姓名 姚昭宇(Chao-Yu Yao)
畢業系所 通訊工程學系在職專班
論文名稱 透過DPDK技術實現容器化環境中的VPP應用防火牆部署
摘要(中) 近年來,隨著網路的蓬勃發展,各種網路服務提供範圍不斷擴大,人們的生活和工作已經密不可分地與網路連結在一起。然而,便利的同時也帶來了嚴峻的安全挑戰。特別是應用層攻擊和分散式阻斷服務攻擊(DDoS)的威脅日益凸顯,給企業和用戶的隱私和資料安全帶來了嚴重的威脅。


摘要(英) In recent years, with the rapid development of the Internet, the range of various online services has been continuously expanding, making people′s lives and work inseparably connected to the network. However, this convenience also brings severe security challenges. Particularly, the threats of application layer attacks and Distributed Denial of Service (DDoS) attacks are becoming increasingly prominent, posing significant risks to the data security and privacy of enterprises and users.
Application layer attacks target network application layer protocols, often exploiting vulnerabilities in applications. Attackers may use these vulnerabilities to steal sensitive information, disrupt system operations, or even control systems for malicious purposes. DDoS attacks aim to paralyze normally functioning services, denying legitimate users access to them, resulting in substantial losses.
To solve these problems, this paper proposes an application firewall based on containerization and DPDK technology. Containerization technology enables rapid deployment and lightweight operation, while DPDK technology enhances packet processing efficiency. Combining these features, the proposed application firewall system significantly strengthens defensive capabilities, achieving a 5% performance improvement compared to native Linux, and effectively protects network application services from application layer attack threats.
關鍵字(中) ★ 應用程式防火牆
★ 容器化
★ 網頁應用程式攻擊
關鍵字(英) ★ WAF
★ Containerization
★ Application Attack
論文目次 目錄
中文摘要 I
誌謝 IV
圖目錄 VII
表目錄 IX
第 1 章 緒論 1
1-1 研究動機 1
1-2 研究目的 3
1-3 DDoS(Distributed Denial-of-Service attack) 4
1-4 應用程式層攻擊 6
1-5 網頁應用程式防火牆 8
第 2 章 背景介紹 9
2-1 DPDK 9
2-2 VPP 12
2-3 Docker 13
2-4 Modsecurity 15
第 3 章 相關研究 16
3-1 改善部署架構 16
3-2 硬體加速 18
第 4 章 系統設計與開發 19
4-1 系統介紹 21
4-2 系統元件 22
4-3 系統運作 24
4-3-1 VDC-Accelerator 24
4-3-2 VDC-Filter 25
4-3-3 Module Collaboration 26
第 5 章 實驗結果與分析 28
5-1 實驗環境 28
5-1-1 Wrk 32
5-1-2 OWASP ZAP(Zed Attack Proxy) 33
5-2 有效性驗證 34
5-2-1 CLI Verify 34
5-2-2 OWASP ZAP 35
5-3 效能分析 41
第 6 章 討論 46
6-1 結合Kubernetes 46
第 7 章 結論 48
參考文獻 49
指導教授 許富皓 陳彥文 審核日期 2024-7-17
