隨著網路的快速發展，以及雲端的應用越來越廣泛，網路設備的數量也逐年增加，管理也越加困難。因此，軟體定義網路 (SDN) 成為現今網路趨勢。SDN網路和傳統網路不同的是，在SDN架構中網路設備的控制層和傳輸層是分離的。傳輸層主要為 SDN 的交換器，依照來自控制器的指示與設定來處理封包。控制層則為一個集中式控制器(Controller)，透過特定的介面將網路封包的處理規則和動作下傳給各個交換機。SDN的優勢在於能夠及時掌握網路的狀況，能立即做出相對應的處理對策並採取行動，並在交換器上運行安全政策。為了掌握網路狀況，網路拓樸的建構是不可或缺的。在SDN網路中，一般利用OFDP (OpenFlow Discovery Protocol) 來完成拓樸發現。在OFDP中是依靠LLDP (Link Layer Discovery Protocol) 來實現交換器之間鏈結的發現。但是LLDP並沒有一個良好的驗證機制，導致攻擊者容易捏造假的LLDP封包，或是轉傳LLDP封包來混淆控制器。因此，本研究提出一套安全機制，來驗證封包的完整性以及封包的路徑。另外，針對封包轉傳攻擊，本研究利用封包經過正常鏈結和偽造鏈結的差異，來判別是否有受到攻擊。並利用兩種不同的判別方法，可以在不同的情況來做使用。最後，不論在模擬的環境還是真實的環境，本方法都能有效地偵測出是否有遭受攻擊。

With the development of the network and the cloud applications, the number of network devices is increasing. Devices management and configuration becomes a problem. Therefore, Software Defined Networking has become the trend. The difference between a SDN network and a tradition network is that the data plane and the forwarding plane are separated in the SDN network. The forwarding plane is primarily an SDN controller that follows the rules from the controller to process incoming packets. The control plane is a centralized controller which can send the rules and actions to each switch via the SDN southbound protocol such as OpenFlow. The advantage of the separated architecture is that the controller can collect network conditions immediately and send corresponded countermeasures to the switch. In order to get network information, we must first create a global view. In most SDN controllers, it uses OFDP (OpenFlow Discovery Protocol) to discover the network topology. In OFDP, LLDP (Link Layer Discovery Protocol) is used to discover the links between two switches. However, LLDP lacks a good authentication. It will let an attacker poison the network topology via launch fake LLDP injection attack or LLDP relay attack. Therefore, this thesis proposes a mechanism to authenticate packet integrity and routing. For LLDP relay attack, this thesis uses the differences between benign links and forged links to detect the attack. At last, the result shows that either in a simulated environment or a real environment, proposed method can effectively detect the attack.

[1] N. Mckeown, "Software-defined networking," INFOCOM keynote talk, Apr, 2009.
[2] D. Kreutz et al., “Software-defined networking: A comprehensive survey,” Proc. IEEE, vol. 103, no. 1, pp. 14–76, Jan. 2015.
[3] T. Alharbi, M. Portmann, and F. Pakzad, “The (in) security of topology discovery in software defined networks,” in Proc. of the 40
[4] F. Pakzad, M. Portmann, W. L. Tan, and J. Indulska, “Efficient topology discovery in OpenFlow-based software defined networks,” Comput. Commun., vol. 77, pp. 52–61, Mar. 2016.
[5] A. K. Saha, K. Sambyo, and C. T. Bhunia, “Topology discovery, loop finding and alternative path solution in POX controller,” in Proc. Int. MultiConf. Eng. Comput. Sci., Hong Kong, pp. 553–557, 2016.
[6] Open vSwitch. [Online]. Available: http://openvswitch.org, 2018
[7] Z. Shu et al., “Security in software-defined networking: Threats and countermeasures,” Mobile Netw. Appl., pp. 1–13, Jan. 2016.
[8] S. Civanlar, E. Lokman, B. Kaytaz, and A. M. Tekalp, “Distributed management of service-enabled flow-paths across multiple SDN domains,” in Proc. Eur. Conf. Netw. Commun. (EuCNC), Paris, France, pp. 360–364, 2015.
[9] S. R. Chowdhury, M. F. Bari, R. Ahmed, and R. Boutaba, “PayLess: A low cost network monitoring framework for software defined networks,” in Proc. IEEE Netw. Oper. Manag. Symp. (NOMS), Kraków, Poland, pp. 1–9, 2014.
[10] T. Zou, H. Xie, and H. Yin, “Supporting software defined networking with application layer traffic optimization,” Google Patent 13 801 850, 2013.
[11] C.-J. Chung, P. Khatkar, T. Xing, J. Lee, and D. Huang, “NICE: Network intrusion detection and countermeasure selection in virtual network systems,” IEEE Trans. Depend. Secure Comput., vol. 10, no. 4, pp. 198–211, Jul./Aug. 2013.
