| Summary: | 碩士 === 國立中央大學 === 資訊工程學系 === 105 === With the advancement of technology and popularity of networking devices, network security is facing severe challenges. The rapid development of Internet technology also makes the hacker's attack more mature and diversified. Such as Trojan virus, Denial of Service (DoS) and Distributed Denial of Service (DDoS). One of the most serious security problems is DDoS attack.The Development of Internet technology have made hacker's attack more diversified and can be switched to different DDoS attacks (UDP flooding, ICMP flooding, etc.). If the attacker found that the attack method can not achieve the desired goal, it may be converted into other attacks. How to effectively detect DDoS attacks and mitigate it is an important research topics.
In order to cope with information security issues, the new defensive thinking: Moving Target Defense (MTD) was proposed, the purpose of MTD is to constantly change the system information to delay the attacker detect and probe scheduling. The emergence of the new network architecture: Software Defined Network (SDN) and Network Function Virtualization (NFV) has also changed the future of network security scheme. The future design of the network security architecture will towards the programmable network and virtualized. This paper proposes a Distributed Denial of Service attack defense mechanism based on SDN, NFV and Moving Target Defense.Explicit multiple fuzzy systems to achieve DDoS detection and using Proxy VNF based Moving Target Defense mechanism to achieve DDoS mitigation. Using SDN to control and redirect packets flexibly. If there is suspicious traffic, the proposed approach can redirect suspicious traffic and quarantine, therefore shift the attack surface.
|
|---|
