Scalable and Reliable Framework to Detect and Mitigate DDoS Attack in OpenFlow-based SDN Network
Doctoral thesis
Date of Examination:2023-07-04
Date of issue:2023-08-10
Advisor:Prof. Dr. Ramin Yahyapour
Referee:Prof. Dr. Ramin Yahyapour
Referee:Prof. Dr. Dieter Hogrefe
Files in this item
Name:PhDThesis_FazelyAmirreza_2023.pdf
Size:8.46Mb
Format:PDF
Description:Main PhD Dissertation
Abstract
English
Software-defined networking in recent years has come into the sight of so many network designers as a successor to traditional networking. Unlike traditional networks where control and data planes engage together within a single device in the network infrastructure such as switches and routers, the two planes are kept separated in software-defined networks (SDNs). All critical decisions about packet routing are made by the network controller, and the data-level devices forward the packets based on these decisions. This type of network is vulnerable to DDoS attacks, degrading the overall functioning and performance of the network by continuously injecting fake flows into it. This increases the substantial burden on the controller side, and the result ultimately leads to the inaccessibility of the controller and the lack of network service to legitimate users. Thus, the protection of this novel network architecture against denial-of-service attacks is essential. Today, the world is on the verge of using computer network services and information systems at their peak. Thus, the security concerns attached to these services/systems shall be taken seriously and dealt with. In the world of cybersecurity, attacks, and new threats emerge every day. It is essential to have tools capable of managing and analyzing all this new information to detect possible attacks in real-time. These tools should provide a comprehensive solution to automatically detect, predict and prevent abnormalities in the network. This Ph.D. research introduces an intelligent big data framework as a solution to prevent the performance degradation on SDN network during DDoS attacks. By leveraging the programmability and centralized controller of the SDN and using distributed data processing techniques based on the big data analytic tools and machine learning algorithm, we aim to enhance the SDN network security and resilience against these sophisticated attacks.
Keywords: Network Security, Software-defined Networks(SDN); Distributed Denial of Service Attacks(DDoS); Big data analytics pipeline; Machine Learning Algorithm