中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/74765
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78852/78852 (100%)
Visitors : 37841248      Online Users : 551
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/74765


    Title: 基於SDN、NFV與移動目標防禦之分散式阻斷服務攻擊防禦機制;SDN/NFV Based Moving Target DDoS Defense Mechanism
    Authors: 黃柏勝;Huang, Bo-Sheng
    Contributors: 資訊工程學系
    Keywords: 軟體定義網路;網路功能虛擬化;分散式阻斷服務攻擊;移動目標防禦;模糊理論;SDN;NFV;Moving Target Defense;DDoS;Fuzzy Theory
    Date: 2017-08-22
    Issue Date: 2017-10-27 14:38:41 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 隨著科技的進步與連網裝置的普及,網路安全防護面臨嚴峻的挑戰。網路技術的快速發展也讓駭客的攻擊方式更加成熟且多樣化。如木馬病毒的散播、阻斷服務攻擊(Denial of Service, DoS)以及分散式阻斷服務攻擊(Distributed Denial of Service, DDoS)。其中最嚴重的資安問題之一便是分散式阻斷服務攻擊。網路技術的進步讓駭客的攻擊手法更加多元化,能夠透過切換不同的DDoS攻擊型態(SYN flooding、UDP flooding、ICMP flooding等)進行攻擊。若攻擊者發現攻擊方法無法達到預期目標時,也有可能轉換成其他的攻擊手法。如何有效偵測分散式阻斷服務攻擊並抵檔為重要的研究議題。
    為了應付資訊安全易攻難守的問題,新型的防禦思維:移動目標防禦(Moving Target Defense, MTD)被提出,目的在於透過不斷地變動系統的資訊來拖延攻擊者探測的時程與攻擊成功的副作用。新型網路架構:軟體定義網路(Software Defined Network, SDN)與網路功能虛擬化(Network Function Virtualization, NFV)的出現也改變了未來網路安全防護的模式,未來網路安全架構的設計將朝可程式化與虛擬化的方向演進。本論文提出基於SDN、NFV與移動目標防禦之分散式阻斷服務攻擊防禦機制。利用多重模糊系統進行DDoS的偵測,並利用移動目標防禦進行DDoS的減緩與防禦。在DDoS攻擊發生時,透過多重模糊系統偵測並阻擋重點攻擊流量;若有可疑之DDoS流量,則利用SDN與移動目標防禦的概念重新導向流量,使用者能不受攻擊影響,正常獲取服務。
    ;With the advancement of technology and popularity of networking devices, network security is facing severe challenges. The rapid development of Internet technology also makes the hacker′s attack more mature and diversified. Such as Trojan virus, Denial of Service (DoS) and Distributed Denial of Service (DDoS). One of the most serious security problems is DDoS attack.The Development of Internet technology have made hacker′s attack more diversified and can be switched to different DDoS attacks (UDP flooding, ICMP flooding, etc.). If the attacker found that the attack method can not achieve the desired goal, it may be converted into other attacks. How to effectively detect DDoS attacks and mitigate it is an important research topics.
    In order to cope with information security issues, the new defensive thinking: Moving Target Defense (MTD) was proposed, the purpose of MTD is to constantly change the system information to delay the attacker detect and probe scheduling. The emergence of the new network architecture: Software Defined Network (SDN) and Network Function Virtualization (NFV) has also changed the future of network security scheme. The future design of the network security architecture will towards the programmable network and virtualized. This paper proposes a Distributed Denial of Service attack defense mechanism based on SDN, NFV and Moving Target Defense.Explicit multiple fuzzy systems to achieve DDoS detection and using Proxy VNF based Moving Target Defense mechanism to achieve DDoS mitigation. Using SDN to control and redirect packets flexibly. If there is suspicious traffic, the proposed approach can redirect suspicious traffic and quarantine, therefore shift the attack surface.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML242View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明