Thesis Open Access

IP-BASED DDOS ATTACK DETECTION AND MITIGATION FOR SDN CONTROLLER

Mulatu Mekonnen

JSON-LD (schema.org) Export

{
  "description": "<p>Software-defined networking architectural framework eases the life of the network<br>\nadministrators by isolating the data plane from the control plane. This facilitates<br>\neasy configuration of the network, provides a programmable interface for developing<br>\napplications related to management, security, logging etc. and the centralized logical<br>\ncontroller gives more control over the entire network, which has the total visibility<br>\nof the network.<br>\nThese advantages of SDN also expose the network to the vulnerabilities and the<br>\nimpact of the attacks are much severe when compared to conventional networks,<br>\nwhere the network devices in itself provided protection from the attacks and limits<br>\nthe scope of the attacks.<br>\nIn this paper, we explore various attacks that can be launched on SDN at different<br>\nlayers. We also evaluate some of the existing security methods in mitigating the<br>\nattacks. We also explore a possible solution to prevent DDoS attacks using entropy.<br>\nA Distributed Denial of Service (DDoS) attack is a DoS attack utilizing multiple<br>\ndistributed attack sources. Every network in the system has an entropy. Increase<br>\nin randomness causes decrease in entropy. To mitigate this threat, this project<br>\nproposes to use the central control of SDN for attack detection and introduces a<br>\nsolution that is effective and lightweight in terms of the resources that it uses.<br>\nMore precisely, this project shows how DDoS attacks can exhaust controller resources<br>\nand provides a solution to detect such attacks based on the entropy variation of<br>\nthe destination IP address. Based on this value if it drops below threshold , we are<br>\nblocking the specific port in the switch and bring the port down. This method is able<br>\nto detect DDoS within the first five hundred packets of the attack traffic.</p>", 
  "license": "http://www.opendefinition.org/licenses/cc-by", 
  "creator": [
    {
      "@type": "Person", 
      "name": "Mulatu Mekonnen"
    }
  ], 
  "headline": "IP-BASED DDOS ATTACK DETECTION AND MITIGATION FOR SDN CONTROLLER", 
  "image": "https://zenodo.org/static/img/logos/zenodo-gradient-round.svg", 
  "datePublished": "2019-06-01", 
  "url": "https://nadre.ethernet.edu.et/record/5760", 
  "@context": "https://schema.org/", 
  "identifier": "https://doi.org/10.20372/nadre:5760", 
  "@id": "https://doi.org/10.20372/nadre:5760", 
  "@type": "ScholarlyArticle", 
  "name": "IP-BASED DDOS ATTACK DETECTION AND MITIGATION FOR SDN CONTROLLER"
}
0
0
views
downloads
All versions This version
Views 00
Downloads 00
Data volume 0 Bytes0 Bytes
Unique views 00
Unique downloads 00
More info on how stats are collected.
Indexed in
Publication date:
June 1, 2019
DOI:
10.20372/nadre:5760

Zenodo DOI Badge

DOI 

10.20372/nadre:5760

Markdown 

[![DOI](https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:5760.svg)](https://doi.org/10.20372/nadre:5760)

reStructedText 

.. image:: https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:5760.svg
   :target: https://doi.org/10.20372/nadre:5760

HTML 

<a href="https://doi.org/10.20372/nadre:5760"><img src="https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:5760.svg" alt="DOI"></a>

Image URL 

https://nadre.ethernet.edu.et/badge/DOI/10.20372/nadre:5760.svg

Target URL 

https://doi.org/10.20372/nadre:5760

Communities:
License (for files):
Creative Commons Attribution

Versions

Version 1 10.20372/nadre:5760 Jun 1, 2019
Cite all versions? You can cite all versions by using the DOI 10.20372/nadre:5759. This DOI represents all versions, and will always resolve to the latest one. Read more.

Share

Cite as

Export