Implementation of a Modular Network Security Services for Software Defined Networks
碩士 === 國立臺灣科技大學 === 資訊工程系 === 106 === Software-Defined Networking (SDN) allows user to control switch through the ControlPlane, and provides more flexibility and programmability than traditional networkarchitecture. On the other hand, developing applications on SDN is more difficult thantraditional...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2018
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/c8n253 |
| id |
ndltd-TW-106NTUS5392072 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-106NTUS53920722019-07-25T04:46:48Z http://ndltd.ncl.edu.tw/handle/c8n253 Implementation of a Modular Network Security Services for Software Defined Networks 軟體定義網路架構下的模組化網路安全服務實作 Hao-Chun Hung 洪浩鈞 碩士 國立臺灣科技大學 資訊工程系 106 Software-Defined Networking (SDN) allows user to control switch through the ControlPlane, and provides more flexibility and programmability than traditional networkarchitecture. On the other hand, developing applications on SDN is more difficult thantraditional network architectures. Also, application management in SDN is not convenient.According to the concept of modular development proposed by FRESCO [1], Wedeveloped a network security service development platform with the concept of modulardeveloping. We also refer to design principle proposed by Xing et al. [2] to implementsecurity service development platform. The concept of modular development allows user to implement security functionsthrough composing modules, so as to easily adapt the functions for any specific networkenviroment. Upon implementing modular developing notation, to connect different modules.Then, the script compiler compiles script into security service applications intopython language code, which provides security services. To evaluate the performance,we realized few scenarios and measured the detection rate of abnormal packets. Scripts todefend from two types of network attacks were developed and used on the experiments. The result of the experiments show that when single attacker launch an attack with35,000 pkt/s attack rate, our platform performs detection rate with 85%, but traditionalintrusion detection system performs detection rate with 10%. When attack is rate up to70,000 pkt/s, our platform performs detection rate with 50%, which is better traditional intrusionsystem about 5%. In network attack experiment, we launched two types of networkattacks: Denial-of-Service attack and port-scan attack. The result shows that the scriptsare able to detect attacks within one second and execute the following process such likeblocking the attacker. Wei-Chung Teng 鄧惟中 2018 學位論文 ; thesis 55 zh-TW |
| collection |
NDLTD |
| language |
zh-TW |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 國立臺灣科技大學 === 資訊工程系 === 106 === Software-Defined Networking (SDN) allows user to control switch through the ControlPlane, and provides more flexibility and programmability than traditional networkarchitecture. On the other hand, developing applications on SDN is more difficult thantraditional network architectures. Also, application management in SDN is not convenient.According to the concept of modular development proposed by FRESCO [1], Wedeveloped a network security service development platform with the concept of modulardeveloping. We also refer to design principle proposed by Xing et al. [2] to implementsecurity service development platform.
The concept of modular development allows user to implement security functionsthrough composing modules, so as to easily adapt the functions for any specific networkenviroment. Upon implementing modular developing notation, to connect different modules.Then, the script compiler compiles script into security service applications intopython language code, which provides security services. To evaluate the performance,we realized few scenarios and measured the detection rate of abnormal packets. Scripts todefend from two types of network attacks were developed and used on the experiments.
The result of the experiments show that when single attacker launch an attack with35,000 pkt/s attack rate, our platform performs detection rate with 85%, but traditionalintrusion detection system performs detection rate with 10%. When attack is rate up to70,000 pkt/s, our platform performs detection rate with 50%, which is better traditional intrusionsystem about 5%. In network attack experiment, we launched two types of networkattacks: Denial-of-Service attack and port-scan attack. The result shows that the scriptsare able to detect attacks within one second and execute the following process such likeblocking the attacker.
|
| author2 |
Wei-Chung Teng |
| author_facet |
Wei-Chung Teng Hao-Chun Hung 洪浩鈞 |
| author |
Hao-Chun Hung 洪浩鈞 |
| spellingShingle |
Hao-Chun Hung 洪浩鈞 Implementation of a Modular Network Security Services for Software Defined Networks |
| author_sort |
Hao-Chun Hung |
| title |
Implementation of a Modular Network Security Services for Software Defined Networks |
| title_short |
Implementation of a Modular Network Security Services for Software Defined Networks |
| title_full |
Implementation of a Modular Network Security Services for Software Defined Networks |
| title_fullStr |
Implementation of a Modular Network Security Services for Software Defined Networks |
| title_full_unstemmed |
Implementation of a Modular Network Security Services for Software Defined Networks |
| title_sort |
implementation of a modular network security services for software defined networks |
| publishDate |
2018 |
| url |
http://ndltd.ncl.edu.tw/handle/c8n253 |
| work_keys_str_mv |
AT haochunhung implementationofamodularnetworksecurityservicesforsoftwaredefinednetworks AT hónghàojūn implementationofamodularnetworksecurityservicesforsoftwaredefinednetworks AT haochunhung ruǎntǐdìngyìwǎnglùjiàgòuxiàdemózǔhuàwǎnglùānquánfúwùshízuò AT hónghàojūn ruǎntǐdìngyìwǎnglùjiàgòuxiàdemózǔhuàwǎnglùānquánfúwùshízuò |
| _version_ |
1719230076100280320 |