Counteracting UDP Flooding Attacks in SDN
碩士 === 元智大學 === 資訊工程學系 === 104 === Software-defined networking (SDN) is a new network architecture with the central control. The purpose is to allow network to become more flexible and easier to manage. Besides, the need for the resources and services of applications can have better also managemen...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2016
|
Online Access: | http://ndltd.ncl.edu.tw/handle/56753540948380371723 |
id |
ndltd-TW-104YZU05392029 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-104YZU053920292017-08-27T04:30:11Z http://ndltd.ncl.edu.tw/handle/56753540948380371723 Counteracting UDP Flooding Attacks in SDN 在軟體定義網路的架構下抵禦UDP洪水攻擊 Hung-Chuan Wei 魏鴻娟 碩士 元智大學 資訊工程學系 104 Software-defined networking (SDN) is a new network architecture with the central control. The purpose is to allow network to become more flexible and easier to manage. Besides, the need for the resources and services of applications can have better also management. SDN architecture is to separate the control plane and data plane. Control plane uses a controller to centrally manage SDN switch, while the data plane handles only data transmission, which can reduce the difficulty of management. SDN using OPENFLOW protocol to connect the control plane and data plane, so that when the packet enters first into the flow table, the matching flows can be forwarded directly. SDN has been proven successful in improving not only network performance but also network security. However, the centralized control in SDN architecture incurs new security vulnerabilities. Because all of the management functionality are in the controller, the UDP flooding attack can be easily launched and causes serious packet transmission delay, performance loss on the controller and therefore even network shutdown. Therefore, in this thesis, for UDP flood attack, we will carry out a simulation to prove flooding attack can harm the controller. After that, the defense presented a lightweight method is presented. Via the experiments, we demonstrate the performance and safety of our proposed defense mechanism. The advantage of our defense is that it will not incur too much computation and communication burden if no attack is launched. The controller itself has no need to be modified with our defense mechanism. In particular, our defense can always monitor the status of the controller. If necessary, add flow table rules to ensure normal operation of the controller and the network. Chia-Mu Yu 游家牧 2016 學位論文 ; thesis 26 en_US |
collection |
NDLTD |
language |
en_US |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 元智大學 === 資訊工程學系 === 104 === Software-defined networking (SDN) is a new network architecture with the central control. The purpose is to allow network to become more flexible and easier to manage. Besides, the need for the resources and services of applications can have better also management.
SDN architecture is to separate the control plane and data plane. Control plane uses a controller to centrally manage SDN switch, while the data plane handles only data transmission, which can reduce the difficulty of management. SDN using OPENFLOW protocol to connect the control plane and data plane, so that when the packet enters first into the flow table, the matching flows can be forwarded directly. SDN has been proven successful in improving not only network performance but also network security. However, the centralized control in SDN architecture incurs new security vulnerabilities. Because all of the management functionality are in the controller, the UDP flooding attack can be easily launched and causes serious packet transmission delay, performance loss on the controller and therefore even network shutdown.
Therefore, in this thesis, for UDP flood attack, we will carry out a simulation to prove flooding attack can harm the controller. After that, the defense presented a lightweight method is presented. Via the experiments, we demonstrate the performance and safety of our proposed defense mechanism. The advantage of our defense is that it will not incur too much computation and communication burden if no attack is launched. The controller itself has no need to be modified with our defense mechanism. In particular, our defense can always monitor the status of the controller. If necessary, add flow table rules to ensure normal operation of the controller and the network.
|
author2 |
Chia-Mu Yu |
author_facet |
Chia-Mu Yu Hung-Chuan Wei 魏鴻娟 |
author |
Hung-Chuan Wei 魏鴻娟 |
spellingShingle |
Hung-Chuan Wei 魏鴻娟 Counteracting UDP Flooding Attacks in SDN |
author_sort |
Hung-Chuan Wei |
title |
Counteracting UDP Flooding Attacks in SDN |
title_short |
Counteracting UDP Flooding Attacks in SDN |
title_full |
Counteracting UDP Flooding Attacks in SDN |
title_fullStr |
Counteracting UDP Flooding Attacks in SDN |
title_full_unstemmed |
Counteracting UDP Flooding Attacks in SDN |
title_sort |
counteracting udp flooding attacks in sdn |
publishDate |
2016 |
url |
http://ndltd.ncl.edu.tw/handle/56753540948380371723 |
work_keys_str_mv |
AT hungchuanwei counteractingudpfloodingattacksinsdn AT wèihóngjuān counteractingudpfloodingattacksinsdn AT hungchuanwei zàiruǎntǐdìngyìwǎnglùdejiàgòuxiàdǐyùudphóngshuǐgōngjī AT wèihóngjuān zàiruǎntǐdìngyìwǎnglùdejiàgòuxiàdǐyùudphóngshuǐgōngjī |
_version_ |
1718519723800395776 |