Applying NFV/SDN to DDoS mitigating
Distributed Denial of Service (DDoS) attack has become one of the major threat to current Internet. The attacker firstly gains the control of a large number of hosts. Then by controlling these hosts to send illegal packets to the victim simultaneously, the attacker can easily exhaust the bandwidth o...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Theses and Dissertations |
| Language: | English |
| Published: |
2018
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/76021 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-76021 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-760212023-07-04T15:56:36Z Applying NFV/SDN to DDoS mitigating Zhang, Man Goh Wang Ling School of Electrical and Electronic Engineering DRNTU::Engineering::Electrical and electronic engineering Distributed Denial of Service (DDoS) attack has become one of the major threat to current Internet. The attacker firstly gains the control of a large number of hosts. Then by controlling these hosts to send illegal packets to the victim simultaneously, the attacker can easily exhaust the bandwidth or computing resource of the victim. DDoS attack mitigating approaches that apply pre-established defending strategy, functionality or capacity, and guard at fixed locations are costly and not effective. Software Defined Network (SDN) is a new network architecture in which the data plane and the control plane are decoupled. In SDN, the data forwarding function is achieved by using general devices while the control function is implemented by software. Network Function Virtualization (NFV) supports the flexibility in on-demand function instantiation and allocation, and recently finds its applications in handling DDoS attacks. In this dissertation, NFV/SDN is applied into DDoS mitigation. In the framework, network traffic is monitored and analyzed utilizing the SDN features of central control and global network view, and the detection of anomaly traffic will trigger the actions of SDN controller. In this dissertaion we build up an SND environment and demonstrate a DDoS attack on a network topology. By doing simulation experiment, see how we can mitigate it using SDN in real-time. It is shown that the SDN controller can identify the DDoS attackers and disconnect them from the network to prevent any further damages to the network. Master of Science (Electronics) 2018-09-18T06:24:14Z 2018-09-18T06:24:14Z 2018 Thesis http://hdl.handle.net/10356/76021 en 72 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Electrical and electronic engineering |
| spellingShingle |
DRNTU::Engineering::Electrical and electronic engineering Zhang, Man Applying NFV/SDN to DDoS mitigating |
| description |
Distributed Denial of Service (DDoS) attack has become one of the major threat to current Internet. The attacker firstly gains the control of a large number of hosts. Then by controlling these hosts to send illegal packets to the victim simultaneously, the attacker can easily exhaust the bandwidth or computing resource of the victim. DDoS attack mitigating approaches that apply pre-established defending strategy, functionality or capacity, and guard at fixed locations are costly and not effective. Software Defined Network (SDN) is a new network architecture in which the data plane and the control plane are decoupled. In SDN, the data forwarding function is achieved by using general devices while the control function is implemented by software. Network Function Virtualization (NFV) supports the flexibility in on-demand function instantiation and allocation, and recently finds its applications in handling DDoS attacks. In this dissertation, NFV/SDN is applied into DDoS mitigation. In the framework, network traffic is monitored and analyzed utilizing the SDN features of central control and global network view, and the detection of anomaly traffic will trigger the actions of SDN controller. In this dissertaion we build up an SND environment and demonstrate a DDoS attack on a network topology. By doing simulation experiment, see how we can mitigate it using SDN in real-time. It is shown that the SDN controller can identify the DDoS attackers and disconnect them from the network to prevent any further damages to the network. |
| author2 |
Goh Wang Ling |
| author_facet |
Goh Wang Ling Zhang, Man |
| format |
Theses and Dissertations |
| author |
Zhang, Man |
| author_sort |
Zhang, Man |
| title |
Applying NFV/SDN to DDoS mitigating |
| title_short |
Applying NFV/SDN to DDoS mitigating |
| title_full |
Applying NFV/SDN to DDoS mitigating |
| title_fullStr |
Applying NFV/SDN to DDoS mitigating |
| title_full_unstemmed |
Applying NFV/SDN to DDoS mitigating |
| title_sort |
applying nfv/sdn to ddos mitigating |
| publishDate |
2018 |
| url |
http://hdl.handle.net/10356/76021 |
| _version_ |
1772826467566092288 |