隨著網路不斷的發展,網路上的資料越來越重要,網路交易也越來越頻繁。 同時網路犯罪開始興起,而殭屍網路(botnet)就是其中一種。殭屍網路有攻擊 者隱密、且彈性大的特性,而且能夠一次對多台電腦進行控制。 本篇論文以IRC 協定的botnet 為研究對象,首先說明botnet 的運作機制, 和botnet 對於資安人員難以解決的問題。接著介紹由史丹佛大學開發的NetFPGA 網卡和openflow 計劃的特色及優點,並說明用linux gateway 來阻擋的效率問題。 本篇論文透過史丹佛大學設計的NetFPGA 和openflow 網路,設計了一套可以使 用openflow switch 來偵測已中毒的電腦。我們假設正常使用者皆會瀏覽網頁, 利用openflow switch 將中毒的電腦導向至一個警告頁面,告知使用者中毒資訊, 再透過網路的封鎖策略,讓使用者了解解決中毒情況的必要性和急迫性。Over the years, the network developed quickly and constantly. Because the rise of trade networks, data on the network become more and more important. Unfortunately, the rise of internet crime became a big problem at the same time such as Botnet. Botnet have hidden attackers, and the characteristics of high flexibility, but also an ability to control multiple computers. This paper describes the IRC-based botnet. First, we explain the botnet behavior and the hard to solve problems for security officer. Then we introduced the NetFPGA card developed by the Stanford University and explained the openflow project features and advantages. These devices are used as a linux gateway to be an efficient firewall. This paper use the NetFPGA card and openflow network project designed by Stanford University to detect bot in the botnet. Assume that normal users browser web everyday, we use openflow switch redirect the bot traffic to a particular page that show the warning information. Then through the network disconnected strategy, we try to let the user know the necessity and urgency.
