Tunghai University Institutional Repository:Item 310901/5465
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 21921/27947 (78%)
造訪人次 : 4250679      線上人數 : 425
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://140.128.103.80:8080/handle/310901/5465


    題名: 智慧型網路安全防衛系統之設計與實作
    其他題名: Design and Implementation of an Intelligent Defensive System for Network Security
    作者: 黃志雄
    Huang, Chih-Hsiung
    貢獻者: 林祝興
    Lin, Chu-Hsing
    東海大學資訊工程學系
    關鍵詞: 智慧型防衛系統;防火牆;分派器;入侵偵測系統;自我規則調整系統
    Intelligent defensive system;Firewall;Network dispatcher;Intrusion detection system;Self-adapting rule system
    日期: 2005
    上傳時間: 2011-05-19T08:18:41Z (UTC)
    摘要: 在網路發達的現今,為了防範資訊系統遭受入侵或攻擊,常會使用各種網路安全系統如防火牆以及入侵偵測系統建構防衛系統,然而以現今的技術及實際狀況,防衛系統仍需要管理者緊密的配合才能正確的阻斷攻擊,為了讓防衛系統能更為靈敏且自動化針對攻擊進行正確的防衛動作,本計畫將研究與設計一個效能及安全性兼顧的智慧型防衛系統。此智慧型防衛系統將分為下列兩部分:防火牆分派器:處於網路咽喉點的防火牆常會隨著網路活動的增加成為網路效能的瓶頸,一些攻擊手法如DoS更會突顯這個問題的嚴重性,而且當網路流量逐步成長到防火牆系統所不能負擔時,更換更高階的防火牆不僅所費不疵而且費時耗工,所以如果能以類似叢集的概念,以一群防火牆主機,平均分擔一部主機所負責的工作,將會使效能的擴充非常的具有彈性,而如何在負載平衡(load balance)的觀念下平均分給一群主機。自我規則調整系統:入侵偵測系統雖能告知管理者相關的攻擊警訊,但管理者仍必須自行變動規則,除了繁瑣也喪失了第一時間防禦攻擊的可能性,如能讓入侵偵測系統能在發現攻擊警訊外,更進一步地動態的變更防火牆主機的規則,以便快速地阻斷攻擊者進一步的行動,將是值得深入的研究與探討。
    For integrated security, we often integrate several network security systems such as firewall and intrusion detection system as a defensive system to prevent our information system being intruded. But according to current developed technology and practical situation, network administrator and the defensive system still have to work cooperatively to block intruders. In order to make the defensive system more sensitive and automatic and let it response to intrusions correctly, it will be the major objective for this project to research and design a secure, efficient and intelligent defensive system.The intelligent defensive system is composed of the following parts.Firewall dispatcher: As the network activities grown up, firewall often become a bottleneck of network communication. Some attacking tricks, like DOS, will make the problem more serious. And when firewall system can not handle the increasing network communications, it will take much of time and cost a lot. If we can use the concept similar to cluster, we replace a single expensive firewall by a group of general firewalls and let them have the same function. The expansibility of firewall will be very elastic. So, our research objective will be how to dispatch the jobs into firewall group approaching the concept of load balance.Self-adapting rule system: Although the intrusion detection system can provide the information about attacks for network administrator, but the administrator still have to change the firewall rules by himself to block the intruders. It will be minute and complicated and the chance to defend just in time will be lost. If the intrusion detection system can dynamically and automatically change the rules of firewall in order to block the attacker as quickly as possible when find alerts of attacks, it will make the defensive system more intelligent responding to attacks.
    顯示於類別:[資訊工程學系所] 碩士論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    093THU00394014-001.pdf2565KbAdobe PDF515檢視/開啟


    在THUIR中所有的資料項目都受到原著作權保護.


    本網站之東海大學機構典藏數位內容,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