Active Defense against DDoS Attacks
| Autor: | Kai-Ping Wang, 王凱平 |
|---|---|
| Rok vydání: | 2004 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 92 The events of DDoS attacks grow rapidly in recent years, and these attacks all contain some common features: if the user did not repair these securities loophole as soon as possible, those attackers will make use of the safe loophole of some systems to carry on attacks and invade the system of the user becoming the zombie of the attacker. It will cause the network to paralyze and can't provide service. If network can confirm the physical condition of each node and starts cleaning mechanisms when DDoS attacks start spreading, it will isolate and shrink attacker's affairs. This thesis uses the advantage of Active Network, fast on distributing policies, to detect every node gradually. It will be divided whole network into three areas: safe area, uncertain area and attacked area. And then repair the safe loophole of each network node by making use of Active Network packets to take the particular attack antivirus. Finally, the whole network topology can be divided into safe area and attacked area, and restrain DDoS attacks. This thesis proposed Active DDoS Defense System (ADDS), it uses Active Network Transfer System (ANTS) to the chosen execution environment (EE). ANTS is a popular EE and uses capsules to transport user's program. Simulation results show that ADDS is able to make network survival time increase 224%, and while attacks occurrence reduces the CPU rate wasted by undetected attacks 34.58%. But ADDS also make the legal traffic dropped rate increase 8.12%. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|