节点文献

基于流牵引的大流量DDOS防御系统研究与设计

【作者】 李长生

【导师】 房鼎益;

【作者基本信息】 西北大学 , 计算机软件与理论, 2008, 硕士

【摘要】 Internet是信息时代的特征,它的迅猛发展在给社会带来大量财富的同时,也带来了日益严重的安全问题。特别是电子商务的广泛应用,使得网络攻击已经成为影响网络安全中重要的一环,而且最难防范的DDOS攻击已经越来越受到计算机研究人员的重视。面对DDOS攻击,防火墙只能静态禁止访问,入侵检测系统(IntrusionDetection System)虽然可以动态地检测出入侵行为,但是它无法对检测到的攻击行为进行阻断。因此产生了入侵防御系统IPS(Intrusion PreventionSystem),它将防火墙和入侵检测系统结合起来,能主动阻断检测到的入侵行为。传统的IPS系统串联在网络中,DDOS攻击时会增加网络的单点故障率,并且其自身性能对网络性能的影响较大。特别是在千兆位高速网络上,性能已经成为IPS系统的首要瓶颈。本文在参考了国内外网络安全技术研究最新发展动态的基础上,提出了一个基于流牵引的大流量DDOS入侵防御系统。此系统对传统IPS概念中防火墙和入侵检测系统结合的模型进行了扩展,将IPS由串联变为并联,采用流量牵引,使得即使IPS出现问题,也不会影响网络。流量牵引减少系统压力,提高系统性能。它不仅具有IPS的网络入侵防御功能,还有取证能力。分布式的系统设计,可以满足高速网络入侵检测的处理能力需要。论文在阐述分布式高速网络入侵防御系统结构的同时,还详细介绍了相关的实现技术和入侵防御系统各部分的实现。系统采用专用高速网卡和通用操作系统软件相结合的实现方案,在保证可扩展性的前提下,解决了IPS系统常见的性能问题。最后,本文对基于流牵引的DDOS高速网络入侵防御系统进行了总结,对进一步工作提出了建议并展望了入侵防御系统以至安全技术的发展。

【Abstract】 The evolution of Internet has brought wealth to human community, along with security problems. Network attack had become one of the most important fields in computer technology because of the popularization of E-Commerce. the most prevent attack is DDOS attack, so Researchers are putting more focus on security technologies.Faced DDOS attack, Most security-related products are passive. Firewalls only block access statically. Intrusion Detection Systems could detect intrusions dynamically, but fail to block the intrusion detected. Thus a new concept IPS, known as Intrusion Prevention System, was introduced. Integrated with a firewall and an IDS, the IPS could block the intrusion detected actively. However, the IPS serier-linked with system in traditonal , when ddos attack start with high stream attack in high-speed network it is has more error in node, the performance of IPS impacts network performance greatly. Especially on gigabit high-speed networks, performance is the major bottleneck of IPS systems.Based on current research work on security, this thesis extended current concept of IPS system, presented a IPS that prevent DDOS attack which based-stream tractor high-speed networks. Different from traditional IPS, it is more than a firewall integrated with an IDS system, with different of general IPS, This IPS parrlar-linked with system . use stream tractor to decrease the system presser and improve the performance. as soon as IPS is wrong , it’s not expect the network. it has the probe collection.The thesis introduced the architecture of stream-tractor IPS system on high-speed networks, presented implementation details and related techniques. Integration of specially designed hardware and general operating system software provides maximum scalability and interoperability without impact of network performance. this system solved DDOS attack.Finally, the thesis summaried of based-stream tractor IPS and suggestions on future work were presented.

【关键词】 流牵引DDOSIPS高速网络
【Key words】 based-stream tractorDDOSIPSHigh-speed networks
  • 【网络出版投稿人】 西北大学
  • 【网络出版年期】2008年 10期
  • 【分类号】TP393.08
  • 【被引频次】3
  • 【下载频次】108
节点文献中: