TPAAD: two‐phase authentication system for denial of service attack detection and mitigation using machine learning in software‐defined network.

Software-defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial-of-service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two-Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K-nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two-Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead

Seguridad en Redes definidas por software (SDN)

[ES] En este proyecto se va a analizar la seguridad en las Redes Definidas por Software (SDN). Las redes definidas por software son la evolución de las redes convencionales, y la aparición de estas SDN redes ha aportado nuevas ventajas y funcionalidades en las diferentes áreas donde se pueden aplicar. Se realizará un estudio de su evolución, centrándose en OpenFlow, protocolo utilizado en SDN, así como los principales controladores y, sobre todo, se hará un especial hincapié en la seguridad. La seguridad es una cualidad fundamental y un aspecto muy importante a tener en cuenta en la actualidad, pues las redes SDN son prácticamente nuevas, y debido a la separación del plano de control y del plano de datos se introducen nuevas vulnerabilidades y tipos de ataques. En este trabajo se explicarán diversos ataques que se pueden producir y así como las soluciones que hay para poder mejorar la seguridad de una red SDN. Existen muchas herramientas que sirven para probar y analizar la seguridad de una SDN. En este proyecto se explicarán los aspectos a tener en cuenta sobre la seguridad y su utilidad este tipo de redes.[EN] This proyect will analyze security in Software Defined Networking (SDN). Software Defined Networks are the evolution of conventional networks and the emergence of these SDN networks has brought new advantages and functionalities in the differents areas where they can be applied. A study will be made of their evolution, focusing on OpenFlow, the protocol used in SDN, as well as the main controllers and, above all, there will be a special emphasis on security. Security is a fundamental quality and a very important aspect to take into account nowadays, since SDN are practically new and due to the separation of the control plane and the data plane, new vulnerabilities and types of attacks are introduced. This paper will explain various attacks that can occur and the solutions available to improve the security of an SDN network. There are many tools that can be used to test and analyze the security of an SDN. In this proyect we will explain aspects to bear in mind about security and its usefulness of this type of networks.Ruipérez Cuesta, J. (2021). Seguridad en Redes definidas por software (SDN). Universitat Politècnica de València. http://hdl.handle.net/10251/165154TFG