区域网路超量攻击讯务的监测MonitoringX-AttackTrafficover.PDF

區域網路超量攻擊訊務的監測 Monitoring X-Attack Traffic over Aggregate Network Su-Chiu Yang Li-Ming Tseng Computer Center of National Department of Information Engineering of Central University National Centr al University center7@.tw tsenglm@.tw 摘要 A. Motivation 隨著電腦計算效能的快速提升, 愈來 The convenience of the Internet has 愈多的攻擊病毒利用開放的傳輸協定,發 driven its acceptance as the main means of 動超量Ｘ -Attack 攻擊 : 產出鉅量的 data communication, and also has brought UDP/ICMP Flooding 封包虛耗網路資源, various benefits. However, the open transmission protocols also have provided 壅塞 WAN 傳輸.為防止超量攻擊訊務的持 an excellent opportunity for numerous 續擴散,影響沿徑 routing 網段訊務,本研究 attacking programs and network worms to 擷取區域網路中心 router 的訊務轉送 log, flourish. The Internet has experienced a 統計host-to-host 的非自律性 Packet/ Byte/ rapid increase in the frequency of attack Flow 訊務量,實做超量攻擊訊務監測網頁, events from network worms or viruses, for 與自動化的攻擊訊務阻絕與通告系統,並 example, the CodeRed/ Nimda worm in 統計單日的 UDP/ICMP Packet/Byte 標準 2001, the Scalper/Slapper worm found in 2002, and the Slammer and the Blaster 差分布,提供方便的攻擊訊務監