在網路的世界中，防杜外部入侵與內部網路攻擊所造成的災害一向是重要的議題。如何有效的防範並減少網路攻擊成功的機會至關重要。早期通常仰賴入侵偵測或入侵防範系統來預警，如今有了軟體定義網路(SDN)的架構提出，使得原本的網路架構得以配合上自行開發之SDN應用程式能夠有效而及時的針對潛在的網路攻擊進行防衛及因應處置。

本文將提出將IDS配合SDN應用程式自動化的構想，用以優化IDS或IPS告警程序並縮短網管人員進行防火牆等網路設備修訂網路政策所需時間，進而降低網路攻擊成功之機會，同時封鎖網路攻擊封包來源，使攻擊封包進網路交換器傳送前即被丟棄，從而大量減少網路攻擊封包所消耗的頻寬。

In cyber world, it has been always an important issue that to prevent disasters from external intrusion as well as internal attacks. How to effectively prevent from cyber attacks or reduce the damage of a successful cyber attacks are then critical to be explored. Usually they are rely on intrusion detection or intrusion prevention systems for early warning, however, a software-defined network (SDN) architecture has been proposed such that a self-developed SDN application program can be employed to effectively defense and timely response to the potential network attack .

In this article, a concept that using IDS application with SDN automation is proposed. It can optimize IDS/IPS alert procedures and shorten the time of amending network security policy on network equipments such as firewall and routers. It is supposed to reduce the possibility of a successful cyber attack than the usual way.  Furthermore, SDN cooperated with Open Flow can also discard attack packets in advance before they can enter into network switch, this will reduce the bandwidth consumed by network attacks.

目錄
 第壹章　緒論	1
 第貳章　入侵偵測的現行技術與可運用提升效能的開放資源	4
2.1	OpenFlow	6
2.2	OpenFlow交換器介紹	7
2.3	OpenFlow交換器與傳統交換器架構比較	10
2.4	SDN Controller	12
2.4.1	OpenDaylight	12
2.4.2	NOX 和 POX	14
2.4.3	Beacon	15
2.4.4	Big Network Controller & Floodlight	16
2.4.5	Maestro	17
2.4.6	Ryu	17
2.5	OpenDaylight Northbound Interface	18
2.5.1	Topology REST APIs	18
2.5.2	Host Tracker REST APIs	21
2.5.3	Flow Programmer REST APIs	25
2.5.4	Static Routing REST APIs	29
2.5.5	Statistics REST APIs	32
2.6	Open vSwitch	42
2.7	入侵偵測系統	43
2.7.1	入侵系統依設計方式分類	43
2.7.2	入侵偵測系統依偵測方式分類	45
 第參章IDS/IPS自動反應之系統配置	47
3.1	自動反應系統架構	47
3.1.1	OpenDaylight Controller控制伺服器	48
3.1.2	OpenFlow交換機	48
3.1.3	IDS – 入侵偵測系統	48
3.1.4	Web Server	49
3.1.5	SDN Application	49
3.2	IDS/IPS反映自動化之處理流程	50
 第肆章IDS/IPS自動反應系統的實作與展示	52
4.1	實作電腦系統規格	52
4.2	系統架設及操作	53
4.2.1	OpenDaylight Controller	53
4.2.2	OpenFlow Switch	55
4.2.3	Snort入侵偵測系統：	57
4.2.4	Web Server	58
4.2.5	SDN Application：	58
4.3	自動反應展示	59
 第伍章　結論	67
 第陸章　參考文獻	68

