| Summary: | 碩士 === 國立臺灣科技大學 === 資訊工程系 === 106 === Software-Defined Networking (SDN) allows user to control switch through the ControlPlane, and provides more flexibility and programmability than traditional networkarchitecture. On the other hand, developing applications on SDN is more difficult thantraditional network architectures. Also, application management in SDN is not convenient.According to the concept of modular development proposed by FRESCO [1], Wedeveloped a network security service development platform with the concept of modulardeveloping. We also refer to design principle proposed by Xing et al. [2] to implementsecurity service development platform.
The concept of modular development allows user to implement security functionsthrough composing modules, so as to easily adapt the functions for any specific networkenviroment. Upon implementing modular developing notation, to connect different modules.Then, the script compiler compiles script into security service applications intopython language code, which provides security services. To evaluate the performance,we realized few scenarios and measured the detection rate of abnormal packets. Scripts todefend from two types of network attacks were developed and used on the experiments.
The result of the experiments show that when single attacker launch an attack with35,000 pkt/s attack rate, our platform performs detection rate with 85%, but traditionalintrusion detection system performs detection rate with 10%. When attack is rate up to70,000 pkt/s, our platform performs detection rate with 50%, which is better traditional intrusionsystem about 5%. In network attack experiment, we launched two types of networkattacks: Denial-of-Service attack and port-scan attack. The result shows that the scriptsare able to detect attacks within one second and execute the following process such likeblocking the attacker.
|
|---|
