SDN 控制層異常行為偵測:以拓撲發現攻擊為例

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：38

、訪客IP：3.15.149.24

姓名

賴孟昇(Meng-Sheng Lai) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

SDN 控制層異常行為偵測:以拓撲發現攻擊為例
(Behavior Anomaly Detection in SDN Control Plane: A Case Study of Topology Discovery Attacks)

相關論文

★ 無線行動隨意網路上穩定品質服務路由機制之研究	★ 應用多重移動式代理人之網路管理系統
★ 應用移動式代理人之網路協同防衛系統	★ 鏈路狀態資訊不確定下QoS路由之研究
★ 以訊務觀察法改善光突發交換技術之路徑建立效能	★ 感測網路與競局理論應用於舒適性空調之研究
★ 以搜尋樹為基礎之無線感測網路繞徑演算法	★ 基於無線感測網路之行動裝置輕型定位系統
★ 多媒體導覽玩具車	★ 以Smart Floor為基礎之導覽玩具車
★ 行動社群網路服務管理系統－應用於發展遲緩兒家庭	★ 具位置感知之穿戴式行動廣告系統
★ 調適性車載廣播	★ 車載網路上具預警能力之車輛碰撞避免機制
★ 應用於無線車載網路上之合作式交通資訊傳播機制以改善車輛擁塞	★ 智慧都市中應用車載網路以改善壅塞之調適性虛擬交通號誌

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

隨著資訊科技的快速發展，智慧型裝置的普及，使用者對於網路服務即時處理能力及多樣化的服務需求也大幅提升，使得傳統網路服務的架構已無法滿足新興服務快速變動網路架構的需求。軟體定義網路(Software Defined Network，SDN) 及網路功能虛擬化 (Network Function Virtualization，NFV) 因此被提出，將實體複雜的網路架構轉變成虛擬、可程式化的架構，降低網路的複雜度，為傳統網路架構帶來重大的變革。軟體定義網路控制器使用開放流發現協議(OpenFlow Discovery Protocol，OFDP) 搜集網路拓撲狀態，OFDP 透過產生鏈路層發現協議 (Link Layer Discovery Protocol， LLDP) 封包探測各 OpenFlow 交換器間的鏈路，透過綜觀的網路拓撲資訊進行封包的路由及交換。然而 OFDP 並非完全安全的協議，可被攻擊者利用而進行拓撲發現插入攻擊、拓撲發現中間人攻擊以及拓撲發現洪水攻擊，進而混淆網路的拓墣狀態。
本論文提出 CTAD 機制運行於軟體定義網路控制器中，CTAD 是一個致力於拓撲發現攻擊的偵測機制，尤其是拓撲發現中間人攻擊，由於此中間人攻擊所重新導送的 LLDP 訊框實際上會經由拓撲中其他鏈路，因此本論文透過斯皮爾曼等級相關係數 (Spearman′s rank correlation) 測量鏈路間網路流量的相關性，以及分析各 LLDP 訊框往返時間的時間差，判斷網路是否存在拓撲發現中間人攻擊。本論文也在 LLDP 訊框中加入動態驗證密鑰及計數機制，避免攻擊者以拓撲發現插入攻擊產生假的鏈路以及拓撲發現洪水攻擊而造成網路路由或交換出現異常。

摘要(英)

With the rapid development of information technology and the popularity of smart devices, users′ demand for instant processing of network services and diversified services has also increased significantly, making the architecture of traditional network services unable to meet the rapidly changing network architecture of emerging services
Demand. Software-defined Networking (SDN) and Network Function Virtualization (NFV) have therefore been proposed to transform complex network architectures into virtual and programmable architectures to reduce network complexity, bringing about major changes to the traditional network architecture. SDN controller use OpenFlow Discovery Protocol (OFDP), which detects the links between the OpenFlow switches by generating Link Layer Discovery Protocol (LLDP) packets, to collect comprehensive network topology status for the routing and switching of packets. However, OFDP is not a completely secure protocol and can be used by attackers to perform topology discovery injection attack, topology discovery man-in-the-middle attack and topology discovery flood attack, thereby confusing the network topology.

