| Summary: | 碩士 === 國立清華大學 === 資訊工程學系 === 102 === Software-Defined Networking (SDN) is an emerging architecture that is ideal for the high-bandwidth, dynamic nature of today's network environments. In this architecture, the control and data planes are decoupled. Although much research has been done about how SDN can resolve some of traditional networking's most-glaring security issues, less has touched the cloud security threats, especially the issues of botnet/malware detection and in-cloud attacks. In this thesis, an intrusion prevention system for cloud networking with SDN solutions is proposed.
The proposed system benefits from the key attributes of logically centralized intelligence, programmability, and abstraction of SDN architecture. The system consists of two distinct phases that are accessible through pre-defined Application Programming Interfaces (APIs). Within the detection phase, the detector can be whether existing detection software like the open-source Snort IDS or the designed lightweight scan-filtering program. The control phase is composed of the controller (the control plane) and the OpenFlow-based switch (the data plane), which deals with the flow insertion proactively according to the defined application module.
In order to achieve collaborative defense, the mechanisms of botnet/malware blocking, scan filtering and honeypot are implemented. Malicious traffic is isolated with in-depth incident reporting information designed to remove bot-infected VMs from the private cloud effectively and efficiently. The scanning behavior can be filtered at very early stage which makes the VMs less exploitable. A honeypot mechanism is also deployed to trap the attackers. Experimental results show the high detection rate, exact prevention accuracy and low vulnerability of the proposed system.
|
|---|
