A Solution for Detecting and Defending ARP Spoofing on Virtual Machines

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：66

、訪客IP：3.145.188.16

姓名

曾宇澤(Yu-Tse Tseng) 查詢紙本館藏

畢業系所

資訊工程學系在職專班

論文名稱

(A Solution for Detecting and Defending ARP Spoofing on Virtual Machines)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統	★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection	★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection	★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences	★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility	★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment	★ PrivacyGuard：A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

為了更有效利用中央處理器的效能，虛擬化也越來越被廣泛使用且非常容易建構，一台實體主機上同時執行多個虛擬作業體統是常見的情況，多台虛擬主機組成的虛擬網路，資料連接層的攻擊也跟著出現在這些虛擬網路上，例如網路位址解析欺騙、媒體存取控制位址替換攻擊等。由於虛擬主機有可預先包裝的特性，有很多已經包裝好特定服務的虛擬主機，方便使用者透過網路下載直接佈屬，如包裝 Apache 伺服器的虛擬主機，使用者下載佈屬後就立即使用，因為使用者無法掌握這些虛擬主機實際包裝的服務，使得虛擬主機不能被性任，我們想在Linux KVM 開源虛擬機器平台上實做，驗證一套不需複雜設定的資料連接層防護偵測系統是否可行，並以網路位址解析欺騙的偵測防護作為首要實做項目。

摘要(英)

In order to make more effective use of CPU performance, virtualization has also become more and more widely used and very easy to build, it is a common situation to perform multiple virtual machines simultaneously on a physical host, virtual network composed of multiple virtual machines comes also, Layer 2 attacks also appeared on these virtual networks, for example ARP spoofing, MAC spoofing attacks. Because the virtual machine has packing features, lot of packed virtual machines can be downloaded at INTERNET, user can directly provision those packed virtual machines to physical host, we can′t ensued these is no any malicious software packed in the virtual machine, therefore the virtual machine download from INTERNET is un-trustable, above reasons made us want to implement a system in Linux KVM, verify the feasibility of a Layer 2 protection detection system that does not require complex settings, and take the detection and protection of ARP spoofing as the first practical item.

關鍵字(中)

★ 虛擬機器
★ 位址解析協定
★ 位址解析協定欺騙

關鍵字(英)

★ KVM
★ VM
★ ARP Spoofing
★ QEMU
★ libvirt
★ ARP

論文目次

摘要 i
Abstract ii
目錄 iii
圖目錄 v
表目錄 vi
一、緒論 1
1-1 研究背景 1
1-2 研究動機 1
二、背景介紹 3
2-1 背景知識 3
2-1-1 ARP 3
2-1-2 ARP Spoofing 6
2-1-3 QEMU 8
2-1-4 KVM 9
2-1-5 libvirt 10
2-2 相關研究 11
2-2-1 S-ARP 11
2-2-2 靜態ARP記錄 11
2-2-3 Layer-2交換器 12
三、系統設計 13
3-1 VMADS架構 15
3-1-1 VMs Info Table 15
3-1-2 Main Process (Main_P) 15
3-1-3 VM Event Process (VM_EVENT_P) 16
3-1-4 Package Monitor Process (PKG_MONITOR_P) 16
3-2 運作流程 17
四、實驗 18
4-1 實際運作 18
4-1-1 實驗環境 18
4-1-2 執行畫面 18
4-2 吞吐量測試 20
4-2-1 測試工具與參數 20
4-2-2 測試結果 20
4-3 基準測試 22
4-3-1 測試工具與參數 22
4-3-2 測試結果 22
五、結論與未來方向 23
參考文獻 24

參考文獻

[1] D. Plummer, An Ethernet Address Resolution Protocol (RFC826), 1982
[2] QEMU. Available: http://wiki.qemu.org/Main_Page
[3] VMware: Understanding Full Virtualization, Paravirtualization, and Hardware Assist:https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/VMware_paravirtualization.pdf
[4] libvirt: The virtualization API. Available: http://libvirt.org/index.html
[5] 陳信宏,”The Fault Tolerant KVM implementation”,p6, 國立中央大學, 碩
士論文, 2014
[6] Dac-Nhuong Le, Raghvendra Kumar, Gia Nhu Nguyen, Jyotir Moy Chatterjee, Cloud Computing and Virtualization, John Wiley & Sons, Inc., 2018
[7] Jonas Andre, Johannes Naab∗,” Open vSwitch Configuration for Separation of KVM/libvirt VMs”, Technical University of Munich, 2019
[8] xvisor: http://wiki.csie.ncku.edu.tw/embedded/xvisor
[9] Qemu JIT Code Generator and System Emulation: https://www.slideshare.net/jserv/qemu-jit-code-generator-and-system-emulation
[10] KVM (Kernel-based Virtual Machine) + KQEMU: http://benjr.tw/3631
[11] Roopa Govind , Mamatha T, “Validating The CPU Usage Statistics Provided By Linux KVM Hypervisor”, INTERNATIONAL JOURNAL OF ENGINEERING RESEARCH & TECHNOLOGY, Vol. 02, Issue 04, IJERT, April 2013
[12] Ankit Anand, Mohit Dhingra, J. Lakshmi, S. K. Nandy, “Resource usage monitoring for KVM based virtual machines”, Advanced Computing and Communications, IEEE, Dec. 2012
[13] Kernel-based Virtual Machine: http://benjr.tw/3620
[14] Virtualization 虛擬化: http://benjr.tw/3383
[15] QEMU machine emulator (Ubuntu): http://benjr.tw/96243
[16] THE TCP/IP GUIDE: http://www.tcpipguide.com/index.htm
[17] WIKI: ARP spoofing: https://en.wikipedia.org/wiki/ARP_spoofing
[18] D. Bruschi, A. Ornaghi, E. Rosti, “S-ARP: a Secure Address Resolution Protocol”, ACSAC, IEEE, 2003
[19] Cristina L. Abad ; Rafael I. Bonilla, “An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks”, ICDCSW′07, IEEE, 2007
[20] Todd Lammle著, CCNA認證教戰手冊, 林慶德, 陳宇芬譯, 旗標出版股份有限公司, 台北市, 2011
[21] Yuksel Arslan, “A solution for ARP spoofing: Layer-2 MAC and protocol filtering and arpserver”, 2017
[22] Vagrant: https://www.vagrantup.com/intro

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2020-6-12

推文