在網路的蓬勃發展下,軟體定義網路(Software Defined Networking, SDN)的概念被廣泛應用於各個領域。透過將控制層與資料層切割,並將控制層集中管理,讓網路管理者可以更輕易的管控整體網路。然而隨著物聯網等網路裝置數量的急遽增加,使SDN控制器的負擔越來越重,於此同時,Programming Protocol-independent Packet Processors(P4)被提出。P4是一個與SDN截然不同的概念,P4交換器可以透過P4專屬的程式來操作網路傳輸的資料層,透過定義新的協定等,能夠做到許多單純SDN無法達成的目標。通過兩者的結合,可以讓網路管理者更輕鬆細膩的管理網路。而入侵偵測系統(Intrusion Detection System, IDS)是一種透過捕捉網路封包分析其舉動,作為判斷是否為惡意攻擊的依據。 本論文所提出的方法名稱為基於動態時間校正之服務層級調整演算法(Dynamic-time-wArping based Service LEvel Regulating Algorithm, DASLERA),旨在防禦阻斷式服務攻擊(Denial of Service, DoS)以及位址解析協定欺騙攻擊(Address Resolution Protocol Spoofing, ARP Spoofing)。透過入侵偵測系統與P4網路的結合,減輕SDN控制器的負擔,並透過服務層級的設定讓網路管理者可以更有彈性的管理網路。DASLERA在判斷出惡意攻擊者有93.6%的準確度,同時保持控制器的CPU平均使用率低於20%。 ;With the booming of the Internet, the concept of Software Defined Networking (SDN) is widely used in various fields. By separating the control plane and data plane from the traditional network and centralizing the control plane, network administrators can more easily control the overall network. However, with the rapid increase in the number of network devices such as the Internet of Things, the overhead on SDN controllers has become heavier and heavier. P4 is a very different concept from SDN, as P4 switches can operate the data plane of network transport through P4-specific programs, and can achieve many goals that cannot be achieved by SDN alone, by defining new protocols, etc. Through the combination of the two, network administrators can manage their networks with greater ease and sophistication. The Intrusion Detection System (IDS) is a system that captures network packets and analyzes their behavior to determine if they are malicious attacks. The method proposed in this paper aims to prevent Denial of Service (DoS) and Address Resolution Protocol Spoofing (ARP Spoofing) defenses, called Dynamic-time-wArping based Service LEvel Regulating Algorithm (DASLERA). Through the integration of intrusion detection system and P4 network, the overhead of SDN controller is reduced, and the service level setting allows network administrators to manage the network more flexibly. DASLERA has 93.6% accuracy in determining malicious attackers while keeping the average CPU usage of the controller below 20%.
