11 research outputs found
Detection of Distributed Denial of Service Attacks Carried Out by Botnets in Software-Defined Networks
Recent years witnessed a surge in network traffic due to the emergence of new
online services, causing periodic saturation and complexity problems.
Additionally, the growing number of IoT devices further compounds the problem.
Software Defined Network (SDN) is a new architecture which offers innovative
advantages that help to reduce saturation problems. Despite its benefits, SDNs
not only can be affected by traditional attacks but also introduce new security
challenges. In this context, Distributed Denial of Service (DDoS) is one of the
most important attacks that can damage an SDN network's normal operation.
Furthermore, if these attacks are executed using botnets, they can use
thousands of compromised devices to disrupt critical online services. This
paper proposes a framework for detecting DDoS attacks generated by a group of
botnets in an SDN network. The framework is implemented using open-source tools
such as Mininet and OpenDaylight and tested in a centralized network topology
using BYOB and SNORT. The results demonstrate real-time attack identification
by implementing an intrusion detection mechanism in the victim client. Our
proposed solution offers quick and effective detection of DDoS attacks in SDN
networks. The framework can successfully differentiate the type of attack with
high accuracy in a short tim
A testbed design for intrusion detection and mitigation in SDN architecture by using DPI
06.03.2018 tarihli ve 30352 sayılı Resmi Gazetede yayımlanan “Yükseköğretim Kanunu İle Bazı Kanun Ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun” ile 18.06.2018 tarihli “Lisansüstü Tezlerin Elektronik Ortamda Toplanması, Düzenlenmesi ve Erişime Açılmasına İlişkin Yönerge” gereğince tam metin erişime açılmıştır.Son on yılda, ağları tasarlamak ve geliştirmek için kullanılan teknolojiler konusunda köklü değişiklikler yaşanmamıştır. Bu süre zarfında, ağa bağlı cihazlarının sayısı üstel olarak artarak bilgisayar ağlarının toplamı ve boyutunun artmasına yol açtı. Bu ise, veri merkezlerinde ve şirketlerde mevcut ağ yapılarının yönetimini daha da zorlaştırdı. Yazılım Tanımlı Ağ fikri, daha önce aynı cihazda sıkıştırılmış olan veri düzlemi ile denetim düzlemini birbirinden ayırmayı getirir ve böylece tüm ağ yapısının SDN denetleyici adı verilen merkezi bir yerden programlanmasına imkan verir. Bu yapı içerisindeki very düzlemi, kendisine gelen verileri SDN denetleyici tarafından belirlendiği şekilde bir sonraki düğüme ileten aptal cihazlardan oluşur. OpenFlow, SDN denetleyici ile very düzelmi cihazları arasındaki bağlantıyı sağlamak üzere yaygın olarak kullanılan haberleşme protokolüdür. Oluşturulan test düzeneği web uygulaması, anormal durum tespiti alt sistemi, floodlight denetleyiciye sahip SDN yapısı ve sFlow protokolü gibi çok sayıda bileşene sahiptir. Geliştirilen system, akan trafık üzerindeki tehditleri bulabilmek için paketlerin yük kısımlarını incelemektedir. Geliştirilen test düzeneğinin başarımını sorgulamak için DoS saldırısı göz önüne alınımıştır. Elde edilen sonuçlar SDN sistemlerin güvenliğiyle ilgili deneylerin oluşturulan bu test düzeneği ile kolayca gerçekleştirilebileceğini göstermektedir.For the last decade's technologies which is used to design and build networks have remained unchanged. In the meantime, the number of connected networking devices has raised exponentially which lead to that also the total and the size of computer networks has increased. Accordingly, the existing networks in data centers and companies have become much more difficult and harder to administrate. Software Defined Networking (SDN) idea brings the fact to separate the control plane from data plane which was previously tighten together in the same device, and thus allows the network to be programmed from a logically centralized place called SDN controller. The data plane in this structure consists of dump devices which are only capable of forwarding the data as instructed by the SDN controller. OpenFlow is the well-known protocol used to take the communication between the SDN controller and the forwarding devices. In this study, a new testbed has been implemented for anomaly detection in SDN. The testbed formed has several components such as a web based application, an anomaly detection sub-system, an SDN structure with floodlight controller and sFlow protocol. The system developed examines the payload of the packets in order to find any threats in ongoing traffic. In order to investigate the performance of the testbed developed, DoS attack has been considered. The results show that experiments related to security aspects of the SDN systems can be realized by the testbed, easily
Understanding and Advancing the Status Quo of DDoS Defense
