An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking
碩士 === 國立清華大學 === 資訊工程學系 === 102 === Software-Defined Networking (SDN) is an emerging architecture that is ideal for the high-bandwidth, dynamic nature of today's network environments. In this architecture, the control and data planes are decoupled. Although much research has been done about ho...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2014
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/50189198588330414977 |
| id |
ndltd-TW-102NTHU5392115 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-102NTHU53921152016-03-09T04:31:15Z http://ndltd.ncl.edu.tw/handle/50189198588330414977 An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking 基於OpenFlow之協同式雲端網路入侵防禦系統 Wang, Chuang 王闖 碩士 國立清華大學 資訊工程學系 102 Software-Defined Networking (SDN) is an emerging architecture that is ideal for the high-bandwidth, dynamic nature of today's network environments. In this architecture, the control and data planes are decoupled. Although much research has been done about how SDN can resolve some of traditional networking's most-glaring security issues, less has touched the cloud security threats, especially the issues of botnet/malware detection and in-cloud attacks. In this thesis, an intrusion prevention system for cloud networking with SDN solutions is proposed. The proposed system benefits from the key attributes of logically centralized intelligence, programmability, and abstraction of SDN architecture. The system consists of two distinct phases that are accessible through pre-defined Application Programming Interfaces (APIs). Within the detection phase, the detector can be whether existing detection software like the open-source Snort IDS or the designed lightweight scan-filtering program. The control phase is composed of the controller (the control plane) and the OpenFlow-based switch (the data plane), which deals with the flow insertion proactively according to the defined application module. In order to achieve collaborative defense, the mechanisms of botnet/malware blocking, scan filtering and honeypot are implemented. Malicious traffic is isolated with in-depth incident reporting information designed to remove bot-infected VMs from the private cloud effectively and efficiently. The scanning behavior can be filtered at very early stage which makes the VMs less exploitable. A honeypot mechanism is also deployed to trap the attackers. Experimental results show the high detection rate, exact prevention accuracy and low vulnerability of the proposed system. 黃能富 2014 學位論文 ; thesis 48 zh-TW |
| collection |
NDLTD |
| language |
zh-TW |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 國立清華大學 === 資訊工程學系 === 102 === Software-Defined Networking (SDN) is an emerging architecture that is ideal for the high-bandwidth, dynamic nature of today's network environments. In this architecture, the control and data planes are decoupled. Although much research has been done about how SDN can resolve some of traditional networking's most-glaring security issues, less has touched the cloud security threats, especially the issues of botnet/malware detection and in-cloud attacks. In this thesis, an intrusion prevention system for cloud networking with SDN solutions is proposed.
The proposed system benefits from the key attributes of logically centralized intelligence, programmability, and abstraction of SDN architecture. The system consists of two distinct phases that are accessible through pre-defined Application Programming Interfaces (APIs). Within the detection phase, the detector can be whether existing detection software like the open-source Snort IDS or the designed lightweight scan-filtering program. The control phase is composed of the controller (the control plane) and the OpenFlow-based switch (the data plane), which deals with the flow insertion proactively according to the defined application module.
In order to achieve collaborative defense, the mechanisms of botnet/malware blocking, scan filtering and honeypot are implemented. Malicious traffic is isolated with in-depth incident reporting information designed to remove bot-infected VMs from the private cloud effectively and efficiently. The scanning behavior can be filtered at very early stage which makes the VMs less exploitable. A honeypot mechanism is also deployed to trap the attackers. Experimental results show the high detection rate, exact prevention accuracy and low vulnerability of the proposed system.
|
| author2 |
黃能富 |
| author_facet |
黃能富 Wang, Chuang 王闖 |
| author |
Wang, Chuang 王闖 |
| spellingShingle |
Wang, Chuang 王闖 An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking |
| author_sort |
Wang, Chuang |
| title |
An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking |
| title_short |
An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking |
| title_full |
An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking |
| title_fullStr |
An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking |
| title_full_unstemmed |
An OpenFlow-based Collaborative Intrusion Prevention System for Cloud Networking |
| title_sort |
openflow-based collaborative intrusion prevention system for cloud networking |
| publishDate |
2014 |
| url |
http://ndltd.ncl.edu.tw/handle/50189198588330414977 |
| work_keys_str_mv |
AT wangchuang anopenflowbasedcollaborativeintrusionpreventionsystemforcloudnetworking AT wángchuǎng anopenflowbasedcollaborativeintrusionpreventionsystemforcloudnetworking AT wangchuang jīyúopenflowzhīxiétóngshìyúnduānwǎnglùrùqīnfángyùxìtǒng AT wángchuǎng jīyúopenflowzhīxiétóngshìyúnduānwǎnglùrùqīnfángyùxìtǒng AT wangchuang openflowbasedcollaborativeintrusionpreventionsystemforcloudnetworking AT wángchuǎng openflowbasedcollaborativeintrusionpreventionsystemforcloudnetworking |
| _version_ |
1718202154106224640 |