Thesis Open Access
IP-BASED DDOS ATTACK DETECTION AND MITIGATION FOR SDN CONTROLLER
Mulatu Mekonnen
DataCite XML Export
<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd">
<identifier identifierType="DOI">10.20372/nadre:5760</identifier>
<creators>
<creator>
<creatorName>Mulatu Mekonnen</creatorName>
</creator>
</creators>
<titles>
<title>IP-BASED DDOS ATTACK DETECTION AND MITIGATION FOR SDN CONTROLLER</title>
</titles>
<publisher>Zenodo</publisher>
<publicationYear>2019</publicationYear>
<dates>
<date dateType="Issued">2019-06-01</date>
</dates>
<resourceType resourceTypeGeneral="Text">Thesis</resourceType>
<alternateIdentifiers>
<alternateIdentifier alternateIdentifierType="url">https://nadre.ethernet.edu.et/record/5760</alternateIdentifier>
</alternateIdentifiers>
<relatedIdentifiers>
<relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.20372/nadre:5759</relatedIdentifier>
<relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://nadre.ethernet.edu.et/communities/dbu</relatedIdentifier>
<relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://nadre.ethernet.edu.et/communities/zenodo</relatedIdentifier>
</relatedIdentifiers>
<rightsList>
<rights rightsURI="http://www.opendefinition.org/licenses/cc-by">Creative Commons Attribution</rights>
<rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
</rightsList>
<descriptions>
<description descriptionType="Abstract"><p>Software-defined networking architectural framework eases the life of the network<br>
administrators by isolating the data plane from the control plane. This facilitates<br>
easy configuration of the network, provides a programmable interface for developing<br>
applications related to management, security, logging etc. and the centralized logical<br>
controller gives more control over the entire network, which has the total visibility<br>
of the network.<br>
These advantages of SDN also expose the network to the vulnerabilities and the<br>
impact of the attacks are much severe when compared to conventional networks,<br>
where the network devices in itself provided protection from the attacks and limits<br>
the scope of the attacks.<br>
In this paper, we explore various attacks that can be launched on SDN at different<br>
layers. We also evaluate some of the existing security methods in mitigating the<br>
attacks. We also explore a possible solution to prevent DDoS attacks using entropy.<br>
A Distributed Denial of Service (DDoS) attack is a DoS attack utilizing multiple<br>
distributed attack sources. Every network in the system has an entropy. Increase<br>
in randomness causes decrease in entropy. To mitigate this threat, this project<br>
proposes to use the central control of SDN for attack detection and introduces a<br>
solution that is effective and lightweight in terms of the resources that it uses.<br>
More precisely, this project shows how DDoS attacks can exhaust controller resources<br>
and provides a solution to detect such attacks based on the entropy variation of<br>
the destination IP address. Based on this value if it drops below threshold , we are<br>
blocking the specific port in the switch and bring the port down. This method is able<br>
to detect DDoS within the first five hundred packets of the attack traffic.</p></description>
</descriptions>
</resource>
0
0
views
downloads
| All versions | This version | |
|---|---|---|
| Views | 0 | 0 |
| Downloads | 0 | 0 |
| Data volume | 0 Bytes | 0 Bytes |
| Unique views | 0 | 0 |
| Unique downloads | 0 | 0 |
Indexed in
- Publication date:
- June 1, 2019
- DOI:
-
- Communities:
- License (for files):
- Creative Commons Attribution