DPDKFW:基於DPDK的高效能軟體防火牆

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：26

、訪客IP：3.145.188.162

姓名

黃士憲(Huang, Shi-Xian) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

DPDKFW:基於DPDK的高效能軟體防火牆

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2027-6-30以後開放)

摘要(中)

近年來分散式阻斷服務攻擊（Distributed Denial of Service，DDoS）愈發頻繁，手段也越來越多元。尤其近年來，IoT 設備已融入了人們的生或當中，也成了駭客攻擊的利器之一。近年也傳出道路的攝影機被利用來進行 DDoS 攻擊，造成許多服務中斷何相當大的財產損失。DPDK (Data Plane Development Kit) 這個由 Intel 開發的 library，讓開發者有一個方便的介面快速處理網路封包，在保有軟體的彈性優勢下，又擁有如高效率的優勢。本論文提供的一個新的系統架構，利用 DPDK 來協助開發一個抵禦 DDoS 的軟體防火牆，藉以解決現今重要的資安問題。

摘要(英)

In recent years, IoT devices becomes more and more popular, but it also makes some problems for information security. Because some IoT device are easy to hack, some hacker may use the IoT device to spawn DDoS (Distributed Denial of Service) attacks. We try to create a high performance firewall with DPDK (Data Plane Development Kit). Using this mechanism can help us building an IP allow list and block the abnormal connections.

關鍵字(中)

★ 分散式阻斷攻擊
★ Data Plane Development Kit

關鍵字(英)

★ Distributed Denial of Service
★ Data Plane Development Kit

論文目次

摘要 i
Abstract ii
致謝 iii
目錄 iv
圖目錄 vi
表目錄 viii
第 1 章緒論與背景介紹 1
1.1 DDoS 3
1.2 DPDK 4
第 2 章相關研究 7
2.1 Iptables 7
2.2 XDP 8
2.3 IDSPS 10
第 3 章系統架構 11
3.1 DPDK 攔截封包 11
3.2 White list 13
3.3 Rule updater 14
第 4 章系統效能分析 16
4.1 Iperf3 16
4.2 有效性驗證 18
4.3 系統效能分析 20
4.4 DDoS防禦實驗 24
第 5 章討論 29
5.1 擴大 hash bucket 29
5.2 使用紅黑樹實作 white list 29
第 6 章結論 31
參考文獻 32

參考文獻

[1]. Cisco Annual Internet Report, https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html, Last accessed: July, 2022
[2]. DDoS, https://www.kaspersky.com/resource-center/threats/ddos-attacks, Last accessed: July, 2022
[3]. DPDK, https://www.dpdk.org/charter/, Last accessed: July, 2022
[4]. DPDK API, https://doc.dpdk.org/api/, Last accessed: July, 2022
[5]. Iptables, https://linux.die.net/man/8/iptables, Last accessed: July, 2022
[6]. Iptables Process Flow, https://webguy.vip/example-of-iptables/, Last accessed: July, 2022
[7]. XDP, https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/, Last accessed: July, 2022
[8]. XDP Flow, https://nan01ab.github.io/2019/03/XDP.html, Last accessed: July, 2022
[9]. 朱以誠, “IDSPS: 應用在即時流量轉移機制下的入侵偵測系統”, June., 2021

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2022-7-29

推文