English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 63753/63753 (100%)
造訪人次 : 18904497      線上人數 : 44
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77781


    題名: 基於P4交換機之移動目標防禦網路;P4 Switch-Based Solution for Moving Target Defense Networks
    作者: 黃聖閎;Huang, Sheng-Hung
    貢獻者: 資訊工程學系
    關鍵詞: 軟體定義網路;Programming protocol-independent packet processors;分散式阻斷服務攻擊;移動目標防禦;Entropy;Software-defined Networking;Programming protocol-independent packet processors;Moving Target Defense;Distributed Denial of Service;Entropy
    日期: 2018-08-22
    上傳時間: 2018-08-31 14:56:07 (UTC+8)
    出版者: 國立中央大學
    摘要: 近年來,新型的網路架構以及防禦思維興起,其中軟體定義網路(SDN)的技術被提出,將其網路交換機中控制層與資料層分離,將其控制層從交換機硬體中移除後透過軟體集中管理化。隨者其技術的成熟,Programming protocol-independent packet processors(P4)被提出,使其資料層之傳輸也可透過軟體被定義實作,達到意義上真正的軟體定義網路。另一方面,為了解決現今網路架構設定之天生缺陷,移動目標防禦概念(Moving Target Defense)被提出。透過不斷的變化防禦目標資訊,來達到混淆攻擊者且切換其攻擊層面為其主要核心概念。本論文致力於研究將SDN/P4網路結合其移動目標防禦概念進行相關之攻擊進行防禦,透過P4其網路較能彈性變化之特性實作移動目標防禦機制。
    本論文所提出的P4MTD是一致力於資料獨立的防禦機制,透過給予使用者之伺服器virtual IP address進行分群,以將其偵測者從多方使用者中偵測出來。為了有效的降低在軟體定義網路下CDPI(Control-Data-Plane-Interface)之overhead,其運用P4下protocol-independency特性撰寫特殊之表頭以利在資料層能夠有效的將其使用者封包進行導向至不同伺服器而不需再透過中央控制器進行控管。此外,透過在軟體定義網路中可彈性變化在網路中傳輸之virtual IP address來進行移動目標防禦機制,此機制能夠有效的將其攻擊者之攻擊導向至黑洞來保護主機伺服器。本論文也透過熵(Entropy)針對DDoS(Distributed Denial of Service)攻擊進行偵測,其DDoS防禦上最難以偵測之特性為攻擊來源來自不同裝置,需對其攻擊者從使用者中獨立出來,在本論文中透過移動目標防禦機制進行防禦,故不需在攻擊者與使用者的行為屬性中進行辨認就能達到有效防禦的功能。
    ;In recent years, novel network architectures and defensive thinking have arisen. Software-defined network (SDN) technology is proposed to decouple the control plane from network devices and implements it in software instead. With the evolution of technology, Programming protocol-independent packet processors(P4) have been proposed, which ensures the data plane can also be defined by software to achieve a true software-defined network. On the other hand, in order to solve the inherent defects of the current network architecture settings, the Moving Target Defense was proposed. The main concept of MTD is that confusing the attacker through the constant change of defense target information. We study the SDN/P4 network in combination with moving target defense concept for defending related attacks.
    We present P4MTD, a data-independent defense mechanism, it is grouped by the server’s virtual IP address to detect insiders from multiple users. In order to effectively reduce the overhead of CDPI (Control-Data-Plane-Interface) in the software-defined network, it uses the protocol-independency feature of P4 to write a special header to effectively redirect the packets to different servers without communication of control plane. Besides, the moving target defense mechanism is implemented by dynamically changing the virtual IP address, which can effectively redirect the attacker’s packet to the black holes to protect the target server. We also uses Entropy to detect DDoS(Distributed Denial of Service) attacks. The most difficult feature to detect on DDoS is that the source of attackers come from different devices, and it needs to be distinguish attacker from users. In this paper, the mechanism is implemented by the moving target defense mechanism, so that it is possible to achieve an effective DDoS defense without being identified the behavior attributes of the attacker and the user.
    Keyword: Software-defined Networking; Programming protocol-independent packet processors; Moving Target Defense; Distributed Denial of Service; Entropy
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML21檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋  - 隱私權政策聲明