博碩士論文 111553015 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:33 、訪客IP:3.145.206.121
姓名 莊坤華(KUN HUA CHUANG)  查詢紙本館藏   畢業系所 通訊工程學系在職專班
論文名稱
(High-Performance Multifunctional Application Firewall Based on DPDK and VPP)
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2029-6-30以後開放)
摘要(中) 這篇論文介紹了一種利用Data Plane Development Kit(DPDK)和Vector Packet Processing(VPP)技術的高性能多功能應用防火牆。HPM-WAF結合了DPDK和VPP的高性能封包處理和轉發能力,以及靈活的規則配置和豐富的安全功能,例如HTTP洪水防護和ISP封鎖。此外,DPDK和VPP的整合提升了HPM-WAF的性能和效率,使其能夠處理各種L7攻擊和複雜的應用場景。
摘要(英) With the increase in data volume and network attacks, the demand for high-performance multifunctional application firewall in enterprises is becoming increasingly urgent. This paper introduces a high-performance multifunctional application firewall that leverages Data Plane Development Kit (DPDK) and Vector Packet Processing (VPP) technologies. This HPM-WAF combines the high-performance packet processing and forwarding capabilities of DPDK and VPP, along with flexible rule configuration and rich security features e.g. HTTP Flood protection and ISP blocking. Additionally, the integration of DPDK and VPP enhances the performance and efficiency of the HPM-WAF, enabling it to handle varies of L7 attacks and complex application scenarios.
關鍵字(中) ★ DDoS
★ WAF
★ DPDK
★ VPP
★ HTTP洪水攻擊
★ ISP阻擋
關鍵字(英) ★ DDoS
★ WAF
★ DPDK
★ VPP
★ HTTP flood
★ ISP blocking
論文目次 Index High-Performance Multifunctional Application Firewall Based on DPDK and VPP .... i 中文摘要......................................................................................................................... i Abstract .......................................................................................................................... ii Figure Index ................................................................................................................... v Table Index ................................................................................................................... vii Chapter 1 Introduction ................................................................................................... 1 1.1 Background ...................................................................................................... 2 1.2 Motivation ........................................................................................................ 3 Chapter 2 Related Work ................................................................................................. 4 2.1 DPDK ............................................................................................................... 4 2.2 Vector Packet Processing (VPP) ...................................................................... 5 2.3 Nginx................................................................................................................ 5 2.4 ModSecurity ..................................................................................................... 6 2.5 MaxMind.......................................................................................................... 7 2.6 Country-Based Cyber Attack ........................................................................... 7 2.7 Common L7 DDoS Attacks ........................................................................... 8 2.7.1 HTTP Flood .......................................................................................... 8 2.7.2 SQL Injection ........................................................................................ 9 2.7.3 XSS ....................................................................................................... 9 Chapter 3 System Design ............................................................................................. 10 3.1 System Architecture ....................................................................................... 11 3.1.1 DPDK based VPP Architecture ........................................................... 11 3.1.2 HTTP Flood Protect Mechanism ........................................................ 12 iv 3.1.3 ISP Blocking ....................................................................................... 13 Chapter 4 Evaluation .................................................................................................... 14 4.1 Lab Topology ................................................................................................. 14 4.2 Validity Verification ....................................................................................... 15 4.3 Performance Test ............................................................................................ 16 4.3.1 SQL Injection Protection Validation ................................................... 17 4.3.2 XSS Protection Validation .................................................................. 21 4.3.3 HTTP Flood Protection Validation ...................................................... 22 4.3.4 ISP Blocking Validation ...................................................................... 25 Chapter 5 Discussion ................................................................................................... 26 5.1 Design Limitation .......................................................................................... 26 5.2 Future work .................................................................................................... 26 Chapter 6 Conclusion ................................................................................................... 27 Reference ..................................................................................................................... 28
參考文獻 1. Rizki Agung Muzaki, Hamzah Ritchi, Hamzah Ritchi, Hamzah Ritchi (2020) Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall, IEEE 2020 International Workshop on Big Data and Information Security (IWBIS) IEEE
2. Victor Clincy, Hossain Shahriar, Web Application Firewall: Network Security Models and Configuration, 2018 42nd IEEE International Conference on Computer Software & Applications IEEE
3. Timilehin David Sobola; Pavol Zavarsky; Sergey Butakov (2020), Experimental Study of ModSecurity Web Application Firewalls. IEEE 6th Intl Conference, DOI: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00045
4. FD.io VPP-SSwan and Linux-CP – Integrate StrongSwan with World’s First Open Sourced 1.89 Tb IPsec Solution Technology Guide visited 2024/1 Intel.com
5. What is the Vector Packet Processor (VPP) visited 2024/1 https://s3-docs.fd.io/vpp/24.06/
6. OWASP application layer attacks visited 2024/2 https://owasp.org/www-community/attacks/
7. Microsoft Digital Defense Report 2023 visited 2024/3 https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
8. Cloudflare DDoS threat report for 2023 Q3 visited 2024/3 https://blog.cloudflare.com/ddos-threat-report-2023-q3
9. Cloudflare DDoS threat report for 2023 Q4 visited 2024/3 https://blog.cloudflare.com/ddos-threat-report-2023-q4
10. Core Rule Set: Introduction to Paranoia Levels visited 2024/3 https://coreruleset.org/docs/concepts/paranoia_levels/
11. Mapping the global geography of cybercrime with the World Cybercrime Index https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0297312
12. Frank Piessens,Frank Piessens, Wouter Joosen,Pierre Verbaeten (2006), Bridging the gap between web application firewalls and web applications DOI: https://doi.org/10.1145/1180337.1180344
13. Sunil Sukumaran Nair (2024), Securing Against Advanced Cyber Threats: A Comprehensive Guide to Phishing, XSS, and SQL Injection Defense DOI: https://doi.org/10.32996/jcsts.2024.6.1.9
14. Maxmind IP Geolocation and Intelligence Databases and Web Services. Visited 2024/4 https://www.maxmind.com/en/solutions/ip-geolocation-databases-api-services
15. Nginx Architecture and scalability https://nginx.org/en/docs/
16. Modern HTTP benchmarking tool. Visited 2024/5 https://github.com/wg/wrk
17. LOIC (low orbit ion cannon) - DOS attacking tool. visited 2024/5 https://www.infosecinstitute.com/resources/hacking/loic-dos-attacking-tool/
指導教授 許富皓 陳永芳(Fu-Hau Hsu Yung-Fang Chen) 審核日期 2024-7-15
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明