Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 51299 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Jahangir, Amir Hossein
- Abstract:
- A novel internetworking paradigm, software-defined exchange (SDX), allows multiple independent administrative domains to share computing, storage, and networking resources. Although the term SDX is very recent, the concept has already been used by many distinct disciplines.We argue that the advent of Software Defined Networking (SDN) provides a unique opportunity to effectively detect and contain network security problems such as DDoS attacks. DDoS attacks can easily exhaust the controller's or the switches' computing and communication resources and hence, breakdown the network within a short time. In this thesis we extend these functionalities with an efficient, scalable and light weight mechanism for performing DDoS Early Detection in SDX architectures. Flow statistics may reveal anomalies triggered by large scale malicious events (typically massive Distributed Denial of Service attacks) and subsequently assist networked resource owners/operators to raise mitigation policies against these threats. First, we propose a modular and integrated data architecture for the data collection process from the SDX Architecture Hardware and software Switches, controller and applications with the employment of sFlow (sampled Flow) monitoring data. We then test the SDX architecture by real IXP traffic (MAWI) and different type of volumetric DDoS attacks and report experimental results that compare its performance against last DDoS Eraly detection approaches that use application and code on the controller. The proposed and implemented solution reduced the average time of TCP flood attacks detection to 8 seconds and UDP attacks to 11 seconds, which has been 50% to 60% lower than the previous ones. The method not only can detect the attacks but can also identify the attacking paths and start a mitigation process based on the BGP RTBH at the early stage. The proposed method is based on the Entropy variation of destination IP address, Flow initiation rate and study of the Flow specifications. Finally, using the implementation of the host-based sampling program, initial tests were performed on the Vtune 2016 monitoring software and In particular, the improvement of branch predictions, Hot spots points in the program code, concurrency, critical points using graphics processors, locks and waits, and suggestions for improving the program code were provided
- Keywords:
- Entropy ; Software Defined Networks (SDN) ; Denial of Service (DOS)Attack Detection ; Distributed Denial of Service (DDOS)Attack ; Internet Exchange Point (IXP) ; Software Defined Internet Exchange (SDX)
Digital Object List
-
محتواي کتاب
- view
Bookmark