Please use this identifier to cite or link to this item: http://repositorio.ufla.br/jspui/handle/1/58271
Title: Uma arquitetura SDN baseada nos planos de conhecimento e gerenciamento para detecção e mitigação de ataques DDOS
Other Titles: An SDN architecture based on knowledge and management plans for detection and mitigation of DDOS attacks
Authors: Correia, Luiz Henrique Andrade
Correia, Luiz Henrique Andrade
Leithardt, Valderi Reis Quietinho
Moraes Junior, Hermes Pimenta de
Keywords: DDoS
Segurança da informação
SDN
Plano de conhecimento
Plano de gerenciamento
Aprendizado de maquina
Distributed Denial of Service (DDoS)
Information security
Software Defined Networking (SDN)
Knowledge plan
Management plan
Machine learning
Openflow
Issue Date: 21-Aug-2023
Publisher: Universidade Federal de Lavras
Citation: AZONYÈTIN, C. F. G. Uma arquitetura SDN baseada nos planos de conhecimento e gerenciamento para detecção e mitigação de ataques DDOS. 2023. 77 p. Dissertação (Mestrado em Ciência da Computação)–Universidade Federal de Lavras, Lavras, 2023.
Abstract: The numerous attacks on computer networks have caused serious damage to companies and users in general. Software Defined Networks, or Software Defined Networks - SDN, emerge as an innovative alternative for isolating and controlling network traffic. The SDN paradigm allows the creation of rules from a controller that defines actions on the behavior of traffic on the network. Despite this, SDN also suffers from security problems, one of the main types of attack is based on Distributed Denial of Service (DDoS), which can reach both network servers and the SDN controller, leaving the network dead. In the current literature, there are reports that SDN controllers are not capable of handling a large number of new flows, creating vulnerability in the security of these networks. Most proposed solutions use machine learning algorithms to classify network traffic in an unstructured way within the current SDN architecture. In this work, the objective is the development of a new SDN architecture for the detection and mitigation of DDoS attacks, which includes the Knowledge Plane (KP) and the management plane. The new KP plan leverages information from the plans Management Plane (MP) and control planes to gain an overview of the network and enable smarter control. The KP is responsible for learning the behavior of the network and, in some cases, operating the network autonomously, using machine learning techniques for classifying and analyzing network traffic. For the training of machine learning algorithms, datasets of legitimate and malicious traffic were generated in an experimental SDN network structure with switches and real topologies. The flows were directed to the servers and the network controller using attack tools such as Bonesi and T50. As a result, the proposed new SDN architecture was able to detect and mitigate DDoS attacks, preventing the exhaustion of SDN controller resources and avoiding network congestion. As for accuracy during the hybrid scenario experiments, Naive Bayes was the best because it had 92,95% hits. The SVM, KNN and Decision Tree algorithms had respectively 78,18%, 79.06% and 64% accuracy of hits. The Accuracy metric obtained by the Decision Tree, Naive Bayes, KNN and SVM algorithms was respectively 74,28%, 93.82%, 90.42% and 86.36%. The Revocation metric gave 100% for all algorithms, while the F-Measure metric gave Decision Tree, Naive Bayes, KNN and SVM algorithms respectively 78%, 96.35%, 88.31% and 87.75%. To improve DDoS attack detection and mitigation techniques, and identify requirements for a more effective solution, modules are proposed (pre-processing, statistical analysis, decision making...) to define characteristics and functions of the layers of the new architecture proposal. All Hosts that were classified as malicious were automatically successfully blocked for a period of 60s so a result of 100% blocking.
URI: http://repositorio.ufla.br/jspui/handle/1/58271
Appears in Collections:Ciência da Computação - Mestrado (Dissertações)



This item is licensed under a Creative Commons License Creative Commons