中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/93310
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 80990/80990 (100%)
造访人次 : 42143306      在线人数 : 1267
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
  • 进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/93310


    题名: 設計與實作基於驗證路由資訊一致性之自動化 BGP 路由 過濾策略與安全機制;Design and Implementation of an Automated BGP Routing Filtering Strategy and Security Mechanism based on Validation of Route Information Consistency
    作者: 徐郁齊;Hsu, Yu-Chi
    贡献者: 資訊管理學系
    关键词: BGP;路由過濾;軟體定義網路;自動化;BGP;Route Filtering;Softwared-Defined Network;Automation
    日期: 2023-08-17
    上传时间: 2024-09-19 16:53:17 (UTC+8)
    出版者: 國立中央大學
    摘要: 網路的快速發展,已派發的自治系統及 IP 地址數量龐大,其中,自治系統之間的 關係錯綜複雜,而自治系統之間藉由 BGP 協定交換路由資訊,BGP 協定本身並無附帶 之安全機制,於是迄今為止,出現許多惡意、非惡意的路由宣告,造成網際網路中發生 許多路由洩漏以及路由劫持,然而,陸續有許多防範 BGPHijack 的框架及方法,其中 最熱門、相較之下也最被廣為採用的即為 RPKI 框架,但時至今日,RPKI 的部署以及 ROA 的創建,在全球的路由之中仍然尚未到達半數以上,即代表網路中,多數路由之 ROV 結果,仍然為 NotFound,若將網路安全性作為第一優先考量,強硬地在邊界路由 器上設定只接收 RPKI-valid 之路由,則會大幅影響網路的連接性以及可達性。因此本 研究基於網路的連接性、可達性以及安全性之考量,設計並實作一套基於驗證路由資訊 一致性之自動化佈署 BGP 路由過濾策略的系統,持續監聽網路介面,過濾 BGP 封包, 並解析封包內容,並根據所收到的 BGPUpdateMessage,查詢 InternetRoutingRegistry 資料庫,根據該路由於分散式資料庫中的資訊,產生路由過濾策略,並將路由過濾策略 部署至自治系統內的邊界路由器,企圖在 RPKI-NotFound 之路由當中進一步過濾潛在的 惡意路由,避免將惡意路由收進路由表中,加以散播惡意路由資訊,以此提升自治系統 及整體網路安全性。;With the rapid development of the network, a large number of autonomous systems and IP addresses have been distributed. Among them, the relationship between the autonomous systems is intricate, and the routing information is exchanged between the autonomous systems through the BGP protocol. Today, the establishment of ROA has not yet reached more than half of the routes in the world, which means that most routes in the network have not yet registered ROA. Considering network security, if the border router is set to only accept RPKI-valid routes, it will greatly affect the connectivity and reachability of the network. Therefore, based on the consideration of network connectivity, reachability and security, this research designs and implements a set of automatic deployment BGP routing filtering policy system based on verifying the consistency of routing information. It continuously monitors the network interface, filters BGP packets, and analyzes the packet content. Leveraging data acquired from BGP neighbors, the system proficiently liaises with the IRR database. Proactively, it meticulously filters potential malicious routes, forestalling their entry into the routing table and inhibiting further propagation. This astute tactic significantly fortifies the security of autonomous systems, thus reinforcing the overall network′s robustness.
    显示于类别:[資訊管理研究所] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML21检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明