English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42764594      線上人數 : 1217
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/71995


    題名: 基於SDN及負載平衡考量之DoS攻擊防禦系統設計;Design of SDN based DoS Protection System with Load Balance Consideration
    作者: 陳品睿;Chen,Pin-Jui
    貢獻者: 通訊工程學系
    關鍵詞: 軟體定義網路(Software-Defined Network, SDN);負載平衡(Load Balancing);入侵檢測系統(Intrusion Detection System, IDS);Snort;Software-Defined Network;SDN;Load Balancing;Intrusion Detection System;IDS;Snort
    日期: 2016-08-10
    上傳時間: 2016-10-13 14:10:55 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著網路發展的迅速演進,資訊的產生也變得更加快速且巨量,舉凡網路安全、雲端儲存及雲端運算等,其共同特徵便是需要處理非常大量的資訊,但舊有的傳統網路架構已逐漸無法滿足現今的網路需求,而如今網路功能虛擬化的應用變得越來越廣泛,傳統網路架構也將面臨來自新興軟體定義網路架構及雲端服務的挑戰。
    在現代的網路安全架構中,傳統防火牆已經無法滿足現今複雜網路部署的安全需求。而入侵檢測提供了對內部和外部攻擊的即時保護,其安全防護技術具積極主動之特性,也因此隨著網路結構的越趨複雜化,更顯示出其重要性。而在以入侵檢測為核心的防禦機制當中,基於規則導向的入侵檢測防禦機制能透過抓取網路上往來的封包,對取得的封包進行解封裝,從入侵者的攻擊行為模式及封包特徵來加以分析並比對特徵資料庫,以進行維護網路安全的目的。然而在分析的過程當中,若面臨到會產生巨大流量的攻擊時,由於需要鏡像攻擊的流量以抓取分析封包,因此可能造成產生出雙倍甚至更多的流量至系統當中,進而導致系統負載過高而癱瘓。
    而在本研究所提出的系統架構中,透過軟體定義網路架構的網路設定可程式化的特性,以自動產生OpenFlow規則的方式來設定網路安全的配置, 在軟體定義的環境下根據網路負載狀況來分配流量的轉發,並搭配開源入侵檢測軟體Snort的監控及分析,以達到維護網路安全效能的目的。;With the rapid evolution of network development, information producing has become more rapidly and massively. The co-feature of network security, cloud storage and cloud computing is that they all need to deal with very large amounts of information, but nowadays, the traditional network infrastructure has gradually unable to satisfy the needs of today′s network requirements. The applications of network functions virtualization become more widespread now, the traditional network architecture constantly needs to face the challenges coming from emerging software-defined networking (SDN) architecture and cloud services.
    In modern network security architecture, traditional firewall cannot fully satisfy the security needs of the complex network deployment. IDS (Intrusion Detection System) provides real-time protection against the internal attacks and external attacks. The security technology of IDS has active properties, therefore, it shows its importance in the increasingly complicated network structure. In the core of defense mechanisms based on intrusion detection, the rules-based intrusion detection and prevention mechanisms can crawl packets pass on the network and de-encapsulate them. Then, the defense mechanism will analyze the aggressive behavior of the invaders and the characteristics of the packets, and compare to the feature library, in order to achieve the purpose of maintaining network security. However, in the process of analyzing traffic, it sometimes needs to face to enormous attack traffic. In the meantime, the need to mirror the attack traffic in order to analysis could result in generating double or even more traffic to the system, and this excessive load may lead to paralyzing of the system.
    In the proposed method, SDN architecture is used to generate OpenFlow rules and set network security configuration automatically. By allocating the traffic according to the condition of network load under SDN environment, and with the ability of the open source intrusion detection software, Snort, to monitor and analysis the network, in order to achieve the purpose of maintaining network security.
    顯示於類別:[通訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML275檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明