| Summary: | 碩士 === 義守大學 === 資訊工程學系碩士班 === 98 === This paper proposes a new defense-in-depth information system. This kind systems are usually consist of three subsystems: firewall, intrusion detection system(IDS) and intrusion prevention system(IPS). A virtual-machine based self-cleansing mechanism is proposed to integrate into each subsystem. We use Failure Mode and Effects Analysis( FMEA) and Overall Equipment Effectiveness(OEE) method to analyze the defense performance against most of intrusions. For botnet, DNS attack and Trojaned intrusion, the FMEA risk number are reduced at least five times and the OEE value are also increased to 0.91. To valify the proposal’s feasibility, a prototype system is also implemented on a VM-Ware host OS computer. The switching time between servers vary between 15 and 30 seconds.In conclusion, the proposed information system is feasible and has higher availability in non-transaction services.
|
|---|
