June 1, 2019 Thesis Open Access

Mulatu Mekonnen

Dublin Core Export

<?xml version='1.0' encoding='utf-8'?>
<oai_dc:dc xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:oai_dc="http://www.openarchives.org/OAI/2.0/oai_dc/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/ http://www.openarchives.org/OAI/2.0/oai_dc.xsd">
  <dc:creator>Mulatu Mekonnen</dc:creator>
  <dc:date>2019-06-01</dc:date>
  <dc:description>Software-defined networking architectural framework eases the life of the network
administrators by isolating the data plane from the control plane. This facilitates
easy configuration of the network, provides a programmable interface for developing
applications related to management, security, logging etc. and the centralized logical
controller gives more control over the entire network, which has the total visibility
of the network.
These advantages of SDN also expose the network to the vulnerabilities and the
impact of the attacks are much severe when compared to conventional networks,
where the network devices in itself provided protection from the attacks and limits
the scope of the attacks.
In this paper, we explore various attacks that can be launched on SDN at different
layers. We also evaluate some of the existing security methods in mitigating the
attacks. We also explore a possible solution to prevent DDoS attacks using entropy.
A Distributed Denial of Service (DDoS) attack is a DoS attack utilizing multiple
distributed attack sources. Every network in the system has an entropy. Increase
in randomness causes decrease in entropy. To mitigate this threat, this project
proposes to use the central control of SDN for attack detection and introduces a
solution that is effective and lightweight in terms of the resources that it uses.
More precisely, this project shows how DDoS attacks can exhaust controller resources
and provides a solution to detect such attacks based on the entropy variation of
the destination IP address. Based on this value if it drops below threshold , we are
blocking the specific port in the switch and bring the port down. This method is able
to detect DDoS within the first five hundred packets of the attack traffic.</dc:description>
  <dc:identifier>https://zenodo.org/record/5760</dc:identifier>
  <dc:identifier>10.20372/nadre:5760</dc:identifier>
  <dc:identifier>oai:zenodo.org:5760</dc:identifier>
  <dc:relation>doi:10.20372/nadre:5759</dc:relation>
  <dc:relation>url:https://nadre.ethernet.edu.et/communities/dbu</dc:relation>
  <dc:relation>url:https://nadre.ethernet.edu.et/communities/zenodo</dc:relation>
  <dc:rights>info:eu-repo/semantics/openAccess</dc:rights>
  <dc:rights>http://www.opendefinition.org/licenses/cc-by</dc:rights>
  <dc:title>IP-BASED DDOS ATTACK DETECTION AND MITIGATION FOR SDN CONTROLLER</dc:title>
  <dc:type>info:eu-repo/semantics/doctoralThesis</dc:type>
  <dc:type>publication-thesis</dc:type>
</oai_dc:dc>