A SDN-based Approach for Flow Analysis Attack

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：41

、訪客IP：3.129.63.252

姓名

劉亞翰(Ya-han Liu) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(A SDN-based Approach for Flow Analysis Attack)

相關論文

★ 基於OP-TEE的可信應用程式軟體生態系統	★ SeFence: 基於安全感測的可信任周邊存取控制
★ 高解析度二維地理影像的三維建模：旋轉變換投影與傳統方法的比較研究	★ 在低軌道衛星無線通訊中的CSI預測方法
★ 為多流量低軌道衛星系統提出的動態換手策略	★ 基於Trustzone的智慧型設備語音隱私保護系統
★ 一種減輕LEO衛星網路干擾的方案	★ TruzGPS:基於TrustZone的位置隱私權保護系統
★ 衛星地面整合網路之隨機接入前導訊號設計與偵測	★ SatPolicy: 基於Trustzone的衛星政策執行系統
★ TruzMalloc: 基於TrustZone 的隱私資料保護系統	★ 衛星地面網路中基於物理層安全的CSI保護方法
★ 低軌道衛星地面整合網路之安全非正交多重存取傳輸	★ 低軌道衛星地面網路中的DRX機制設計
★ 衛星地面整合網路之基於集合系統的前導訊號設計	★ 基於省電的低軌衛星網路路由演算法

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

網路電話在現代社會變得越來越流行。隱私是一個網路電話重要的特性。但不幸的是，大部份的點對點網路電話既不提供個人隱私也不保證一定的安全程度。在本文中我們提出了一種以K匿名為基礎的方式來防範特定攻擊者追蹤網路電話使用者的身份，並在不同的安全程度底下比較封包延遲時間以及通訊消耗。

摘要(英)

VoIP (voice over IP) networks are becoming more and more popular in modern society. One of the most important features of a VoIP network is privacy (for VoIP users). Unfortunately, most peer-to-peer VoIP networks neither provide personalization nor guarantee a quantifiable privacy level. In this thesis, we propose a SDN-based approach to prevent flow analysis attack trying to trace user’s identity. Flow analysis attack will trace the flow which specific caller transmits, and try to find possible receiver, threat user’s privacy. We present the latency and number of packets in our method, while meeting customizable privacy guarantees.

關鍵字(中)

★ 軟體定義網路
★ 位置隱私
★ 流量分析攻擊

關鍵字(英)

論文目次

英文摘要. . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
目錄. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
圖目錄. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
表目錄. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
一、Introduction . . . . . . . . . . . . . . . . . . . . 1
二、Related Work . . . . . . . . . . . . . . . . . . . 7
三、Preliminary . . . . . . . . . . . . . . . . . . . . 11
3-1 Flow Analysis Attack . . . . . . . . . . . . . . . 11
3-2 System Model . . . . . . . . . . . . . . . . . . . 11
四、A SDN-Based Approach for Flow Analysis Attack 13
五、Implementation in Openflow version 1.3.3 . . . . 17
六、Simulation . . . . . . . . . . . . . . . . . . . . . 19
6-1 Mininet . . . . . . . . . . . . . . . . . . . . . . 19
6-1-1 Latency . . . . . . . . . . . . . . . . . . . . . . 19
6-1-2 Communication cost . . . . . . . . . . . . . . . 20
6-2 Estinet . . . . . . . . . . . . . . . . . . . . . . . 21
七、Conclusion . . . . . . . . . . . . . . . . . . . . . 23

參考文獻

[1] D. Anthony, T. Henderson, and D. Kotz. Privacy in location-aware computing environments. Pervasive Computing, IEEE, 6(4):64–72, Oct 2007.

[2] Marco Gruteser and Dirk Grunwald. Anonymous usage of locationbased services through spatial and temporal cloaking. In Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, MobiSys’03, pages 31–42. ACM, 2003.
[3] T.J. Walsh and R. Kuhn. Challenges in securing voice over ip. Security Privacy, IEEE, 3(3):44–49, May 2005.

[4] M. Srivatsa, A. Iyengar, Ling Liu, and Hongbo Jiang. Privacy in voip networks: Flow analysis attacks and defense. Parallel and Distributed Systems, IEEE Transactions on, 22(4):621–633, April 2011.

[5] M. Reed D. Goldschlag and P. Syverson. Onion routing for anonymous and private internet connections. In Communications of ACM, 42(2):246–255, May 1999.

[6] S. Das, G. Parulkar, N. McKeown, P. Singh, D. Getachew, and L. Ong. Packet and circuit network convergence with openflow. In Optical Fiber Communication, collocated National Fiber Optic Engineers Conference, pages 1–3, March 2010.

[7] Natasha Gude, Teemu Koponen, Justin Pettit, Ben Pfaff, Martín Casado, Nick McKeown, and Scott Shenker. Nox: Towards an operating system for networks. SIGCOMM Comput. Commun. Rev., 38(3):105–110, July 2008.

[8] M. Srivatsa, A. Iyengar, and Ling Liu. Privacy in voip networks: A k-anonymity approach. In INFOCOM 2009, IEEE, pages 2856– 2860, April 2009.

[9] R. Braga, E. Mota, and A. Passito. Lightweight ddos flooding attack detection using nox/openflow. In Local Computer Networks (LCN), 2010 IEEE 35th Conference on, pages 408–415, Oct 2010.

[10] T. Kohonen. The self-organizing map. Proceedings of the IEEE, 78(9):1464–1480, Sep 1990.

[11] Yifu Feng, Rui Guo, Dongqi Wang, and Bencheng Zhang. Research on the active ddos filtering algorithm based on ip flow. In Natural Computation, 2009. ICNC ’09. Fifth International Conference on, volume 4, pages 628–632, Aug 2009.

[12] Stefan Saroiu, P. Krishna Gummadi, and Steven D. Gribble. A measurement study of peer-to-peer file sharing systems. 2003.

[13] http://en.wikipedia.org/wiki/IPsec. ”ipsec”.

[14] Alexander Ageev, Refael Hassin, and Maxim Sviridenko. A 0.5- approximation algorithm for max dicut with given sizes of parts. SIAM J. Discret. Math., 14(2):246–255, February 2001.

[15] http://mininet.org/. ”mininet”.

[16] http://www.projectfloodlight.org/floodlight/. ”project floodlight”. [17] http://estinet.com/. ”estinet”.

指導教授

張貴雲(Guey-yun Cheng)

審核日期

2014-8-19

推文