中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/74765
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41654976      線上人數 : 2315
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/74765


    題名: 基於SDN、NFV與移動目標防禦之分散式阻斷服務攻擊防禦機制;SDN/NFV Based Moving Target DDoS Defense Mechanism
    作者: 黃柏勝;Huang, Bo-Sheng
    貢獻者: 資訊工程學系
    關鍵詞: 軟體定義網路;網路功能虛擬化;分散式阻斷服務攻擊;移動目標防禦;模糊理論;SDN;NFV;Moving Target Defense;DDoS;Fuzzy Theory
    日期: 2017-08-22
    上傳時間: 2017-10-27 14:38:41 (UTC+8)
    出版者: 國立中央大學
    摘要: 隨著科技的進步與連網裝置的普及,網路安全防護面臨嚴峻的挑戰。網路技術的快速發展也讓駭客的攻擊方式更加成熟且多樣化。如木馬病毒的散播、阻斷服務攻擊(Denial of Service, DoS)以及分散式阻斷服務攻擊(Distributed Denial of Service, DDoS)。其中最嚴重的資安問題之一便是分散式阻斷服務攻擊。網路技術的進步讓駭客的攻擊手法更加多元化,能夠透過切換不同的DDoS攻擊型態(SYN flooding、UDP flooding、ICMP flooding等)進行攻擊。若攻擊者發現攻擊方法無法達到預期目標時,也有可能轉換成其他的攻擊手法。如何有效偵測分散式阻斷服務攻擊並抵檔為重要的研究議題。
    為了應付資訊安全易攻難守的問題,新型的防禦思維:移動目標防禦(Moving Target Defense, MTD)被提出,目的在於透過不斷地變動系統的資訊來拖延攻擊者探測的時程與攻擊成功的副作用。新型網路架構:軟體定義網路(Software Defined Network, SDN)與網路功能虛擬化(Network Function Virtualization, NFV)的出現也改變了未來網路安全防護的模式,未來網路安全架構的設計將朝可程式化與虛擬化的方向演進。本論文提出基於SDN、NFV與移動目標防禦之分散式阻斷服務攻擊防禦機制。利用多重模糊系統進行DDoS的偵測,並利用移動目標防禦進行DDoS的減緩與防禦。在DDoS攻擊發生時,透過多重模糊系統偵測並阻擋重點攻擊流量;若有可疑之DDoS流量,則利用SDN與移動目標防禦的概念重新導向流量,使用者能不受攻擊影響,正常獲取服務。
    ;With the advancement of technology and popularity of networking devices, network security is facing severe challenges. The rapid development of Internet technology also makes the hacker′s attack more mature and diversified. Such as Trojan virus, Denial of Service (DoS) and Distributed Denial of Service (DDoS). One of the most serious security problems is DDoS attack.The Development of Internet technology have made hacker′s attack more diversified and can be switched to different DDoS attacks (UDP flooding, ICMP flooding, etc.). If the attacker found that the attack method can not achieve the desired goal, it may be converted into other attacks. How to effectively detect DDoS attacks and mitigate it is an important research topics.
    In order to cope with information security issues, the new defensive thinking: Moving Target Defense (MTD) was proposed, the purpose of MTD is to constantly change the system information to delay the attacker detect and probe scheduling. The emergence of the new network architecture: Software Defined Network (SDN) and Network Function Virtualization (NFV) has also changed the future of network security scheme. The future design of the network security architecture will towards the programmable network and virtualized. This paper proposes a Distributed Denial of Service attack defense mechanism based on SDN, NFV and Moving Target Defense.Explicit multiple fuzzy systems to achieve DDoS detection and using Proxy VNF based Moving Target Defense mechanism to achieve DDoS mitigation. Using SDN to control and redirect packets flexibly. If there is suspicious traffic, the proposed approach can redirect suspicious traffic and quarantine, therefore shift the attack surface.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML223檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明