- 學位論文
利用軟體定義網路(SDN)搭配資訊安全監控中心(SOC)自動化阻擋惡意活動
Use Software Define Network Integration Security Operations Center Automation Block Cyber Attack
摘要
傳統的網路設計架構無法有效防止駭客日益精進的攻擊,為改善傳統網路架構,我們嘗試在軟體定義網路(SDN)環境下,使用交換機取代傳統防火牆設備,並整合資訊安全監控中心(SOC),透過SOC收集各資安設備、網路設備、資料庫、作業系統、應用程式之日誌,從成千上萬錯綜複雜之日誌檔中即時擷取資訊事件與安全狀態進行關連性分析比對,找出潛在或危害組織資訊安全之行為,並即時阻擋該危險流量,透過整合可即時自動化的針對源自於外部與內部的攻擊加以防禦。 實驗結果顯示,本論文所提出SDN(設備集中化)結合SOC(資訊集中化)之概念能正確運作,並有效降低調整安全政策所需之人工作業。
並列摘要
Traditional designed network architectures are hardly effectively prevent network security from hackers increasingly sophisticated attacks. To improve the traditional network architecture for better preventation, we try to replace the traditional firewall device to software-defined network (SDN) environment by integrated using of switches and integrated information security monitoring center (SOC). The SOC collects various information from security devices, network device logs, database, operating system, applications, the intricacies of log files. From thousands of instant capture information security events connected state analysis comparison identify hazards in or organization of information security behavior shallow, and immediately stop the dangerous traffic, instant automated defense against them comes from external and internal attacks through integration. The experimental results also show that the paper proposed SDN (centralized device) combined (IT centralization) of the SOC concept works correctly, and effectively reduce the manual work required to adjust the security policy.