| Summary: | 碩士 === 逢甲大學 === 資訊工程所 === 94 === Denial of Service (DoS) refers to malicious paralyzing of network service resulting in the inaccessibility as well as non-usability of normal users. Distributed denial of Service (DDoS) attack has even become a category of major threat to network security.
Current intrusion detection systems fail to guarantee perfect solutions, and normal packets have the possibility of being misjudged as malicious packets. Therefore in this paper, by combining the technology of intrusion detection and network traffic controlling, we have designed and implemented a defensive system which has minimized the effects caused by false positive.
In the proposed system, traffic flowing into enterprise intranets is divided by the traffic controlling module into to two virtual data flows: normal data flow and malicious data flow. Assume a packet is judged by the intrusion detection module as having DoS attack feature, the traffic controlling module will be notified to redirect the data flow of the packet into the malicious virtual data flow. Since the malicious virtual data flow is controlled by the system, our proposed architecture will administrate the bandwidth of this virtual channel so that the normal data flow channel can work unaffected, and the system resource will not be consumed by Dos or DDoS attack.
The simulation of our system is done using NS-2. The experimental result shows that the proposed system indeed lowered the effects brought by false positive.
|
|---|
