June 1, 2019 Thesis Open Access

MULATU MEKONNEN

DataCite XML Export

<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd">
  <identifier identifierType="DOI">10.20372/nadre:5778</identifier>
  <creators>
    <creator>
      <creatorName>MULATU MEKONNEN</creatorName>
    </creator>
  </creators>
  <titles>
    <title>Internet Protocol (IP)-Based Distributed Denial of Server (DDoS) Attack Detection and Mitigation for Software Defined Networking (SDN) Controller</title>
  </titles>
  <publisher>Zenodo</publisher>
  <publicationYear>2019</publicationYear>
  <dates>
    <date dateType="Issued">2019-06-01</date>
  </dates>
  <resourceType resourceTypeGeneral="Text">Thesis</resourceType>
  <alternateIdentifiers>
    <alternateIdentifier alternateIdentifierType="url">https://nadre.ethernet.edu.et/record/5778</alternateIdentifier>
  </alternateIdentifiers>
  <relatedIdentifiers>
    <relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.20372/nadre:5777</relatedIdentifier>
    <relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://nadre.ethernet.edu.et/communities/dbu</relatedIdentifier>
    <relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://nadre.ethernet.edu.et/communities/zenodo</relatedIdentifier>
  </relatedIdentifiers>
  <rightsList>
    <rights rightsURI="http://www.opendefinition.org/licenses/cc-by">Creative Commons Attribution</rights>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
  </rightsList>
  <descriptions>
    <description descriptionType="Abstract">&lt;p&gt;Software-defined networking architectural framework eases the life of the network&lt;br&gt;
administrators by isolating the data plane from the control plane. This facilitates&lt;br&gt;
easy configuration of the network, provides a programmable interface for developing&lt;br&gt;
applications related to management, security, logging etc. and the centralized logical&lt;br&gt;
controller gives more control over the entire network, which has the total visibility&lt;br&gt;
of the network.&lt;br&gt;
These advantages of SDN also expose the network to the vulnerabilities and the&lt;br&gt;
impact of the attacks are much severe when compared to conventional networks,&lt;br&gt;
where the network devices in itself provided protection from the attacks and limits&lt;br&gt;
the scope of the attacks.&lt;br&gt;
In this paper, we explore various attacks that can be launched on SDN at different&lt;br&gt;
layers. We also evaluate some of the existing security methods in mitigating the&lt;br&gt;
attacks. We also explore a possible solution to prevent DDoS attacks using entropy.&lt;br&gt;
A Distributed Denial of Service (DDoS) attack is a DoS attack utilizing multiple&lt;br&gt;
distributed attack sources. Every network in the system has an entropy. Increase&lt;br&gt;
in randomness causes decrease in entropy. To mitigate this threat, this project&lt;br&gt;
proposes to use the central control of SDN for attack detection and introduces a&lt;br&gt;
solution that is effective and lightweight in terms of the resources that it uses.&lt;br&gt;
More precisely, this project shows how DDoS attacks can exhaust controller resources&lt;br&gt;
and provides a solution to detect such attacks based on the entropy variation of&lt;br&gt;
the destination IP address. Based on this value if it drops below threshold , we are&lt;br&gt;
blocking the specific port in the switch and bring the port down. This method is able&lt;br&gt;
to detect DDoS within the first five hundred packets of the attack traffic&lt;/p&gt;</description>
  </descriptions>
</resource>