中原大學電機工程學系
Loading
專題成果首頁>專題成果
基於OpenFlow之區域網路異常行為偵測與資安控管系統實現
指導老師:賴裕昆   組長:宋韶恩   組員:鄭文鈞,陳立文,吳寄兼
我們透過openflow通訊協議來實現SDN軟體定義網路的網路架構, 我們透過一台controller(NOX)發號命令給底下的open switch來控制連接上open switch的host的封包流向, 間接的控制整個網路, 鑒於中間人攻擊屬於區網中最難防堵的漏洞和希望防堵特定網站, 我們透過這樣的網路架構來防堵特定網站的IP和防禦中間人攻擊, 透過撰寫controller裡頭的APP來達到發號施令的作用, 首先我們透過搜尋特定網站的IP再利用NOX裡內建”類別庫”中的類別方法, 將特定網站的IP封鎖達到防堵指定網站的功效, 再分析中間人攻擊的特徵, 我們知道其特徵會出現短時間且大量的ARP reply封包, 藉由這個特徵我們透過紀錄封包時間和封包數量的方式, 限定某host之ARP封包的平均時間和數量達到某個特定的值就透過內建方法封鎖其MAC在一特定時間, 過了特定時間再恢復其連線, 用這樣的方法達到防禦中間人攻擊的同時又可以讓異常host在特定時間恢復其連線不會一直斷線而造成指定host永久性無法使用該網路.
We achieved Network Architecture of SDN(software-defined-network) by special communication protocol called “OpenFlow”. We command the Open_Switch which is connected by two hosts to control the flow of packet by NOX controller and it control the whole network architecture indirectly. Because Middle-Attack is most difficult to defend in LAN, we choose this kind of attack to research. Except the defence of middle-attack, we want to block specific website to prevent students from surfing website in class. We program the APP in NOX controller to command the open_switch to control the packet. First we search the IP of specific website, and using the “method” of “class” which is build-in to block that IP. To defend the middle-attack, we analyze the characteristic of middle-attack. We realize there will be numerous of ARP reply packet in very short time when middle-attack occurs.
So we record the time and amount while ARP reply packet enters our network.
While the time and amount of the ARP reply packet reach our specific limits, we block MAC of the host who send this kind of packet to our network. We block the MAC in specific duration. After duration, we allow the host to connect to our network again. This design can prevent host from permanent breaking and it make our design of network more humanity.
我們決定將壓電陶瓷晶片和鞋子做結合。
   
 
32023 桃園市中壢區中北路200號 No-.200, Zhongbei Rd., Zhongli City, Taoyuan County 320, Taiwan(ROC) TEL:03-2654801 FAX:03-2654899