| Cluster becomes more and more popular in architecture of server because of its high scalability and cost performance. Clusters are applied in more and more fields, such as science computation, bio-engineering, Web services, FTP services, E-Mail service, etc. At the same time, these cluster servers are exposed to an increasing number of attacks. A cluster is not only a distributed system, but also a single whole system (Single System Image) to provide service. A cluster has feature both of distributed system and single system. There are some potential threaten nodes in it. It is also confronted with external attacks coming from public networks. As a cluster server's role is to provide services, it should provide services as far as possible to the legitimate requests for visits while protected from attacks.The goal of HS-C is to research for a mechanism of defense and enhancing the cluster by TPM (Trusted Platform Module) to protect cluster server from external and internal attacks in the current environment of insecurity and to provide server and users a credible environment for services, and provide users with trusted services. With the security enhance of services to protect server and provide users with high performance services.The goal of the defense mechanism of the HS-C is to research for a mechanism that can detect attacks and make analysis and make response in the best way. Considered one essential characteristic of cluster server is to provide services, the cluster server should provide the services to the legitimate user during being protected from attacks.The statistical methods used to compute the current sum and speed of the attacks of the system and compute the current sum and speed of the attacks of attack IP, uses the attacks speed compare with the threshold value to indicate if attacks increase to run over the system limit. Uses three levels responses mechanism to carry on the intrusion response to the individual attack and the high speed single-source IP attacks and the more high speed attacks to the system. Only blocks the attacks connections when the system can withstand attacks intensity. Once the attacks speed of a source IP to run over the system threshold value of attack IP blocks all connections of the attack IP. When the system suffered attacks on the speed beyond the limit of the system, reports to the administrator and blocks all connections of all attack IP. According to historical data of attacks to adjust the interdiction time, the more attack times the more interdiction time will be taken, to reduce the exposure of the system to the continuing attacks on the time and frequency. |
PDF Full Text Request