[12] H. Hu, W. Han, G.-J. Ahn, and Z. Zhao, “FLOWGUARD: Building robust firewalls for software-defined networks,” in Proc. 3rd Workshop Hot Topics Softw. Defined Netw., Chicago, IL, USA, pp. 97–102, 2014.
[13] N. McKeown et al., ‘‘OpenFlow: Enabling innovation in campus networks,’’ SIGCOMM Comput. Commun. Rev., vol. 38, no. 2, pp. 69–74, Mar. 2008.
[14] Open Networking Foundation (ONF) [Online]. Available: https://www.opennetworking.org/, 2018
[15] B. A. A. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka, and T. Turletti, “A survey of software-defined networking: Past, present, and future of programmable networks,” IEEE Commun. Surveys Tuts., vol. 16, no. 3, pp. 1617–1634, 2014.
[16] S. Shenker, M. Casado, T. Koponen, and N. McKeown, “The future of networking, and the past of protocols,” in Proc. Open Netw. Summit, vol. 20. Stanford, CA, USA, 2011.
[17] C. Monsanto, J. Reich, N. Foster, J. Rexford, and D. Walker, “Composing software defined networks,” presented at the 10th USENIX Symp. Netw. Syst. Design Implement. (NSDI), Lombard, IL, USA, pp. 1–13, 2013.
[18] F. Pakzad, M. Portmann, W. L. Tan, and J. Indulska, “Efficient topology discovery in software defined networks,” in Proc. 8th Int. Conf. Signal Process. Commun. Syst. (ICSPCS), Gold Coast, QLD, Australia, pp. 1–8, 2014.
[19] S. Hong, L. Xu, H. Wang, and G. Gu, “Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures,” in NDSS’15, 2015.
[20] M. Dhawan, R. Poddar, K. Mahajan, and V. Mann, “SPHINX: Detecting security attacks in software-defined networks,” in Proc. Netw. Distrib. Syst. Security (NDSS) Symp., San Diego, CA, USA, 2015.
[21] H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-hashing for message authentication,” IETF RFC 2104, pp. 1–11, 1997.
[22] M. Mitzenmacher, “Compressed Bloom Filters,” Proc. ACM Symp. Principles of Distributed Computing, pp. 144-150, 2001.
[23] S. Seo, “A Review and Comparison of Methods for Detecting Outliers in Univariate Data Sets”. Master of Science, University of Pittsburgh, Pennsylvania., 2006
[24] F. R. Hampel, “A general qualitative definition of robustness,” Ann. Math. Stat., vol. 42, pp. 1887-1896, 1971.
[25] F. R. Hampel, “The influence curve and its role in robust estimation,” J. Amer. Statist. Assoc., vol. 69, no. 346, pp. 383-393, 1974.
[26] R. K. Pearson, “Outliers in process modeling and identification,” IEEE Trans. Control Syst. Technol., vol. 10, no. 1, pp. 55–63, Jan. 2002.
[27] H. Liu, S. Shah, and W. Jiang, “On-line outlier detection and data cleaning,” Computers & Chemical Engineering, vol. 28, no. 9, pp. 1635–1647, 2004.
[28] C. Cortes and V. Vapnik, “Support vector networks,” Machine Learning, vol. 20, pp. 273–297, 1995.
[29] T. S. Hai, and N. T. Thuy, “Image classification using support vector machine and artificial neural network,” in Int. Journal of Information Technology and Computer Science (IJITCS), vol.4, no.5, pp. 32-38, 2012.
[30] S. M. H. Bamakan, H. Wang, Y. Tian, and Y. Shi, “An effective intrusion detection framework based on mclpsvm optimized by time-varying chaos particle swarm optimization,” Neurocomputing, vol. 199, pp. 90–102, 2016.
[31] Ryu SDN Framework. [Online]. Available: https://osrg.github.io/ryu/, 2018
[32] Mininet. [Online]. Available: http://mininet.org/, 2018
[33] OpenWrt. [Online]. Available: https://openwrt.org/, 2018
[34] J. W. Tukey. “Exploratory data analysis”. Reading, Ma, 231:32, 1977.
[35] H. Sim, F. F. Gan, and T. C. Chang, “Outlier Labeling with Boxplot Procedures”, Journal of the American Statistical Association, vol. 100, no. 470, pp. 642-652, 2005.
[36] Y.H. Dovoedo, S. Chakraborti, “Boxplot-Based Outlier Detection for the Location-Scale Family”, Communication in Statistics Simulation and Computation, 44(6), p.1492-1513, 2015.
[37] S. Avallone, S. Guadagno, D. Emma, A. Pescapè, and G. Ventre, “D-itg distributed internet traffic generator” in QEST. IEEE Computer Society, pp. 316-317, 2004.