摘要: | 隨著網路發展的迅速演進,資訊的產生也變得更加快速且巨量,舉凡網路安全、雲端儲存及雲端運算等,其共同特徵便是需要處理非常大量的資訊,但舊有的傳統網路架構已逐漸無法滿足現今的網路需求,而如今網路功能虛擬化的應用變得越來越廣泛,傳統網路架構也將面臨來自新興軟體定義網路架構及雲端服務的挑戰。 在現代的網路安全架構中,傳統防火牆已經無法滿足現今複雜網路部署的安全需求。而入侵檢測提供了對內部和外部攻擊的即時保護,其安全防護技術具積極主動之特性,也因此隨著網路結構的越趨複雜化,更顯示出其重要性。而在以入侵檢測為核心的防禦機制當中,基於規則導向的入侵檢測防禦機制能透過抓取網路上往來的封包,對取得的封包進行解封裝,從入侵者的攻擊行為模式及封包特徵來加以分析並比對特徵資料庫,以進行維護網路安全的目的。然而在分析的過程當中,若面臨到會產生巨大流量的攻擊時,由於需要鏡像攻擊的流量以抓取分析封包,因此可能造成產生出雙倍甚至更多的流量至系統當中,進而導致系統負載過高而癱瘓。 而在本研究所提出的系統架構中,透過軟體定義網路架構的網路設定可程式化的特性,以自動產生OpenFlow規則的方式來設定網路安全的配置, 在軟體定義的環境下根據網路負載狀況來分配流量的轉發,並搭配開源入侵檢測軟體Snort的監控及分析,以達到維護網路安全效能的目的。;With the rapid evolution of network development, information producing has become more rapidly and massively. The co-feature of network security, cloud storage and cloud computing is that they all need to deal with very large amounts of information, but nowadays, the traditional network infrastructure has gradually unable to satisfy the needs of today′s network requirements. The applications of network functions virtualization become more widespread now, the traditional network architecture constantly needs to face the challenges coming from emerging software-defined networking (SDN) architecture and cloud services. In modern network security architecture, traditional firewall cannot fully satisfy the security needs of the complex network deployment. IDS (Intrusion Detection System) provides real-time protection against the internal attacks and external attacks. The security technology of IDS has active properties, therefore, it shows its importance in the increasingly complicated network structure. In the core of defense mechanisms based on intrusion detection, the rules-based intrusion detection and prevention mechanisms can crawl packets pass on the network and de-encapsulate them. Then, the defense mechanism will analyze the aggressive behavior of the invaders and the characteristics of the packets, and compare to the feature library, in order to achieve the purpose of maintaining network security. However, in the process of analyzing traffic, it sometimes needs to face to enormous attack traffic. In the meantime, the need to mirror the attack traffic in order to analysis could result in generating double or even more traffic to the system, and this excessive load may lead to paralyzing of the system. In the proposed method, SDN architecture is used to generate OpenFlow rules and set network security configuration automatically. By allocating the traffic according to the condition of network load under SDN environment, and with the ability of the open source intrusion detection software, Snort, to monitor and analysis the network, in order to achieve the purpose of maintaining network security. |