Two decades after the first distributed denial-of-service (DDoS) attack, the Internet remains challenged by DDoS attacks as they evolve. Not only is the scale of attacks larger than ever, but they are also harder to detect and mitigate. Nevertheless, the Internet's fundamental design, based on which machines are free to send traffic to any other machines, remains the same. This thesis reinvestigates the prior DDoS defense solutions to find less studied but critical issues in existing defense solutions. It proposes solutions to improve the input, design, and evaluation of DDoS defense. Specifically, we show why DDoS defense systems need a better view of the Internet's traffic at the autonomous system (AS) level. We use a novel attack to expose the inefficiencies in the existing defense systems. Finally, we reason why a defense solution needs a sound empirical evaluation and provide a framework that mimics real-world networks to facilitate DDoS defense evaluation.
This dissertation includes published and unpublished co-authored materials
Resilience to DDoS attacks
Tese de mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de CiênciasDistributed Denial-of-Service (DDoS) is one of the most common cyberattack used by malicious
actors. It has been evolving over the years, using more complex techniques to increase its attack power
and surpass the current defense mechanisms.
Due to the existent number of different DDoS attacks and their constant evolution, companies need
to be constantly aware of developments in DDoS solutions
Additionally, the existence of multiple solutions, also makes it hard for companies to decide which
solution best suits the company needs and must be implemented.
In order to help these companies, our work focuses in analyzing the existing DDoS solutions, for
companies to implement solutions that can lead to the prevention, detection, mitigation, and tolerance
of DDoS attacks, with the objective of improving the robustness and resilience of the companies against
DDoS attacks.
In our work, it is presented and described different DDoS solutions, some need to be purchased and
other are open-source or freeware, however these last solutions require more technical expertise by
cybersecurity agents.
To understand how cybersecurity agents protect their companies against DDoS attacks, nowadays, it
was built a questionnaire and sent to multiple cybersecurity agents from different countries and
industries.
As a result of the study performed about the different DDoS solutions and the information gathered
from the questionnaire, it was possible to create a DDoS framework to guide companies in the decisionmaking process of which DDoS solutions best suits their resources and needs, in order to ensure that
companies can develop their robustness and resilience to fight DDoS attacks.
The proposed framework it is divided in three phases, in which the first and second phase is to
understand the company context and the asset that need to be protected. The last phase is where we
choose the DDoS solution based on the information gathered in the previous phases. We analyzed and
presented for each DDoS solutions, which DDoS attack types they can prevent, detect and/or mitigate
IntelliFlow : um enfoque proativo para adicionar inteligência de ameaças cibernéticas a redes definidas por software
Orientador: Christian Rodolfo Esteve RothenbergDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Segurança tem sido uma das principais preocupações enfrentadas pela computação em rede principalmente, com o aumento das ameaças à medida que a Internet comercial e economias afins crescem rapidamente. Tecnologias de virtualização que permitem serviços em nuvem em escala colocam novos desafios para a segurança das infraestruturas computacionais, exigindo novos mecanismos que combinem o best-of-breed para reagir contra as metodologias de ataque emergentes. Nosso trabalho busca explorar os avanços na Cyber Threat Intelligence (CTI) no contexto da arquitetura de redes definidas por software, ou em inglês, Software Defined Networking (SDN). Enquanto a CTI representa uma abordagem recente para o combate de ameaças baseada em fontes confiáveis, a partir do compartihamento de informação e conhecimento sobre atividades criminais virtuais, a SDN é uma tendência recente na arquitetura de redes computacionais baseada em princípios de modulação e programabilidade. Nesta dissertação, nós propomos IntelliFlow, um sistema de detecção de inteligência para SDN que segue a abordagem proativa usando OpenFlow para efetivar contramedidas para as ameaças aprendidas a partir de um plano de inteligência distribuida. Nós mostramos a partir de uma implementação de prova de conceito que o sistema proposto é capaz de trazer uma série de benefícios em termos de efetividade e eficiência, contribuindo no plano geral para a segurança de projetos de computação de rede modernosAbstract: Security is a major concern in computer networking which faces increasing threats as the commercial Internet and related economies continue