Thesis Open Access
Mulatu Mekonnen
{ "files": [ { "links": { "self": "https://nadre.ethernet.edu.et/api/files/27972111-ccea-4ec0-b807-c30ead2520bd/f1042664640.pdf" }, "checksum": "md5:d45cbd5fd89e1d88df48cadeabb670f7", "bucket": "27972111-ccea-4ec0-b807-c30ead2520bd", "key": "f1042664640.pdf", "type": "pdf", "size": 647925 } ], "owners": [ 11 ], "doi": "10.20372/nadre:5760", "stats": {}, "links": { "doi": "https://doi.org/10.20372/nadre:5760", "conceptdoi": "https://doi.org/10.20372/nadre:5759", "bucket": "https://nadre.ethernet.edu.et/api/files/27972111-ccea-4ec0-b807-c30ead2520bd", "conceptbadge": "https://nadre.ethernet.edu.et/badge/doi/10.20372/nadre%3A5759.svg", "html": "https://nadre.ethernet.edu.et/record/5760", "latest_html": "https://nadre.ethernet.edu.et/record/5760", "badge": "https://nadre.ethernet.edu.et/badge/doi/10.20372/nadre%3A5760.svg", "latest": "https://nadre.ethernet.edu.et/api/records/5760" }, "conceptdoi": "10.20372/nadre:5759", "created": "2025-01-13T09:29:15.827572+00:00", "updated": "2025-01-13T09:29:19.040283+00:00", "conceptrecid": "5759", "revision": 3, "id": 5760, "metadata": { "access_right_category": "success", "doi": "10.20372/nadre:5760", "description": "<p>Software-defined networking architectural framework eases the life of the network<br>\nadministrators by isolating the data plane from the control plane. This facilitates<br>\neasy configuration of the network, provides a programmable interface for developing<br>\napplications related to management, security, logging etc. and the centralized logical<br>\ncontroller gives more control over the entire network, which has the total visibility<br>\nof the network.<br>\nThese advantages of SDN also expose the network to the vulnerabilities and the<br>\nimpact of the attacks are much severe when compared to conventional networks,<br>\nwhere the network devices in itself provided protection from the attacks and limits<br>\nthe scope of the attacks.<br>\nIn this paper, we explore various attacks that can be launched on SDN at different<br>\nlayers. We also evaluate some of the existing security methods in mitigating the<br>\nattacks. We also explore a possible solution to prevent DDoS attacks using entropy.<br>\nA Distributed Denial of Service (DDoS) attack is a DoS attack utilizing multiple<br>\ndistributed attack sources. Every network in the system has an entropy. Increase<br>\nin randomness causes decrease in entropy. To mitigate this threat, this project<br>\nproposes to use the central control of SDN for attack detection and introduces a<br>\nsolution that is effective and lightweight in terms of the resources that it uses.<br>\nMore precisely, this project shows how DDoS attacks can exhaust controller resources<br>\nand provides a solution to detect such attacks based on the entropy variation of<br>\nthe destination IP address. Based on this value if it drops below threshold , we are<br>\nblocking the specific port in the switch and bring the port down. This method is able<br>\nto detect DDoS within the first five hundred packets of the attack traffic.</p>", "license": { "id": "cc-by" }, "title": "IP-BASED DDOS ATTACK DETECTION AND MITIGATION FOR SDN CONTROLLER", "relations": { "version": [ { "count": 1, "index": 0, "parent": { "pid_type": "recid", "pid_value": "5759" }, "is_last": true, "last_child": { "pid_type": "recid", "pid_value": "5760" } } ] }, "communities": [ { "id": "dbu" }, { "id": "zenodo" } ], "publication_date": "2019-06-01", "creators": [ { "name": "Mulatu Mekonnen" } ], "access_right": "open", "resource_type": { "subtype": "thesis", "type": "publication", "title": "Thesis" }, "related_identifiers": [ { "scheme": "doi", "identifier": "10.20372/nadre:5759", "relation": "isVersionOf" } ] } }
All versions | This version | |
---|---|---|
Views | 0 | 0 |
Downloads | 0 | 0 |
Data volume | 0 Bytes | 0 Bytes |
Unique views | 0 | 0 |
Unique downloads | 0 | 0 |