English  |  正體中文  |  简体中文  |  Items with full text/Total items : 65421/65421 (100%)
Visitors : 22354389      Online Users : 211
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/71995


    Title: 基於SDN及負載平衡考量之DoS攻擊防禦系統設計;Design of SDN based DoS Protection System with Load Balance Consideration
    Authors: 陳品睿;Chen,Pin-Jui
    Contributors: 通訊工程學系
    Keywords: 軟體定義網路(Software-Defined Network, SDN);負載平衡(Load Balancing);入侵檢測系統(Intrusion Detection System, IDS);Snort;Software-Defined Network;SDN;Load Balancing;Intrusion Detection System;IDS;Snort
    Date: 2016-08-10
    Issue Date: 2016-10-13 14:10:55 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著網路發展的迅速演進,資訊的產生也變得更加快速且巨量,舉凡網路安全、雲端儲存及雲端運算等,其共同特徵便是需要處理非常大量的資訊,但舊有的傳統網路架構已逐漸無法滿足現今的網路需求,而如今網路功能虛擬化的應用變得越來越廣泛,傳統網路架構也將面臨來自新興軟體定義網路架構及雲端服務的挑戰。
    在現代的網路安全架構中,傳統防火牆已經無法滿足現今複雜網路部署的安全需求。而入侵檢測提供了對內部和外部攻擊的即時保護,其安全防護技術具積極主動之特性,也因此隨著網路結構的越趨複雜化,更顯示出其重要性。而在以入侵檢測為核心的防禦機制當中,基於規則導向的入侵檢測防禦機制能透過抓取網路上往來的封包,對取得的封包進行解封裝,從入侵者的攻擊行為模式及封包特徵來加以分析並比對特徵資料庫,以進行維護網路安全的目的。然而在分析的過程當中,若面臨到會產生巨大流量的攻擊時,由於需要鏡像攻擊的流量以抓取分析封包,因此可能造成產生出雙倍甚至更多的流量至系統當中,進而導致系統負載過高而癱瘓。
    而在本研究所提出的系統架構中,透過軟體定義網路架構的網路設定可程式化的特性,以自動產生OpenFlow規則的方式來設定網路安全的配置, 在軟體定義的環境下根據網路負載狀況來分配流量的轉發,並搭配開源入侵檢測軟體Snort的監控及分析,以達到維護網路安全效能的目的。;With the rapid evolution of network development, information producing has become more rapidly and massively. The co-feature of network security, cloud storage and cloud computing is that they all need to deal with very large amounts of information, but nowadays, the traditional network infrastructure has gradually unable to satisfy the needs of today′s network requirements. The applications of network functions virtualization become more widespread now, the traditional network architecture constantly needs to face the challenges coming from emerging software-defined networking (SDN) architecture and cloud services.
    In modern network security architecture, traditional firewall cannot fully satisfy the security needs of the complex network deployment. IDS (Intrusion Detection System) provides real-time protection against the internal attacks and external attacks. The security technology of IDS has active properties, therefore, it shows its importance in the increasingly complicated network structure. In the core of defense mechanisms based on intrusion detection, the rules-based intrusion detection and prevention mechanisms can crawl packets pass on the network and de-encapsulate them. Then, the defense mechanism will analyze the aggressive behavior of the invaders and the characteristics of the packets, and compare to the feature library, in order to achieve the purpose of maintaining network security. However, in the process of analyzing traffic, it sometimes needs to face to enormous attack traffic. In the meantime, the need to mirror the attack traffic in order to analysis could result in generating double or even more traffic to the system, and this excessive load may lead to paralyzing of the system.
    In the proposed method, SDN architecture is used to generate OpenFlow rules and set network security configuration automatically. By allocating the traffic according to the condition of network load under SDN environment, and with the ability of the open source intrusion detection software, Snort, to monitor and analysis the network, in order to achieve the purpose of maintaining network security.
    Appears in Collections:[通訊工程研究所] 博碩士論文

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML132View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback  - 隱私權政策聲明