SDN自適應性自動化網路安全之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：18

、訪客IP：18.217.6.114

姓名

江自翔(Tzu-hsiang Chiang) 查詢紙本館藏

畢業系所

通訊工程學系在職專班

論文名稱

SDN自適應性自動化網路安全之研究
(The Study of Adaptive Automation Network Security)

相關論文

★ UHF頻段RFID彈藥管理系統之設計、實作與評估	★ 移動物偵測與追蹤之IP Camera系統
★ Wi-Fi Direct Service 應用於IoT	★ 射頻前端電路應用於載波聚合長期演進技術
★ 3C無線充電裝置運用在車載系統所產生之EMI輻射	★ 基於LoRa技術的物聯網前端防盜警示感測裝置實作與評估
★ DOCSIS 3.1 效能研究與下行通道干擾阻隔之設計	★ 藍芽無線光學投影翻譯筆
★ 手持裝置應用於MIMO ( 8x8 ) Wi-Fi系統之設計	★ 基於無伺服器運算之智慧農業雲端系統設計與研究
★ 嵌入式系統實現電梯物聯網	★ 在802.11 Ad-Hoc網路中基於速率考量之路由協定設計
★ 合作博弈與灰色模糊方法改善無線網路之性能	★ 採用拍賣策略之動態分散式方法於減少叢集小型基地台間干擾之研究
★ 在LTE-A下聚合未授權頻譜及動態分配資源以優化系統效能	★ LTE-A網路中聚合未授權頻譜之資源分配策略研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

從SDN相關技術在安全性方面所即將面臨的安全與威脅進行探討與研究，探討有關於SDN技術所特有的集中性、可控性和網路的可程式化性，在提高相關網路安全性能所具備的優勢，如網路拓譜監控等；同時也提出了SDN技術也將會引入新的安全性威脅和所承受的風險等等。同時可以從研究中發現，SDN技術對於網路安全性能的提升尤為突出，透過sFlow與Snot的結合運用，使它對網路流量具有極強的控制能力，將使得流量安全防護將會變得更加靈活和有效率，它的集中性可以控制來源IP的地址以及網路源頭追朔等方面的解決方案。
而FRESCO安全應用開發框架本身是屬於OpenFlow應用的一種，它是對NOX Controller進行的二次開發：在對NOX內核進行安全加強的基礎上，對外提供遺留網絡安全系統的Port，保證平台的最大相容性；並且向上提供方便快捷的FRESCO Script API，以及內置了16個以庫形式提供的可重用模組，通過使用FRESCO Script，以及調用模組，就可以加快安全應用的開發速度。

摘要(英)

To explore and study the opportunities and threats SDN related technologies in terms of safety are going to face, discuss about SDN technology-specific focus, controllability and network programmable resistance, to improve the safety performance of the relevant network It has advantages, such as spectrum monitoring network extension; but also made SDN technology will also be introducing new security threats and risk exposure and so on. At the same time can be found from the study, SDN technology for Internet security performance improvements especially through the use of a combination of sFlow and Snot, makes it to network traffic with a strong ability to control, will allow traffic safety will become more flexible and efficient, its concentration can be controlled source IP addresses and other aspects of the network traceable solutions. The FRESCO security application development framework itself is a kind of OpenFlow applications, it is the secondary development of NOX Controller undertaken: On the basis of NOX kernel strengthen security on the external Port legacy network to provide security systems to ensure maximum phase Platform Capacitive; and provide convenient FRESCO Script API, and a built-in library 16 provided in the form of reusable modules by using FRESCO Script, and invoking modules, you can accelerate the development of safe applications up.

關鍵字(中)

★ SDN
★ 集中性
★ 可程式化
★ FRESCO
★ NOX Controller

關鍵字(英)

