Open Access  Subscription Access

隨著校園內高速網路建設的普及，網際網路的發展，許多的惡意程式如病毒等利用網路大量傳播擴散，因為校園內的使用者密度極高，區域網路速度極快，因此造成此類具有攻擊性的病毒大量自我擴散，除了造成網路設備和伺服器的負荷過重外，嚴重時甚至會癱瘓網路服務，造成服務中斷。我們藉由了解這類的網路攻擊型態與基本的網路原理，利用一些Open Source的Unix作業系統，如FreeBSD及Linux，建立了一套分散式偵測、集中式過濾的網路安全防護機制，再配合使用者、網路卡與IP對應資料庫，可主動通知產生異常網路流量的使用者與網路管理者，並自動採取適當的管制措施，做最即時之處置。With the growing of Internet and the well developed high speed network, a lot of malicious software, such as computer viruses or worms, spread over network. In campus network environment, the viruses spread rapidly because the density of computers is so high and the speed of local area network is so fast. The rapid spread viruses cause the heavy loading of servers and network devices. Furtheffi1ore, the network services might be interrupted or even down. Understanding the concepts of the network operation and the attacking techniques of viruses, we take the advantages of open source UNIX systems such as FreeBSD and Linux to establish a network protection system providing distributed abnormal traffic detection and a centralized policy enforcement mechanism. With the information of users and their MAC addresses, the system can notify the users generating abnormal traffic automatically and take proper actions to protect campus network immediately.

網路安全; 異常流量偵測; 網路防護; network security; abnormal traffic detection; network protection