透過您的圖書館登入 IP:3.138.118.250
透過您的圖書館登入
IP:3.138.118.250
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

P2P主動防禦系統之設計與實作

The Design and Implementation of Peer to Peer Network Intrusion Prevention System

劉建德(Jiamn-Der Liu)
指導教授 : 蔡文能
國立交通大學/理學院/理學院科技與數位學習學程/碩士(2009年)
https://doi.org/10.6842/NCTU.2009.00161
全文下載

摘要

P2P(Peer to Peer)網路自90年代末開始崛起,隨著近期P2P應用範圍越來越廣泛,相對亦衍生出不少資安問題,諸如著作權、頻寬問題、病毒偽檔、個人隱私等。教育部於2008年正式行文各級學校禁止使用P2P軟體進行非法檔案傳輸,然而P2P軟體大量使用動態連接埠,傳統Layer3防火牆已經無法有效阻擋其連線。 本研究針對此問題,以自由軟體為基礎,設計一套傳輸層的防禦的方式(稱之為T4-terminator,T4代表Transport Layer4),並引用兩套應用層的防禦套件(L7-filter、IPP2P),證明能有效禁止P2P連線行為。另外,本研究以免費軟體建構出測試環境,分別對三套防禦系統進行效能測試,最後分析其優缺點,提供網管人員管理P2P網路之參考。

關鍵字

點對點傳輸 主動防禦系統 Linux T4-terminator IPP2P L7-filter 效能測試

並列摘要

P2P(Peer to Peer)applications have emerged since late 1990s. However, the widespread adoption of P2P applications lately have accounted for some concerns about information security, such as copyright、bandwidth、virus、individual privacy and so on. In 2008, Ministry of Education in Taiwan composed an official document, which stated schools at all levels should forbid the illegal usage of P2P file transfer. However, since P2P applications used dynamic ports in a large amount and thus the traditional Layer3 firewalls were unable to block them. To resolve this problem, we designed an IPS based on transport layer inspection to drop P2P traffic.We named our IPS as T4-terminator(T4 for Transport Layer4).We also studied two other IPS,L7-filter and IPP2P,which are baesd on Open Source software . Furthermore, we also established a benchmarking environment with freeware, which is used to evaluate the performance of these approaches. The conclusions could offer a reference to MIS people for managing P2P network.

並列關鍵字

P2P IPS Linux T4-terminator L7-filter IPP2P Benchmark

參考文獻

[5]Bing-Heng Peng, H.-J.L., Huan-Yun Wei, Performance Enhancement over Linux Content Filtering. Journal of Information Technology and Applications, 2007. 2: p. 157-163.
[6]Ying-Dar LIN, M., Po-Ching LIN, Meng-Fu TSAI, Tsao-Jiang CHANG,and Yuan-Cheng LAI, kP2PADM: An In-Kernel Architecture of P2P Management Gateway. IEICE TRANS. INF. & SYST, 2008. VOL.E91–D.
[1]Sen, S., O. Spatscheck, and D. Wang. Accurate, scalable in-network identification of p2p traffic using application signatures. 2004: ACM New York, NY, USA.
[2]Spognardi, A., A. Lucarelli, and R. Di Pietro. A methodology for P2P file-sharing traffic detection. in Hot Topics in Peer-to-Peer Systems, 2005. HOT-P2P 2005. Second International Workshop on. 2005.
[4]Xing, L., D. Haixin, and L. Xing. Identification of P2P traffic based on the content redistribution characteristic. in Communications and Information Technologies, 2007. ISCIT '07. International Symposium on. 2007.

被引用紀錄

吳育霖(2010)。基於點對點傳輸技術共通性改善區域網路擁塞之研究〔碩士論文,亞洲大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0118-1511201215465666

延伸閱讀

全文下載