★ SDN
★ concentration
★ programmable
★ FRESCO
★ NOX Controller

論文目次

目錄 I
圖目錄 IV
表目錄 VII
第一章緒論 1
1.1前言 1
1.2研究動機 1
1.3論文架構 3
第二章相關背景及研究 4
2.1SDN技術簡介 4
SDN技術發展現狀 5
SDN信任(certificate)整合 5
SDN機制與部屬 6
2.2SDN的整體架構 6
SDN流量攻擊檢測 7
OpenFlow接入控制 8
網路監控 9
2.3 IP防禦架構 10
SDN控制端是攻擊目標嗎？ 11
第三章SDN安全應用開發框架 13
3.1 FRESCO：KERNEL NOX 13
FreSCO開發框架 13
FreSCO應用層 14
3.2 FRESCO開發環境 16
3.3 SCRIPT開發 17
3.4 FRSCO安全加強核心 21
第四章SDN自適應性安全控制分析 23
4.1 OPENFLOW AND SFLOW 23
4.2 運用SNORT部屬SFLOW監控及自動告警系統 24
結合SNORBY圖形化SNORT操作介面 24
Install Snort in CentOS 6.5 24
4.3 運用SNORBY & PFSENSE構建入侵防禦系統 30
PFSENSE技術架構 31
PFSENSE優勢 31
PFSENSE的配置與相關佈署 32
4.4 SFLOW結合SNORT(SNORBY)之實驗原理與架構 38
實驗步驟 40
佈署架構SFLOW AGENT 41
PFSENSE在結合SNORT達到自動告警與封包過濾 46
第五章結論與未來研究 47
5.1 SDN網路安全將成為發展趨勢 47
5.2 SDN將為IT產業帶來更好的安全性 48
5.3OPENFLOW與SDN將成為網路的未來 49
研究建議 49
結論與未來發展目標 50
參考文獻 51
附錄 PFSENSE、SNORT之系統核心模組 56

參考文獻

[1] DAI, B., WANG, H.-y., XU, G., & YANG, J. (2014, 8). Opportunities and threats coexist in SDN security. Application Research of Computers, 31(8), pp. 1-9.

[2] Zhang, C., Cui , Y., & Wu, J. (2014, 8 19). State-of-the-Art Survey on Software-Defined Networking (SDN). 軟體學報 ISSN 1000-9825, CODEN RUXUEW, pp. 1-20.

[3] Shackleford, D., &少寧, 曾. (2013, 8 16). SDN如何實現自動化網路安全性？. Retrieved from 51CTO.com: http://netsecurity.51cto.com/art/201308/407340.htm

[4] OpenFlow and sFlow. Retrieved from SDN analytics and control using sFlow standard: http://blog.sflow.com/2011/05/openflow-and-sflow.html

[5] Johnson, S., & Target, T. (2013, 10 21). 解讀SDN:安全引領的技術(2). Retrieved from 51CTO.com: http://netsecurity.51cto.com/art/201310/413580_1.htm

[6] Duffy, J. (2011, 10 19). OpenFlow and SDN: Networking′s future? Retrieved from NetworkWorld: http://www.networkworld.com/article/2182319/data-center/openflow-and-sdn--networking-s-future-.html?page=1

[7] Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., & Tyson, M. (2013, 2). FRESCO: Modular Composable Security Services for Software-Defined Networks. To appear in the ISOC Network and Distributed System Security Symposium, pp. 15-20.

[8] Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., & Tyson, M. (2013, 2). FRESCO: Modular Composable Security Services for Software-Defined Networks. To appear in the ISOC Network and Distributed System Security Symposium, pp. 3-4.

[9] E. Al-shaer, W. Marrero, A. El-atawy, and K. Elbadawi. Network Configuration in A Box: Towards End-to-End Verification of Network Reachability and Security. In The 17th IEEE International Conference on Network Protocols(ICNP), 2009.

[10] Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., & Tyson, M. (2013, 2). FRESCO: Modular Composable Security Services for Software-Defined Networks. To appear in the ISOC Network and Distributed System Security Symposium, pp. 1-16.

[11] Gude N, Koponen T, Pettit J, et al. Nox: Towards an oper-ating system for networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(3): 105-110. .

[12] DAI, B., WANG, H.-y., XU, G., & YANG, J. (2014, 8). Opportunities and threats coexist in SDN security. Application Research of Computers, 31(8), pp. 3.

[13] JIANG, G., FU, B., CHEN, M., & ZHANG, L. (2014, 1 23). Survey and Quantitative Analysis of SDN Controllers. Journal of Frontiers of Computer Science and Technology, pp. 2-12.

[14] M. Canini, D. Venzano, P. Peresini, D. Kostic, and J. Rexford. A NICE Way to Test OpenFlow Applications. In Proceedings of NSDI, 2012.

