傳統的網路架構複雜,導致管理人員必須花費大量時間來維護系統,為改善傳統的網路架構而提出了軟體定義網路(SDN),配合上不同的 SDN 應用程式,能夠有效而即時的針對網路攻擊進行防衛及因應對策。 本文提出利用 SDN 實現防火牆及 IDS 功能來防止內部網路攻擊,可根據不同的需求制定不同的規則,並即時阻擋封包來源,降低網路攻擊成功的機會,保護網路之安全。
The traditional network architecture is complex, leading system administrators to spend a lot of time to maintain the system, to improve the traditional network architecture and put forward the Software Definition Network (SDN), with different SDN applications, can be effective and immediate Defend against network attack and respond. This thesis proposes using SDN to implement the functions of firewall and IDS for preventing internal network from attacks, according to different needs to develop different rules, and immediately block the source of the packet, reduce the chance of successful network attacks to protect the security of the network.