Intrusion Detection in Data Networks Using Header Space Analysis

Please enable javascript in your browser.

Mohammadi, Amir Ahmad | 2014

766 Viewed

Type of Document: M.Sc. Thesis
Language: Farsi
Document No: 47095 (05)
University: Sharif University of Technology
Department: Electrical Engineering
Advisor(s): Pakravan, Mohammad Reza; Kazemian, Payman
Abstract:
Software Defined Networking (SDN) provides a logically centralized view of the state of the network, and as a result opens up new ways to manage and monitor networks. In this dissertation a novel approach to network intrusion detection in SDNs is introduced that takes advantage of these attributes. This approach can detect compromised routers that produce faulty messages, copy or steal traffic or maliciously drop certain types of packets. To identify these attacks and the affected switches, we correlate the forwarding state of network---i.e. installed forwarding rules---with the forwarding status of packets---i.e. the actual route packets take in the network and detect anomaly in routes. Thus, our approach turns the network itself into a big intrusion detection system. We have evaluated our approach on topologies from real networks by developing an application over OpenDaylight SDN controller and detected simulated dropping and duplicating attacks in these networks
Keywords:
Network ; Switches ; Header ; Router ; Intrusion Detection System ; Compromise Router ; Software Defined Networks (SDN)