[15] SDN自動化網路安全的成就者. Retrieved from CommuerNet: http://www.commernet.cn/newsny.asp?id=615

[16] M. Casado, T. Garfinkel, M. Freedman, A. Akella, D. Boneh, N. McKeowon, and S. Shenker. SANE: A Protection Architecture for Enterprise Networks. In Proceedings Usenix Security Symposium, August 2006.

[17] M. Marwah, S. Mishra, and C. Fetzer, “Fault-tolerant and scalable tcp splice and web server architecture.”in SRDS ’06：Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems. IEEE Computer Society, 2006, pp. 301–310. .

[18] Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., & Tyson, M. (2013, 2). FRESCO: Modular Composable Security Services for Software-Defined Networks. To appear in the ISOC Network and Distributed System Security Symposium, pp. 3-9.

[19] Mckeown N, Anderson T, Balakrishnan H, et al. OpenFlow: Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69-74. .

[20] N. Gude, T. Koponen, et al.,“NOX：towards an operating system for networks”, ACM SIGCOMM Computer Communication Review, 2008, pp. 105-110. .

[21] Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., & Tyson, M. (2013, 2). FRESCO: Modular Composable Security Services for Software-Defined Networks. To appear in the ISOC Network and Distributed System Security Symposium, pp. 4-7.

[22] OpenFlow和SDN的殺手級應用是什麼？. (2011年10月21日). 擷取自 51CO.com: http://network.51cto.com/art/201110/298724.htm

[23] FRESCO:SDN安全控制器框架.擷取自loy的專欄: http://blog.csdn.net/gulansheng/article/details/39582095

[24] Zhang, C., Cui , Y., & Wu, J. (2014, 8 19). State-of-the-Art Survey on Software-Defined Networking (SDN). 軟體學報 ISSN 1000-9825, CODEN RUXUEW, pp. 10-15.

[25] Tootoonchian A, Ganjali Y. HyperFlow: A distributed control plane for OpenFlow[C]//Proceedings of the 2010 Internet Network Management Workshop/Workshop on Research on Enterprise Networking (INM/WREN′10), San Jose, 2010. Berkeley, CA, USA: USENIX Associat.

[26] Z. Cai, A. L. Cox, and T. E. Ng. Maestro: A System for Scalable OpenFlow Control. In Rice University Technical Report, 2010.

[27] Zhang , J. (2014, 12 9). SDN Communication Quality Assurance Strategy with DDoS Defense and Routing Optimization. pp. 2-36.

[28] Zhang, C., Cui , Y., & Wu, J. (2014, 8 19). State-of-the-Art Survey on Software-Defined Networking (SDN). 軟體學報 ISSN 1000-9825, CODEN RUXUEW, pp. 5-20.

[29] 侯柏丞, &高勝助. (2013). 以OpenFlow實現SDN建置多服務導向的KMLN虛擬叢集. The 9th International Conference on Knowledge Community KC2013.

[30] 結合sFlow與Snort建置自動化檢查及告警系統. Retrieved from NetAdmin: http://www.netadmin.com.tw/article_content.aspx?sn=1204300003&jump=1

[31] Pfsense和Snorby. Retrieved from Pfsense and Snorby: http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/3874

[32] 基於Mininet的網路流量監控. Retrieved from SDN LAB: http://www.sdnlab.com/3760.html

[33] sFlow流量監控之DDoS防禦. Retrieved from liushy.com: http://liushy.com/2015/01/27/sflow-ddos-dos/

[34] pFsense:開源防火牆打造固若金湯網路. Retrieved from liushy.com: http://netsecurity.51cto.com/art/200810/92669_al1.htm

[35] SDN與網路安全的交叉融合成為發展趨勢. Retrieved from liushy.com: http://netsecurity.51cto.com/art/201303/386354.htm

[36] SDN能否帶來更好的IT安全性. Retrieved from liushy.com: http://netsecurity.51cto.com/art/201409/450381.htm

[37] OpenFlow與SDN會成為網路的未來嗎. Retrieved from liushy.com: http://network.51cto.com/art/201110/298415.htm

指導教授

吳中實(Jung-shyr Wu)

審核日期

2015-7-16

推文