Uma arquitetura SDN baseada nos planos de conhecimento e gerenciamento para detecção e mitigação de ataques DDOS

Abstract

The numerous attacks on computer networks have caused serious damage to companies and users in general. Software Defined Networks, or Software Defined Networks - SDN, emerge as an innovative alternative for isolating and controlling network traffic. The SDN paradigm allows the creation of rules from a controller that defines actions on the behavior of traffic on the network. Despite this, SDN also suffers from security problems, one of the main types of attack is based on Distributed Denial of Service (DDoS), which can reach both network servers and the SDN controller, leaving the network dead. In the current literature, there are reports that SDN controllers are not capable of handling a large number of new flows, creating vulnerability in the security of these networks. Most proposed solutions use machine learning algorithms to classify network traffic in an unstructured way within the current SDN architecture. In this work, the objective is the development of a new SDN architecture for the detection and mitigation of DDoS attacks, which includes the Knowledge Plane (KP) and the management plane. The new KP plan leverages information from the plans Management Plane (MP) and control planes to gain an overview of the network and enable smarter control. The KP is responsible for learning the behavior of the network and, in some cases, operating the network autonomously, using machine learning techniques for classifying and analyzing network traffic. For the training of machine learning algorithms, datasets of legitimate and malicious traffic were generated in an experimental SDN network structure with switches and real topologies. The flows were directed to the servers and the network controller using attack tools such as Bonesi and T50. As a result, the proposed new SDN architecture was able to detect and mitigate DDoS attacks, preventing the exhaustion of SDN controller resources and avoiding network congestion. As for accuracy during the hybrid scenario experiments, Naive Bayes was the best because it had 92,95% hits. The SVM, KNN and Decision Tree algorithms had respectively 78,18%, 79.06% and 64% accuracy of hits. The Accuracy metric obtained by the Decision Tree, Naive Bayes, KNN and SVM algorithms was respectively 74,28%, 93.82%, 90.42% and 86.36%. The Revocation metric gave 100% for all algorithms, while the F-Measure metric gave Decision Tree, Naive Bayes, KNN and SVM algorithms respectively 78%, 96.35%, 88.31% and 87.75%. To improve DDoS attack detection and mitigation techniques, and identify requirements for a more effective solution, modules are proposed (pre-processing, statistical analysis, decision making...) to define characteristics and functions of the layers of the new architecture proposal. All Hosts that were classified as malicious were automatically successfully blocked for a period of 60s so a result of 100% blocking.