請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/68681
標題: | 一套針對流量表攻擊所發展出的低成本防禦策略 A Low-Overhead, Robust Defending Strategy Against Flow Table Attacks |
作者: | Hsu Yang 楊勖 |
指導教授: | 逄愛君(Ai-Chun Pang) |
關鍵字: | 軟體定義網路,資訊安全,網路架構, Software-defined network,security,network architecture, |
出版年 : | 2017 |
學位: | 碩士 |
摘要: | 因為擁有全域視角,軟體定義網路為現在的網路界提供許多新穎的解法。然而,這個網路結構本身也有一些新的缺陷。本篇論文主要是防禦流量表攻擊,由指紋分析攻擊與控制平面癱瘓攻擊這兩種攻擊所構成。當軟體定義網路中的交換器遭受此攻擊時,交換器本身的記憶體資源會被快速消耗,造成交換器本身的效率降低。在最糟的情況下,交換器會永久當機。在本篇論文中,我們有調查並提出一些新的防禦方法防禦上述的兩種攻擊。我們也有實作我們的防禦方法並在真實環境下可以有效的防禦與減緩攻擊所造成的傷害。我們相信只要結合我們與以前的方法,我們可以有效的阻擋流量表攻擊。 By given a single control instance global view of the network, the concept of software defined network (SDN) has enlightened and brought many new solutions to the network community. However, the architecture of SDN also has new vulnerabilities that can be exploited. This paper focused on the flow table attack, which is composed of two known attacks that is unique in SDN, fingerprinting attack and data to control plane saturation attack. When the switch is attacked, the memory inside the switch is exhausted and the performance of the switch will suffer serious degradation. In the worst case, the switch will failed forever due to out of memory.In this paper, we have surveyed and proposed new solutions to defend against flow table attack. We have evaluated our solution and proof that our solution can effectively defend and mitigate the flow table attack. We believe by combining our defense with previous solutions, we can effectively defend against flow table attack. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/68681 |
DOI: | 10.6342/NTU201703550 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊網路與多媒體研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-106-1.pdf 目前未授權公開取用 | 2.6 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。