A practice of the intrusion prevention system

Author

Wuu, Lih-Chyau ; Chen, Yen-Hung ; Ma, Chih-Chieh ; Lung, I-Tao

Author_Institution

Nat. Yunlin Univ. of Sci. & Technol, Yunlin

fYear

2007

fDate

Oct. 30 2007-Nov. 2 2007

Firstpage

1

Lastpage

4

Abstract

Distributed Denial of Service (DDoS) attack is the most difficult to prevent on Internet. It occupies the network bandwidth or systems resources or both, to cause a system not to provide normal services to legal users, and even worse it crashes the whole system. Some researchers propose the source- end defense method trying to block the attack packets before they enter the Internet backbone. In this paper, we design an intrusion prevention system to realize the source-end defense method. The packets are categorized into three types: normal, suspicious and attack packets. The attack packets are blocked before they enter the Internet. The bandwidth of the suspicious packets is restricted and the IP header is attached with a signature made by their edge router. When a victim confirms the suspicious packets with an attack action, it finds out the source of the attack by the signature on the packets and then informs their edge router to block such packets.

Keywords

Internet; bandwidth allocation; security of data; IP header; Internet; distributed denial of service; edge router; intrusion prevention system; network bandwidth; source-end defense; systems resources; Bandwidth; Computer crashes; Computer crime; Internet; Law; Legal factors; Lungs; Nuclear electronics; Power engineering and energy; Spine;

fLanguage

English

Publisher

ieee

Conference_Titel

TENCON 2007 - 2007 IEEE Region 10 Conference

Conference_Location

Taipei

Print_ISBN

978-1-4244-1272-3

Electronic_ISBN

978-1-4244-1272-3

Type

conf

DOI

10.1109/TENCON.2007.4428862

Filename

4428862