Protection of software defined networks from link flood attack
Software Defined Networking (SDN) provides a novel network management approach by separating the data plane from the control plane. This makes design of networks simple and programmable. SDN ability to have the complete network visibility allows the network to have better network security through be...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/141437 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-141437 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1414372023-07-07T18:40:50Z Protection of software defined networks from link flood attack Tay, Andy Thiam Chek Ma Maode School of Electrical and Electronic Engineering EMDMa@ntu.edu.sg Engineering::Electrical and electronic engineering Software Defined Networking (SDN) provides a novel network management approach by separating the data plane from the control plane. This makes design of networks simple and programmable. SDN ability to have the complete network visibility allows the network to have better network security through better analysis of traffic patterns. The centralized controller has become a new vulnerability in the SDN. The network is vulnerable to the Link Flood Attack (LFA), one of the new, stealthy attacks. In this project, we want to study the latest type of DDoS attack, the Link Flood Attacks and explore various methods to mitigate the LFAs to protect the SDN using Entropy. LFA is an attack which uses multiple bots generating spoof IP packets and launch them to the decoy server of a target area at low rate legitimate traffic by consuming all the bandwidth in order to break the target area’s critical link. Every network system has an entropy value which decreases if randomness is detected in the network. To preventing the LFA, I will be developing attacking algorithm to generate UDP packets to generate traffic to the decoy server. The mitigation algorithm will be implemented using the POX controller with Mininet to detect the attack. The algorithm was named as LFA Radar and was then evaluated for its accuracy Bachelor of Engineering (Electrical and Electronic Engineering) 2020-06-08T07:56:10Z 2020-06-08T07:56:10Z 2020 Final Year Project (FYP) https://hdl.handle.net/10356/141437 en A3155-191 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Electrical and electronic engineering |
| spellingShingle |
Engineering::Electrical and electronic engineering Tay, Andy Thiam Chek Protection of software defined networks from link flood attack |
| description |
Software Defined Networking (SDN) provides a novel network management approach by separating the data plane from the control plane. This makes design of networks simple and programmable. SDN ability to have the complete network visibility allows the network to have better network security through better analysis of traffic patterns. The centralized controller has become a new vulnerability in the SDN. The network is vulnerable to the Link Flood Attack (LFA), one of the new, stealthy attacks. In this project, we want to study the latest type of DDoS attack, the Link Flood Attacks and explore various methods to mitigate the LFAs to protect the SDN using Entropy. LFA is an attack which uses multiple bots generating spoof IP packets and launch them to the decoy server of a target area at low rate legitimate traffic by consuming all the bandwidth in order to break the target area’s critical link. Every network system has an entropy value which decreases if randomness is detected in the network. To preventing the LFA, I will be developing attacking algorithm to generate UDP packets to generate traffic to the decoy server. The mitigation algorithm will be implemented using the POX controller with Mininet to detect the attack. The algorithm was named as LFA Radar and was then evaluated for its accuracy |
| author2 |
Ma Maode |
| author_facet |
Ma Maode Tay, Andy Thiam Chek |
| format |
Final Year Project |
| author |
Tay, Andy Thiam Chek |
| author_sort |
Tay, Andy Thiam Chek |
| title |
Protection of software defined networks from link flood attack |
| title_short |
Protection of software defined networks from link flood attack |
| title_full |
Protection of software defined networks from link flood attack |
| title_fullStr |
Protection of software defined networks from link flood attack |
| title_full_unstemmed |
Protection of software defined networks from link flood attack |
| title_sort |
protection of software defined networks from link flood attack |
| publisher |
Nanyang Technological University |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/141437 |
| _version_ |
1772827265308033024 |