關鍵字(中)

★ 軟體定義網路
★ 拓撲發現攻擊
★ 開放流發現協議
★ 鏈路層發現協議

關鍵字(英)

★ Software-Defined Networking
★ Topology Discovery Attack
★ OpenFlow Discovery Protocol
★ Link Layer Discovery Protocol

論文目次

摘要 i
Abstract ii
誌謝 iv
目錄 v
圖目錄 viii
表目錄 xi
第一章緒論 1
1.1 概要 1
1.2 研究動機 2
1.3 研究目的 3
1.4 章節架構 4
第二章背景知識與相關研究 5
2.1 軟體定義網路 5
2.1.1 軟體定義網路架構 5
2.1.2 OpenFlow 8
2.2 OFDP 11
2.2.1 LLDP 13
2.2.2 OpenFlow拓撲發現攻擊 14
2.3 網路功能虛擬化 18
2.4 相關係數 19
2.5 相關研究之比較 20
第三章研究方法 24
3.1 系統架構與設計 24
3.1.1 Topology Management各模組 25
3.1.2 LLDP Handling各模組 29
3.1.3 Correlation-based Topology Anomaly Detection各模組 30
3.2 系統運作流程與機制 33
3.2.1 系統假設與定義 34
3.2.2 資料符號表 35
3.2.3 CTAD運作流程 39
3.3 系統實作 50
第四章實驗與討論 53
4.1 情境一：拓撲發現插入攻擊討論 54
4.1.1 實驗一 Topology Discovery Injection Attack 54
4.1.2 實驗二 LLDP Packet with Verification Key 56
4.2 情境二：拓撲發現洪水攻擊討論 58
4.2.1 實驗三 LLDP Floodgate 58
4.2.2 實驗四 Flooding Mitigation 60
4.3 情境三：拓撲發現中間人攻擊討論 62
4.3.1 實驗五 Latency of LLDP Messages 62
4.3.2 實驗六 Distribution Analysis of Latency 66
4.3.3 實驗七 Latency of traffic replay over upper bound 68
4.3.4 實驗八 Detection of high speed traffic redirection 71
4.3.5 實驗九 CTAD Detection Rate 74
第五章結論與未來研究方向 75
5.1 結論 75
5.2 研究限制 75
5.3 未來研究方向 76
5.3.1 將混合式網路架構納入考量 76
5.3.2 縮短相關性分析時間 76
5.3.3 調整拓撲發現頻率 77
參考文獻 78

