Title :
A practice of the intrusion prevention system
Author :
Wuu, Lih-Chyau ; Chen, Yen-Hung ; Ma, Chih-Chieh ; Lung, I-Tao
Author_Institution :
Nat. Yunlin Univ. of Sci. & Technol, Yunlin
fDate :
Oct. 30 2007-Nov. 2 2007
Abstract :
Distributed Denial of Service (DDoS) attack is the most difficult to prevent on Internet. It occupies the network bandwidth or systems resources or both, to cause a system not to provide normal services to legal users, and even worse it crashes the whole system. Some researchers propose the source- end defense method trying to block the attack packets before they enter the Internet backbone. In this paper, we design an intrusion prevention system to realize the source-end defense method. The packets are categorized into three types: normal, suspicious and attack packets. The attack packets are blocked before they enter the Internet. The bandwidth of the suspicious packets is restricted and the IP header is attached with a signature made by their edge router. When a victim confirms the suspicious packets with an attack action, it finds out the source of the attack by the signature on the packets and then informs their edge router to block such packets.
Keywords :
Internet; bandwidth allocation; security of data; IP header; Internet; distributed denial of service; edge router; intrusion prevention system; network bandwidth; source-end defense; systems resources; Bandwidth; Computer crashes; Computer crime; Internet; Law; Legal factors; Lungs; Nuclear electronics; Power engineering and energy; Spine;
Conference_Titel :
TENCON 2007 - 2007 IEEE Region 10 Conference
Conference_Location :
Taipei
Print_ISBN :
978-1-4244-1272-3
Electronic_ISBN :
978-1-4244-1272-3
DOI :
10.1109/TENCON.2007.4428862
