請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/68681
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 逄愛君(Ai-Chun Pang) | |
dc.contributor.author | Hsu Yang | en |
dc.contributor.author | 楊勖 | zh_TW |
dc.date.accessioned | 2021-06-17T02:30:22Z | - |
dc.date.available | 2022-09-14 | |
dc.date.copyright | 2017-09-14 | |
dc.date.issued | 2017 | |
dc.date.submitted | 2017-08-18 | |
dc.identifier.citation | [1] Zafar Ayyub Qazi, Cheng-Chun Tu, Luis Chiang, Rui Miao, Vyas Sekar, and Minlan Yu. Simple-fying middlebox policy enforcement using sdn. ACM SIGCOMM computercommunicationreview,43(4):27–38,2013. [2] Sushant Jain, Alok Kumar, Subhasree Mandal, Joon Ong, Leon Poutievski, Arjun Singh, Subbaiah Venkata,Jim Wanderer,Junlan Zhou, Min Zhu, et al. B4: Experience with a globally-deployed software defined wan. ACM SIGCOMM Computer CommunicationReview,43(4):3–14,2013. [3] Diego Kreutz,Fernando Ramos,and Paulo Verissimo. Towards secure and dependable software-defined networks. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pages 55–60.ACM,2013. [4] Phillip A Porras, Steven Cheung, Martin W Fong, Keith Skinner, and Vinod Yegneswaran. Securing the software defined network control layer. In NDSS, 2015. [5] Sungmin Hong, LeiXu, Haopei Wang,and Guofei Gu. Poisoning network visibility in software-defined networks: New attacks and countermeasures. In NDSS, 2015. [6] Amin Tootoonchian, Sergey Gorbunov, Yashar Ganjali, Martin Casado, and Rob Sherwood. On controller performance in software-defined networks. [7] An Wang,Yang Guo,Fang Hao,TV Lakshman,and Songqing Chen. Scotch: Elastically scaling up sdn control-plane using vswitchbasedoverlay. InProceedingsof the 10th ACM International on Conference on emerging Networking Experiments andTechnologies,pages403–414.ACM,2014. [8] Maciej Kuźniar,Peter Perešíni, and Dejan Kostić. What you need to know about sdn flow tables. In International Conference on Passive and Active Network Measurement,pages347–359.Springer,2015. [9] Heng Cui,Ghassan O Karame,Felix Klaedtke, and Roberto Bifulco. On the finger printing of software-defined networks. IEEE Transactions on Information Forensics and Security,11(10):2160–2173,2016. [10] Bin Yuan, Deqing Zou, Shui Yu, Hai Jin, Weizhong Qiang, and Jinan Shen. Defending against flow table overloading attack in software-defined networks. IEEE Transactions on Services Computing,2016. [11] Seungwon Shin and Guofei Gu. Attacking software-defined networks: A first feasibility study. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pages 165–166. ACM, 2013. [12] Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. Avant-guard: scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC conference on Computer communications security,pages413–424.ACM,2013. [13] Haopei Wang,Lei Xu,andGuofei Gu.Floodguard: a dos attack prevention extension in software-defined networks. In Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conferenceon, pages 239–250. IEEE, 2015. [14] Xin Jin, Hongqiang Harry Liu, Rohan Gandhi, Srikanth Kandula, Ratul Mahajan, Ming Zhang,Jennifer Rexford,and Roger Wattenhofer. Dynamic scheduling of network updates. In ACM SIGCOMM Computer Communication Review, volume44, pages 539–550.ACM, 2014. [15] Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. A scalable, commodity datacenter network architecture.In ACM SIGCOMM Computer Communication Review,volume38,pages63–74.ACM,2008. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/68681 | - |
dc.description.abstract | 因為擁有全域視角,軟體定義網路為現在的網路界提供許多新穎的解法。然而,這個網路結構本身也有一些新的缺陷。本篇論文主要是防禦流量表攻擊,由指紋分析攻擊與控制平面癱瘓攻擊這兩種攻擊所構成。當軟體定義網路中的交換器遭受此攻擊時,交換器本身的記憶體資源會被快速消耗,造成交換器本身的效率降低。在最糟的情況下,交換器會永久當機。在本篇論文中,我們有調查並提出一些新的防禦方法防禦上述的兩種攻擊。我們也有實作我們的防禦方法並在真實環境下可以有效的防禦與減緩攻擊所造成的傷害。我們相信只要結合我們與以前的方法,我們可以有效的阻擋流量表攻擊。 | zh_TW |
dc.description.abstract | By given a single control instance global view of the network, the concept of software defined network (SDN) has enlightened and brought many new solutions to the network community. However, the architecture of SDN also has new vulnerabilities that can be exploited. This paper focused on the flow table attack, which is composed of two known attacks that is unique in SDN, fingerprinting attack and data to control plane saturation attack. When the switch is attacked, the memory inside the switch is exhausted and the performance of the switch will suffer serious degradation. In the worst case, the switch will failed forever due to out of memory.In this paper, we have surveyed and proposed new solutions to defend against flow table attack. We have evaluated our solution and proof that our solution can effectively defend and mitigate the flow table attack. We believe by combining our defense with previous solutions, we can effectively defend against flow table attack. | en |
dc.description.provenance | Made available in DSpace on 2021-06-17T02:30:22Z (GMT). No. of bitstreams: 1 ntu-106-R04944032-1.pdf: 2664991 bytes, checksum: 7289eec5b4064167ce53431bc2ad7934 (MD5) Previous issue date: 2017 | en |
dc.description.tableofcontents | 致謝 ii 中文摘要 iii Abstract iv Contents v List of Figures vi List of Tables vii 1 Introduction 1 2 RelatedWork 3 2.1 FingerprintingAttack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 SaturationAttackinSDN . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3 ThreatModelandExperiment 7 3.1 FingerprintingAttack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.2 Data-to-controlPlaneSaturationAttack . . . . . . . . . . . . . . . . . . 9 4 CounterMeasures 12 4.1 FingerprintingAttack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.2 Data-to-controlPlaneSaturationAttack . . . . . . . . . . . . . . . . . . 13 5 Evaluation 16 5.1 Our defend strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 5.2 Overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 6 Conclusions 19 Bibliography 20 | |
dc.language.iso | en | |
dc.title | 一套針對流量表攻擊所發展出的低成本防禦策略 | zh_TW |
dc.title | A Low-Overhead, Robust Defending Strategy Against Flow Table Attacks | en |
dc.type | Thesis | |
dc.date.schoolyear | 105-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 蕭旭君(Hsu-Chun Hsiao),蔡欣穆(Hsin-Mu Tsai),余亞儒(Ya-Ju Yu),曾學文(Hsueh-Wen Tseng) | |
dc.subject.keyword | 軟體定義網路,資訊安全,網路架構, | zh_TW |
dc.subject.keyword | Software-defined network,security,network architecture, | en |
dc.relation.page | 21 | |
dc.identifier.doi | 10.6342/NTU201703550 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2017-08-18 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 資訊網路與多媒體研究所 | zh_TW |
顯示於系所單位: | 資訊網路與多媒體研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-106-1.pdf 目前未授權公開取用 | 2.6 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。