透過您的圖書館登入 IP:3.145.178.157
透過您的圖書館登入
IP:3.145.178.157
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

運用軟體定義網路消弭網路攻擊初期災害

Employing Software-defined Network to Eliminate the Early Disaster of Cyber Attacks

黃翊宸(Yi-Chen Huang)
指導教授 : 梁德昭
淡江大學/商管學院/資訊管理學系碩士班/碩士(2014年)
https://doi.org/10.6846/TKU.2014.01255
全文下載

摘要

在網路的世界中,防杜外部入侵與內部網路攻擊所造成的災害一向是重要的議題。如何有效的防範並減少網路攻擊成功的機會至關重要。早期通常仰賴入侵偵測或入侵防範系統來預警,如今有了軟體定義網路(SDN)的架構提出,使得原本的網路架構得以配合上自行開發之SDN應用程式能夠有效而及時的針對潛在的網路攻擊進行防衛及因應處置。 本文將提出將IDS配合SDN應用程式自動化的構想,用以優化IDS或IPS告警程序並縮短網管人員進行防火牆等網路設備修訂網路政策所需時間,進而降低網路攻擊成功之機會,同時封鎖網路攻擊封包來源,使攻擊封包進網路交換器傳送前即被丟棄,從而大量減少網路攻擊封包所消耗的頻寬。

關鍵字

軟體定義網路 OpenFlow 入侵偵測系統 Open vSwitch OpenDaylight

並列摘要

In cyber world, it has been always an important issue that to prevent disasters from external intrusion as well as internal attacks. How to effectively prevent from cyber attacks or reduce the damage of a successful cyber attacks are then critical to be explored. Usually they are rely on intrusion detection or intrusion prevention systems for early warning, however, a software-defined network (SDN) architecture has been proposed such that a self-developed SDN application program can be employed to effectively defense and timely response to the potential network attack . In this article, a concept that using IDS application with SDN automation is proposed. It can optimize IDS/IPS alert procedures and shorten the time of amending network security policy on network equipments such as firewall and routers. It is supposed to reduce the possibility of a successful cyber attack than the usual way. Furthermore, SDN cooperated with Open Flow can also discard attack packets in advance before they can enter into network switch, this will reduce the bandwidth consumed by network attacks.

並列關鍵字

SDN OpenFlow IDS Open vSwitch OpenDaylight

參考文獻

[13] 黃勝獅, "Botnet Traffic Analysis and Dectection by Using OpenFlow Switch," 2011.
[5] P. Stuckmann and R. Zimmermann, "European research on future Internet design," IEEE Wireless Communications, vol. 16, pp. 14-22, Oct. 2009.
[8] K. Bakshi, "Considerations for Software Defined Networking (SDN): Approaches and use cases," Aerospace Conference, 2013 IEEE, pp. 1-9, Mar. 2013.
[9] A. C. Risdianto and E. Mulyana, "Implementation and analysis of control and forwarding plane for SDN," Telecommunication Systems, Services, and Applications(TSSA), 2012 7th International Conference on, pp. 227-237, Oct. 2012.
[10] M.-K. Shin, K.-H. Nam, and H.-J. Kim, "Software-defined networking (SDN): A reference architecture and open APIs," ICT Convergence (ICTC), 2012 International Conference on, pp. 360-361, Oct. 2012.

被引用紀錄

黃逸旻(2017)。運用SDN控制內部網路安全之構想與實作〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2017.00382
丘文中(2016)。利用軟體定義網路(SDN)搭配資訊安全監控中心(SOC)自動化阻擋惡意活動〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2016.00576
葉龍騰(2014)。虛擬機上的網路安全管理探討〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2014.00832

延伸閱讀

全文下載