現今的網路上充斥著各種網路病毒、惡意程式、垃圾郵件、僵屍電腦,也有非常多樣性的應用軟體,如線上遊戲、網路電話、影音視頻、 p2p 分享軟體等等。其中網路攻擊如阻斷服務攻擊 DoS (Denial of Service) 以及分散式阻斷服務攻擊 DDoS (Distributed Denial of Service) 往往引發網路阻塞、服務中斷,造成嚴重的損失;而不正當應用軟體的使用也常常造成企業或是學校組織的頻寬浪費以及安全問題。本網路安全的課程主要介紹網路安全的機制以及原理,包含第二層交換機網路 (layer 2 switched networks) 的關鍵技術 (VLAN and Spanning Tree Algorithm)安全問題、第三層路由器 (Layer 3 routers networks) 的安全議題 (包含 DDoS 攻擊的原理/防禦之道,以及僵屍網路(Botnet) 的形成以及偵測技術),第四層流量分類的技術 (Layer 4 flow classifications),第七層網路封包內容檢測技術 (Layer 7 deep packet inspection, DPI),網路應用軟體的辨識技術 (application identifications), 以及雲端架構的安全議題探討。
本課程適合具備網路基礎知識 (如網路基本運作原理、TCP/IP、網路概論),對網路安全有興趣的同學,在職人士選修。
The course intends to provide a practical, up-to-date, and comprehensive survey of network-based security applications and standards including, Layer 2 network security (VLAN/Spanning Tree Algorithm and Switch security), Layer 3 network security (Router Security and DDoS attacks), Firewall Technologies, Flow classification technologies, Deep Packet Inspection technologies, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Application identification technologies, Machine learning based traffic/Application identification, Botnet detection and prevention technologies, and cloud security.
二、指定用書 (Text Book)
TBD. (提供老師製作的講義)
三、參考書籍 (References)
1. IEEE 802.1q and IEEE 802.1D standard books (VLAN and Spanning Tree Algorithm)
2. Internet Denial of Service: Attack and Defense Mechanism, Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher, Prentice Hall, 2005.
四、授課老師 (Teacher)
黃能富 教授
五、教學方式 (Teaching Method)
1. Layer 2 Network Security (VLAN/Spanning Tree Algorithm and Switch Security)
2. Layer 3 Network Security (Router Security and DDoS attacks)
3. Firewall Technologies,
4. Flow classification technologies
5. Deep Packet Inspection technologies,
6. Intrusion Detection System (IDS)/Intrusion Prevention System (IPS),
7. Application identification technologies,
8. Machine learning based traffic/Application identification
9. Botnet detection and prevention technologies,
10. Cloud security
七、成績考核 (Grading)
1. 期中考 30%
2. 期末考 30%
3. 期末計畫 (term project) 20%
4. 網路安全論文選讀報告 10%
5. 平時成績 10%
八、課程連結綱址 (Web Links)