透過您的圖書館登入 IP:3.128.199.210
透過您的圖書館登入
IP:3.128.199.210
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

於NetFPGA平台實現基於速寫演算法之高速網路流量資訊熵值估算分析

Sketch-based Entropy Estimation for High-speed Network Traffic Analysis on the NetFPGA Platform

黃柏瑜(Po-Yu Huang)
指導教授 : 賴裕昆
中原大學/電機資訊學院/電機工程學系/碩士(2020年)
https://doi.org/10.6840/cycu202000498
全文下載

摘要

網際網路規模快速增加,攻擊手段亦日漸多樣使網路安全議題備受重視。網路流量監測常使用資訊熵值作為分析的指標,於高速網路環境中因現有網路設備難以進行熵值的即時計算與統計,故本論文探討熵值估算演算法,並使用P4程式語言實現了擁有即時熵值估算功能的交換器,且具體實現在NetFPGA-SUME開發平台,可達成線速(40Gbps)的資訊熵值估算,當中的熵值估算功能使用記憶體空間3.51KB近似了原論文法帶有對數、三角函數等的運算流程,可達成與之相近的效能。   此熵值估算功能以Verilog HDL實現為P4外部函式,彌補了原有Xilinx SDNet之函式庫於網路監測功能方面的不足,並可供其他使用者透過SDNet引用,使其能專注開發基於熵值的進階功能。

關鍵字

網路流量監測 資訊熵 即時 高速網路環境 FPGA P4程式語言

並列摘要

With the rapid increase of network and different types of attacks, cybersecurity issues have received much attention. Entropy can be used as an indicator for network traffic analysis; however, in the high-speed network environment, it is a time-consuming task to calculate Entropy in real time. Therefore, this paper presents a network switch implementation with Entropy estimation function on the NetFPGASUME platform using the P4 language. The function of Entropy estimation is implemented in Verilog HDL in the form of the P4 extern as an extra Xilinx SDNet library. Entropy extern libraries can be referenced by P4 application developers through the SDNet compiler easily. The switch can estimate Entropy at 40Gbps wire speed in real time, and the system only uses memory space of 3.51KB with similar accuracy compared to that of the original algorithm, which contains logarithm and trigonometric functions.

並列關鍵字

Network traffic analysis Entropy Real-time FPGA P4

參考文獻

[1] P. Bereziński, B. Jasiul, and M. Szpyrka, “An entropybased network anomaly detection method,” vol. 17, no. 4, pp. 2367–2408. [Online]. Available: http://www.mdpi.com/10994300/17/4/2367
[2] C.K.Han and H.K.Choi, “Effective discovery of attacks using entropy ofpacket dynamics,” vol. 23, no. 5, pp. 4–12, conference Name: IEEE Network.
[3] Y. Kanda, R. Fontugne, K. Fukuda, and T. Sugawara, “ADMIRE: Anomaly detection method using entropybased PCA with threestep sketches,” vol. 36, no. 5, pp. 575–588. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0140366412003994
[4] C. Callegari, S. Giordano, and M. Pagano, “Entropybased network anomaly detection,” in 2017 International Conference on Computing, Networking and Communications (ICNC), pp. 334–340.
[5] V. Bartos and M. Žadnik, “Hardware precomputation of entropy for anomaly detection,” in 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems, pp. 219–220.

延伸閱讀

全文下載