to grow. Virtualization technologies enabling scalable Cloud services pose further challenges to the security of computer infrastructures, demanding novel mechanisms combining the best-of-breed to counter certain types of attacks. Our work aims to explore advances in Cyber Threat Intelligence (CTI) in the context of Software Defined Networking (SDN) architectures. While CTI represents a recent approach to combat threats based on reliable sources, by sharing information and knowledge about computer criminal activities, SDN is a recent trend in architecting computer networks based on modularization and programmability principles. In this dissertation, we propose IntelliFlow, an intelligent detection system for SDN that follows a proactive approach using OpenFlow to deploy countermeasures to the threats learned through a distributed intelligent plane. We show through a proof of concept implementation that the proposed system is capable of delivering a number of benefits in terms of effectiveness and efficiency, altogether contributing to the security of modern computer network designsMestradoEngenharia de ComputaçãoMestre em Engenharia Elétrica159905/2013-3CNP
An intelligent context-aware threat detection and response model for smart cyber-physical systems
Smart cities, businesses, workplaces, and even residences have all been converged by the Internet of Things (IoT). The types and characteristics of these devices vary depending on the industry 4.0 and have rapidly increased recently, especially in smart homes. These gadgets can expose users to serious cyber dangers because of a variety of computing constraints and vulnerabilities in the security-by-design concept. The smart home network testbed setup presented in this study is used to evaluate and validate the protection of the smart cyber-physical system. The context-aware threat intelligence and response model identifies the states of the aligned smart devices to distinguish between real-world typical and attack scenarios. It then dynamically writes specific rules for protection against potential cyber threats. The context-aware model is trained on IoT Research and Innovation Lab - Smart Home System (IRIL-SHS) testbed dataset. The labeled dataset is utilized to create a random forest model, which is subsequently used to train and test the context-aware threat intelligence SHS model's effectiveness and performance. Finally, the model's logic is used to gain rules to be included in Suricata signatures and the firewall rulesets for the response system. Significant values of the measuring parameters were found in the results. The presented model can be used for the real-time security of smart home cyber-physical systems and develops a vision of security challenges for Industry 4.0
Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction
A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network’s security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network’s integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.publishedVersio
Cybersecurity of Digital Service Chains
This open access book presents the main scientific results from the H2020 GUARD project. The GUARD project aims at filling the current technological gap between software management paradigms and cybersecurity models, the latter still lacking orchestration and agility to effectively address the dynamicity of the former. This book provides a comprehensive review of the main concepts, architectures, algorithms, and non-technical aspects developed during three years of investigation; the description of the Smart Mobility use case developed at the end of the project gives a practical example of how the GUARD platform and related technologies can be deployed in practical scenarios. We expect the book to be interesting for the broad group of researchers, engineers, and professionals daily experiencing the inadequacy of outdated cybersecurity models for modern computing environments and cyber-physical systems
Cybersecurity of Digital Service Chains
This open access book presents the main scientific results from the H2020 GUARD project. The GUARD project aims at filling the current technological gap between software management paradigms and cybersecurity models, the latter still lacking orchestration and agility to effectively address the dynamicity of the former. This book provides a comprehensive review of the main concepts, architectures, algorithms, and non-technical aspects developed during three years of investigation; the description of the Smart Mobility use case developed at the end of the project gives a practical example of how the GUARD platform and related technologies can be deployed in practical scenarios. We expect the book to be interesting for the broad group of researchers, engineers, and professionals daily experiencing the inadequacy of outdated cybersecurity models for modern computing environments and cyber-physical systems