Publications-Conference Papers
Article View/Open
Publication Export
-
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
題名 網路匯集點的Flooding訊務偵測與自動通告系統
Flooding Detection and Notification System over Aggregate Network作者 楊素秋
曾黎明關鍵詞 PortScanspampacket floodingFlooding detection System 日期 2007 上傳時間 30-Nov-2017 14:30:05 (UTC+8) 摘要 依據多年的區網管理經驗,我們發現:絕大部分的abuse 抱怨事件均源自用戶的忽視電腦安全,致大量主機成為spammer持續散播廣告信,發動 DDoS攻擊的掩護工具.然而,遭誤用的系統會持續,頻繁地建立網路連接到單一或多部主機.所以,不僅源自遭感染主機的flow連接與封包量會超量增加,其超量訊務持續時段也明顯拉長.依據這些Flooding異常特徵,本研究運用節點router Netflow 轉送紀錄, 實做Flooding異常訊務偵測(Flooding Detection System, FDS).系統首先選定適當的傳訊特徵, 讀取 NetFlow data,累計/排序相關的訊務數值,再據以偵測flooding異常訊務,協助管理人員監看PortScan, Spam,及UDP Packet flooding的具體傳訊數據. 此外,系統也萃取flooding source IP, 連接RWhois IP管理資訊server 查詢對應的管理人員資訊,自動email通知網管,協助端點用戶修補遭感染的系統,主動阻截攻擊或廣告信訊務.
The rapid growth in DoS attack, spam and mass-mail viruses has increased the need to develop effective approaches for detecting the significant flooding anomaly. As all traffic between the public Internet and the customer’s desktop are interconnected through ISP’s access router, it might be feasible and effective for adding an extra level flooding filtering over aggregate networks for detecting the source hosts that launch flooding based DoS attack and delivery huge amount of spam.This work makes use of the transportation traffic log gathered from backbone router to develop flooding detection system (FDS) that measures and detects the extremely anomalous traffic according to the bulk distribution aspect of the obvious anomalies, including: packet flooding attack, portscan, spam distribution, and packet flooding attack.FDS system has been deployed in one regional network center over a TANet (Taiwan Academic Network) network center for offering an extra level filtering and assisting network users grasping the significantly anomalous traffic.關聯 2007台灣網際網路研討會論文發表論文
網際與資訊安全(含資訊倫理、智慧財產權保護)資料類型 conference dc.creator (作者) 楊素秋 zh_TW dc.creator (作者) 曾黎明 zh_TW dc.date (日期) 2007 dc.date.accessioned 30-Nov-2017 14:30:05 (UTC+8) - dc.date.available 30-Nov-2017 14:30:05 (UTC+8) - dc.date.issued (上傳時間) 30-Nov-2017 14:30:05 (UTC+8) - dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/114944 - dc.description.abstract (摘要) 依據多年的區網管理經驗,我們發現:絕大部分的abuse 抱怨事件均源自用戶的忽視電腦安全,致大量主機成為spammer持續散播廣告信,發動 DDoS攻擊的掩護工具.然而,遭誤用的系統會持續,頻繁地建立網路連接到單一或多部主機.所以,不僅源自遭感染主機的flow連接與封包量會超量增加,其超量訊務持續時段也明顯拉長.依據這些Flooding異常特徵,本研究運用節點router Netflow 轉送紀錄, 實做Flooding異常訊務偵測(Flooding Detection System, FDS).系統首先選定適當的傳訊特徵, 讀取 NetFlow data,累計/排序相關的訊務數值,再據以偵測flooding異常訊務,協助管理人員監看PortScan, Spam,及UDP Packet flooding的具體傳訊數據. 此外,系統也萃取flooding source IP, 連接RWhois IP管理資訊server 查詢對應的管理人員資訊,自動email通知網管,協助端點用戶修補遭感染的系統,主動阻截攻擊或廣告信訊務. zh_TW dc.description.abstract (摘要) The rapid growth in DoS attack, spam and mass-mail viruses has increased the need to develop effective approaches for detecting the significant flooding anomaly. As all traffic between the public Internet and the customer’s desktop are interconnected through ISP’s access router, it might be feasible and effective for adding an extra level flooding filtering over aggregate networks for detecting the source hosts that launch flooding based DoS attack and delivery huge amount of spam.This work makes use of the transportation traffic log gathered from backbone router to develop flooding detection system (FDS) that measures and detects the extremely anomalous traffic according to the bulk distribution aspect of the obvious anomalies, including: packet flooding attack, portscan, spam distribution, and packet flooding attack.FDS system has been deployed in one regional network center over a TANet (Taiwan Academic Network) network center for offering an extra level filtering and assisting network users grasping the significantly anomalous traffic. en_US dc.format.extent 587172 bytes - dc.format.mimetype application/pdf - dc.relation (關聯) 2007台灣網際網路研討會論文發表論文 zh_TW dc.relation (關聯) 網際與資訊安全(含資訊倫理、智慧財產權保護) zh_TW dc.subject (關鍵詞) PortScanspampacket floodingFlooding detection System en_US dc.title (題名) 網路匯集點的Flooding訊務偵測與自動通告系統 zh_TW dc.title (題名) Flooding Detection and Notification System over Aggregate Network en_US dc.type (資料類型) conference