圖目錄
圖 2-1、入侵偵測系統偵測到入侵活動時的反應處理過程	5
圖 2-2、Openflow 運作示意圖[15]	7
圖 2-3、ofdatapath 封包處理流程圖	8
圖 2-4、傳統與SDN網路架構圖	11
圖 2-5、OpenDayLight 對應於SDN的層級(控制平台)架構[16]	13
圖 2-6、網路式入侵偵測系統	44
圖 2-7、SIEM網路事件分析平台	45
圖 3-1、IDS/IPS自動反應之系統架構	48
圖 3-2、IDS/IPS反映自動化之處理流程	50
圖 4-1、OpenDaylight的執行	54
圖 4-2、OpenDaylight的圖形化介面	55
圖 4-3、open vswitch正常啟動螢幕顯示	56
圖 4-4、Snort圖形化的監控管理畫面	58
圖 4-5、實驗環境接線圖	60
圖 4-6、初始的Flow Entry	61
圖 4-7、設定了封包複製的Flow Entry	61
圖 4-8、IDS發出syslog示意圖	62
圖 4-9、SDN Application收到IDS發出syslog的反應	62
圖 4-10、阻擋異常封包及HTTP Redirect Flow Entry	63
圖 4-11、警告畫面示意圖	63
圖 4-12、SDN Application移除HTTP Redirect規則	64
圖 4-13、使用者上常使用網頁示意圖	65
圖 4-14、SDN Application寄出件信內容	66

表目錄
表 2-1、Flow Table的欄位	9
表 2-2、傳統與SDN網路架構功能比較表	12

[1]	D. Cameron, Internet2: The Future of the Internet and Next-Generation Initiatives: Computer Technology Research Corp., 1999.
[2]	G. Fairhurst, B. Collini-Nocker, and L. Caviglione, "FIRST: Future Internet — a role for satellite technology," Satellite and Space Communications, 2008. IWSSC 2008. IEEE International Workshop on, pp. 160-164, Oct. 2008.
[3]	D. Y. Kim, L. Mathy, M. Campanella, R. Summerhill, J. Williams, S. Shimojo, et al., "Future Internet: Challenges in Virtualization and Federation," Telecommunications, 2009. AICT '09. Fifth Advanced International Conference on, pp. 1-8, May. 2009.
[4]	J. Lee, S. Kang, Y. Lee, and J. Lee, "A Study on the Future Internet Requirement and Strategy in Korea," Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference on, vol. 1, pp. 627-629, Feb. 2008.
[5]	P. Stuckmann and R. Zimmermann, "European research on future Internet design," IEEE Wireless Communications, vol. 16, pp. 14-22, Oct. 2009.
[6]	Open Network Foundation. Available: https://www.opennetworking.org/
[7]	SDN white paper. Available: https://www.opennetworking.org/sdn-resources/sdn-library/whitepapers
[8]	K. Bakshi, "Considerations for Software Defined Networking (SDN): Approaches and use cases," Aerospace Conference, 2013 IEEE, pp. 1-9, Mar. 2013.
[9]	A. C. Risdianto and E. Mulyana, "Implementation and analysis of control and forwarding plane for SDN," Telecommunication Systems, Services, and Applications(TSSA), 2012 7th International Conference on, pp. 227-237, Oct. 2012.
[10]	M.-K. Shin, K.-H. Nam, and H.-J. Kim, "Software-defined networking (SDN): A reference architecture and open APIs," ICT Convergence (ICTC), 2012 International Conference on, pp. 360-361, Oct. 2012.
[11]	S. McClure, J. Scambray, and G. Kurtz, Hacking exposed - network security secrets & solutions, 4 ed.: McGraw Hill, 2004.
[12]	T. Crothers, Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network: Willey, 2002.
[13]	黃勝獅, "Botnet Traffic Analysis and Dectection by Using OpenFlow Switch," 2011.
[14]	N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, et al., "NOX: towards an operating system for networks," ACM SIGCOMM Computer Communication Review, vol. 38, pp. 105-110, Jul. 2008.
[15]	N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, et al., "OpenFlow : enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, pp. 69-74, 2008.
[16]	OpenDaylight. Available: http://www.opendaylight.org/
[17]	Open vSwitch. Available: http://openvswitch.org/
[18]	XenServer Open Source Virtualization. Available: http://www.xenserver.org/
[19]	KVM. Available: http://www.linux-kvm.org/
[20]	VirtualBox. Available: https://www.virtualbox.org/