| dc.creator (作者) | 徐偉智 | zh_TW |
| dc.creator (作者) | 王明輝 | zh_TW |
| dc.date (日期) | 2006 | |
| dc.date.accessioned | 19-Oct-2017 09:35:25 (UTC+8) | - |
| dc.date.available | 19-Oct-2017 09:35:25 (UTC+8) | - |
| dc.date.issued (上傳時間) | 19-Oct-2017 09:35:25 (UTC+8) | - |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/113838 | - |
| dc.description.abstract (摘要) | 在這篇論文,我們發展了一個利用Cisco Netflow資料來即時偵測蠕蟲攻擊的方法。利用這個方法,可以在蠕蟲發動掃描攻擊時,有效辨識出發動攻擊的電腦IP位址,接著就可以在路由器上將發動攻擊的IP位址阻擋掉,避免這些大量的掃描動作影響網路的正常運作。藉由在收到Netflow資料之後即時分析,只針對異常的Netflow資料進行統計,若統計結果大於預先設定的臨界值,就發出蠕蟲攻擊警報。我們所發展的方法只需要少量的記憶體和CPU,並且不需蠕蟲的特徵資料。經實驗證實,我們所提出的方法是一個實用的方法。 | zh_TW |
| dc.description.abstract (摘要) | In this paper, we develop one method that utilizes Cisco Netflow packets to real-time detect the worm attacks. By this way, we can identify the IP address which launch the worm attack, and block them on the router using access list control to keep the network work smooth. We process the received Netflow data in memory and drop useless data. The method that we develop only needs a small amount of memory and CPU, and does not need the signatures of the worm. By some experiments, the proposed method is proven to be an efficient one. | en_US |
| dc.format.extent | 545227 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.relation (關聯) | TANET 2006 台灣網際網路研討會論文集 | zh_TW |
| dc.relation (關聯) | 網際網路技術 | zh_TW |
| dc.subject (關鍵詞) | 蠕蟲;異常偵測;即時 | zh_TW |
| dc.subject (關鍵詞) | Worm;Anomly Detection;Real-time | en_US |
| dc.title (題名) | 利用Netflow即時偵測蠕蟲攻擊 | zh_TW |
| dc.type (資料類型) | conference | |
