of the attacks to the security policy decision system. Then the system will determine the security policy to achieve the regional cooperative defense. In addition, we also design the service level agreement of the security and Protection Type Profile (PTP) for customers to choose. And it offers different level security defense service. After the processing of defense, system will detect and analyze the security rules regularly to determine whether the attacks exist or not. Then the system will update the security rule according to the result of analysis. As a whole, this paper constructs the system to promote the ability of defense in the network.
|
|---|
