English  |  正體中文  |  简体中文  |  Items with full text/Total items : 74010/74010 (100%)
Visitors : 24642158      Online Users : 338
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/71995

    Title: 基於SDN及負載平衡考量之DoS攻擊防禦系統設計;Design of SDN based DoS Protection System with Load Balance Consideration
    Authors: 陳品睿;Chen,Pin-Jui
    Contributors: 通訊工程學系
    Keywords: 軟體定義網路(Software-Defined Network, SDN);負載平衡(Load Balancing);入侵檢測系統(Intrusion Detection System, IDS);Snort;Software-Defined Network;SDN;Load Balancing;Intrusion Detection System;IDS;Snort
    Date: 2016-08-10
    Issue Date: 2016-10-13 14:10:55 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著網路發展的迅速演進,資訊的產生也變得更加快速且巨量,舉凡網路安全、雲端儲存及雲端運算等,其共同特徵便是需要處理非常大量的資訊,但舊有的傳統網路架構已逐漸無法滿足現今的網路需求,而如今網路功能虛擬化的應用變得越來越廣泛,傳統網路架構也將面臨來自新興軟體定義網路架構及雲端服務的挑戰。
    而在本研究所提出的系統架構中,透過軟體定義網路架構的網路設定可程式化的特性,以自動產生OpenFlow規則的方式來設定網路安全的配置, 在軟體定義的環境下根據網路負載狀況來分配流量的轉發,並搭配開源入侵檢測軟體Snort的監控及分析,以達到維護網路安全效能的目的。;With the rapid evolution of network development, information producing has become more rapidly and massively. The co-feature of network security, cloud storage and cloud computing is that they all need to deal with very large amounts of information, but nowadays, the traditional network infrastructure has gradually unable to satisfy the needs of today′s network requirements. The applications of network functions virtualization become more widespread now, the traditional network architecture constantly needs to face the challenges coming from emerging software-defined networking (SDN) architecture and cloud services.
    In modern network security architecture, traditional firewall cannot fully satisfy the security needs of the complex network deployment. IDS (Intrusion Detection System) provides real-time protection against the internal attacks and external attacks. The security technology of IDS has active properties, therefore, it shows its importance in the increasingly complicated network structure. In the core of defense mechanisms based on intrusion detection, the rules-based intrusion detection and prevention mechanisms can crawl packets pass on the network and de-encapsulate them. Then, the defense mechanism will analyze the aggressive behavior of the invaders and the characteristics of the packets, and compare to the feature library, in order to achieve the purpose of maintaining network security. However, in the process of analyzing traffic, it sometimes needs to face to enormous attack traffic. In the meantime, the need to mirror the attack traffic in order to analysis could result in generating double or even more traffic to the system, and this excessive load may lead to paralyzing of the system.
    In the proposed method, SDN architecture is used to generate OpenFlow rules and set network security configuration automatically. By allocating the traffic according to the condition of network load under SDN environment, and with the ability of the open source intrusion detection software, Snort, to monitor and analysis the network, in order to achieve the purpose of maintaining network security.
    Appears in Collections:[通訊工程研究所] 博碩士論文

    Files in This Item:

    File Description SizeFormat

    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明