參考文獻

[1] (2018). Software-defined networking [Online]. Available: https://en.wikipedia.org/wiki/Software-defined_networking.
[2] E. T. S. I. (ETSI). Network Functions Virtualisation (NFV) Architectural Framework [Online]. Available: http://www.etsi.org/deliver/etsi_gs/nfv/001_099/002/01.01.01_60/gs_nfv002v010101p.pdf.
[3] Link Layer Discovery Protocol [Online]. Available: https://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol.
[4] OpenFlow Discovery Protocol [Online]. Available: https://groups.geni.net/geni/wiki/OpenFlowDiscoveryProtocol.
[5] RYU SDN Controller [Online]. Available: https://osrg.github.io/ryu/.
[6] Floodlight SDN Controller [Online]. Available: http://www.projectfloodlight.org/floodlight/.
[7] OpenDayLight SDN Controller [Online]. Available: https://www.opendaylight.org/.
[8] POX SDN Controller [Online]. Available: https://github.com/brandonheller/riplpox.
[9] S. Hong, L. Xu, H. Wang, and G. Gu, "Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures," in NDSS, 2015, vol. 15, pp. 8-11.
[10] T. Alharbi, M. Portmann, and F. Pakzad, "The (in) security of topology discovery in software defined networks," in 2015 IEEE 40th Conference on Local Computer Networks (LCN), 2015: IEEE, pp. 502-505.
[11] D. Smyth, S. McSweeney, D. O′Shea, and V. Cionca, "Detecting link fabrication attacks in software-defined networks," in 2017 26th International Conference on Computer Communication and Networks (ICCCN), 2017: IEEE, pp. 1-8.
[12] A. Azzouni, N. T. M. Trang, R. Boutaba, and G. Pujolle, "Limitations of openflow topology discovery protocol," in 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net), 2017: IEEE, pp. 1-3.
[13] A. Azzouni, R. Boutaba, N. T. M. Trang, and G. Pujolle, "sOFTDP: Secure and efficient topology discovery protocol for SDN," arXiv preprint arXiv:1705.04527, 2017.
[14] A. Nehra, M. Tripathi, M. S. Gaur, R. B. Battula, and C. Lal, "SLDP: A secure and lightweight link discovery protocol for software defined networking," Computer Networks, vol. 150, pp. 102-116, 2019.
[15] M. J. Allen and W. M. Yen, Introduction to measurement theory. Waveland Press, 2001.
[16] P4 (Programming Protocol-Independent Packet Processors) [Online]. Available: https://p4.org/.
[17] O. N. Foundation. Stratum [Online]. Available: https://www.opennetworking.org/stratum/.
[18] O. N. Foundation. ONOS - A new carrier-grade SDN network operating system designed for high availability, performance, scale-out. [Online]. Available: https://onosproject.org/.
[19] N. McKeown et al., "OpenFlow: enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008.
[20] A. Shalimov, D. Zuikov, D. Zimarina, V. Pashkov, and R. Smeliansky, "Advanced study of SDN/OpenFlow controllers," in Proceedings of the 9th central & eastern european software engineering conference in russia, 2013: ACM, p. 1.
[21] A. Azzouni, O. Braham, T. M. T. Nguyen, G. Pujolle, and R. Boutaba, "Fingerprinting OpenFlow controllers: The first step to attack an SDN control plane," in 2016 IEEE Global Communications Conference (GLOBECOM), 2016: IEEE, pp. 1-6.
[22] H. Zhang, Z. Cai, Q. Liu, Q. Xiao, Y. Li, and C. F. Cheang, "A survey on security-aware measurement in SDN," Security and Communication Networks, vol. 2018, 2018.
[23] H. Zimmermann, "OSI reference model-the ISO model of architecture for open systems interconnection," IEEE Transactions on communications, vol. 28, no. 4, pp. 425-432, 1980.
[24] V. Z. Attar and P. Chandwadkar, "Network discovery protocol lldp and lldp-med," International Journal of Computer Applications, vol. 1, no. 9, pp. 93-97, 2010.
[25] K. Benton, L. J. Camp, and C. Small, "OpenFlow vulnerability assessment," in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, 2013: ACM, pp. 151-152.
[26] T.-H. Nguyen and M. Yoo, "Analysis of link discovery service attacks in SDN controller," in 2017 International Conference on Information Networking (ICOIN), 2017: IEEE, pp. 259-261.
[27] O. Network, "Network functions virtualization, an introduction, benefits, enablers, challenges and call for action," SDN OpenFlow SDN OpenFlow World Congr, 2012.
[28] J. Networks, "What is Network Functions Virtualization?."
[29] B. Lantz, B. Heller, and N. McKeown, "A network in a laptop: rapid prototyping for software-defined networks," in Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, 2010: ACM, p. 19.
[30] N. Handigol, B. Heller, V. Jeyakumar, B. Lantz, and N. McKeown, "Reproducible network experiments using container-based emulation," in Proceedings of the 8th international conference on Emerging networking experiments and technologies, 2012: ACM, pp. 253-264.
[31] R. Taylor, "Interpretation of the correlation coefficient: a basic review," Journal of diagnostic medical sonography, vol. 6, no. 1, pp. 35-39, 1990.
[32] J. Benesty, J. Chen, Y. Huang, and I. Cohen, "Pearson correlation coefficient," in Noise reduction in speech processing: Springer, 2009, pp. 1-4.
[33] L. Myers and M. J. Sirois, "Spearman correlation coefficients, differences between," Encyclopedia of statistical sciences, vol. 12, 2004.
[34] J. Laurikkala, M. Juhola, E. Kentala, N. Lavrac, S. Miksch, and B. Kavsek, "Informal identification of outliers in medical data," in Fifth international workshop on intelligent data analysis in medicine and pharmacology, 2000, vol. 1, pp. 20-24.
[35] D. J. Hamad, K. G. Yalda, and I. T. Okumus, "Getting traffic statistics from network devices in an SDN environment using OpenFlow," Information Technology and Systems, pp. 951-956, 2015.
[36] A. Nicolae, L. Gheorghe, M. Carabas, N. Tapus, and C.-L. Duta, "LLDP packet generator," in 2015 14th RoEduNet International Conference-Networking in Education and Research (RoEduNet NER), 2015: IEEE, pp. 7-11.
[37] T. T. Group. The TCPdump Network Dissector [Online]. Available: https://github.com/the-tcpdump-group/tcpdump.
[38] Pcap editing and replay tools for *NIX and Windows [Online]. Available: https://github.com/appneta/tcpreplay.
[39] D. Cousineau and S. Chartier, "Outliers detection and treatment: a review," International Journal of Psychological Research, vol. 3, no. 1, pp. 58-67, 2010.

指導教授

周立德(Li-Der Chou)

審核日期

2019-8-15

推文