- 學位論文
應用OpenFlow於網路流量變異偵測之系統實現
A Distributed Network Change Detection System with OpenFlow on NetFPGA
摘要
近年來網路攻擊事件層出不窮,如端口掃描、蠕蟲、分散式阻斷攻擊等,此類攻擊造成短時間內網路流量的巨變,且攻擊者不一定為單一來源,通常攻擊事件的產生,其源頭來自於電腦,因此要能防範此類網路攻擊行為,需要仰賴快速且精確量測網路封包的流量,並透過多個觀測點於邊緣網路(Edge Network),才可以「全面性」的角度偵測異常流量的變化並找出可疑來源,此外,發現可疑來源時,必須即時限制其網路使用,以恢復網路正常傳輸。 本研究透過軟體定義網路,使用OpenFlow架構,實現分散式網路流量變異偵測系統於NetFPGA-1G開發平台。本系統於邊緣網路節點中,配置量測模組及OpenFlow交換器,量測模組藉由速寫演算法的硬體實現,快速摘要網路流量;透過IPFIX傳輸協定,將各個量測模組摘要結果,送至單一OpenFlow控制器進行分析及偵測,即時辨識異常來源、並通知交換器改變封包轉送的流向,適時對異常封包做相關處理,達到有效防止異常流量影響正常封包傳送的目標。本論文除了使用流量紀錄檔測試系統效能,並在機房佈建此系統,驗證真實網路環境系統之功能性。
並列摘要
A sketch-based network traffic change detection system is implemented based on a NetFPGA-1G development board. The detection system is capable of identifying flows with volume above a predefined threshold. These flow IDs are sent to the OpenFlow switches immediately with certain action defined by the network administrator through OpenFlow protocol. Due to the linearity of the sketch property, the summary data structure created by the detection system can be forwarded to a central controller through IPFIX protocol. Therefore, the administrator can construct a global view on the network traffic for heavy-changes. The system are verified with real-world traces and deployed in local area networks connecting laboratories in Gigabit Ethernet.