Scalable and Reliable Framework to Detect and Mitigate DDoS Attack in OpenFlow-based SDN Network

Fazely Hamedani, Amirreza

by Amirreza Fazely Hamedani

Doctoral thesis

Date of Examination:2023-07-04

Date of issue:2023-08-10

Advisor:Prof. Dr. Ramin Yahyapour

Referee:Prof. Dr. Ramin Yahyapour

Referee:Prof. Dr. Dieter Hogrefe

Persistent Address: http://dx.doi.org/10.53846/goediss-10038

Files in this item

Name:PhDThesis_FazelyAmirreza_2023.pdf

Size:8.46Mb

Format:PDF

Description:Main PhD Dissertation

ViewOpen

The following license files are associated with this item:

Abstract

English

Software-defined networking in recent years has come into the sight of so many network designers as a successor to traditional networking. Unlike traditional networks where control and data planes engage together within a single device in the network infrastructure such as switches and routers, the two planes are kept separated in software-defined networks (SDNs). All critical decisions about packet routing are made by the network controller, and the data-level devices forward the packets based on these decisions. This type of network is vulnerable to DDoS attacks, degrading the overall functioning and performance of the network by continuously injecting fake flows into it. This increases the substantial burden on the controller side, and the result ultimately leads to the inaccessibility of the controller and the lack of network service to legitimate users. Thus, the protection of this novel network architecture against denial-of-service attacks is essential. Today, the world is on the verge of using computer network services and information systems at their peak. Thus, the security concerns attached to these services/systems shall be taken seriously and dealt with. In the world of cybersecurity, attacks, and new threats emerge every day. It is essential to have tools capable of managing and analyzing all this new information to detect possible attacks in real-time. These tools should provide a comprehensive solution to automatically detect, predict and prevent abnormalities in the network. This Ph.D. research introduces an intelligent big data framework as a solution to prevent the performance degradation on SDN network during DDoS attacks. By leveraging the programmability and centralized controller of the SDN and using distributed data processing techniques based on the big data analytic tools and machine learning algorithm, we aim to enhance the SDN network security and resilience against these sophisticated attacks.

Keywords: Network Security, Software-defined Networks(SDN); Distributed Denial of Service Attacks(DDoS); Big data analytics pipeline; Machine Learning Algorithm

Statistik