中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/89920
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41660510      線上人數 : 1780
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/89920


    題名: P4環境中運用入侵偵測系統針對物聯網攻擊之偵防機制;Detection and Mitigation of IoT Attacks Based on Intrusion Detection System in P4 Networks
    作者: 張晁誌;Chang, Chao-Chih
    貢獻者: 資訊工程學系
    關鍵詞: 軟體定義網路;入侵偵測系統;P4;阻斷式服務攻擊;位址解析協定欺騙攻擊;動態時間校正;Software Defined Networking;Intrusion-Detection System;Programming Protocol-independent Packet Processors;DoS;ARP Spoofing;Dynamic Time Warping
    日期: 2022-08-10
    上傳時間: 2022-10-04 12:04:52 (UTC+8)
    出版者: 國立中央大學
    摘要: 在網路的蓬勃發展下,軟體定義網路(Software Defined Networking, SDN)的概念被廣泛應用於各個領域。透過將控制層與資料層切割,並將控制層集中管理,讓網路管理者可以更輕易的管控整體網路。然而隨著物聯網等網路裝置數量的急遽增加,使SDN控制器的負擔越來越重,於此同時,Programming Protocol-independent Packet Processors(P4)被提出。P4是一個與SDN截然不同的概念,P4交換器可以透過P4專屬的程式來操作網路傳輸的資料層,透過定義新的協定等,能夠做到許多單純SDN無法達成的目標。通過兩者的結合,可以讓網路管理者更輕鬆細膩的管理網路。而入侵偵測系統(Intrusion Detection System, IDS)是一種透過捕捉網路封包分析其舉動,作為判斷是否為惡意攻擊的依據。
    本論文所提出的方法名稱為基於動態時間校正之服務層級調整演算法(Dynamic-time-wArping based Service LEvel Regulating Algorithm, DASLERA),旨在防禦阻斷式服務攻擊(Denial of Service, DoS)以及位址解析協定欺騙攻擊(Address Resolution Protocol Spoofing, ARP Spoofing)。透過入侵偵測系統與P4網路的結合,減輕SDN控制器的負擔,並透過服務層級的設定讓網路管理者可以更有彈性的管理網路。DASLERA在判斷出惡意攻擊者有93.6%的準確度,同時保持控制器的CPU平均使用率低於20%。
    ;With the booming of the Internet, the concept of Software Defined Networking (SDN) is widely used in various fields. By separating the control plane and data plane from the traditional network and centralizing the control plane, network administrators can more easily control the overall network. However, with the rapid increase in the number of network devices such as the Internet of Things, the overhead on SDN controllers has become heavier and heavier. P4 is a very different concept from SDN, as P4 switches can operate the data plane of network transport through P4-specific programs, and can achieve many goals that cannot be achieved by SDN alone, by defining new protocols, etc. Through the combination of the two, network administrators can manage their networks with greater ease and sophistication. The Intrusion Detection System (IDS) is a system that captures network packets and analyzes their behavior to determine if they are malicious attacks.
    The method proposed in this paper aims to prevent Denial of Service (DoS) and Address Resolution Protocol Spoofing (ARP Spoofing) defenses, called Dynamic-time-wArping based Service LEvel Regulating Algorithm (DASLERA). Through the integration of intrusion detection system and P4 network, the overhead of SDN controller is reduced, and the service level setting allows network administrators to manage the network more flexibly. DASLERA has 93.6% accuracy in determining malicious attackers while keeping the average CPU usage of the controller below 20%.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML36檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明