Counteracting UDP Flooding Attacks in SDN

碩士 === 元智大學 === 資訊工程學系 === 104 === Software-defined networking (SDN) is a new network architecture with the central control. The purpose is to allow network to become more flexible and easier to manage. Besides, the need for the resources and services of applications can have better also managemen...

Full description

Bibliographic Details
Main Authors: Hung-Chuan Wei, 魏鴻娟
Other Authors: Chia-Mu Yu
Format: Others
Language:en_US
Published: 2016
Online Access:http://ndltd.ncl.edu.tw/handle/56753540948380371723
id ndltd-TW-104YZU05392029
record_format oai_dc
spelling ndltd-TW-104YZU053920292017-08-27T04:30:11Z http://ndltd.ncl.edu.tw/handle/56753540948380371723 Counteracting UDP Flooding Attacks in SDN 在軟體定義網路的架構下抵禦UDP洪水攻擊 Hung-Chuan Wei 魏鴻娟 碩士 元智大學 資訊工程學系 104 Software-defined networking (SDN) is a new network architecture with the central control. The purpose is to allow network to become more flexible and easier to manage. Besides, the need for the resources and services of applications can have better also management. SDN architecture is to separate the control plane and data plane. Control plane uses a controller to centrally manage SDN switch, while the data plane handles only data transmission, which can reduce the difficulty of management. SDN using OPENFLOW protocol to connect the control plane and data plane, so that when the packet enters first into the flow table, the matching flows can be forwarded directly. SDN has been proven successful in improving not only network performance but also network security. However, the centralized control in SDN architecture incurs new security vulnerabilities. Because all of the management functionality are in the controller, the UDP flooding attack can be easily launched and causes serious packet transmission delay, performance loss on the controller and therefore even network shutdown. Therefore, in this thesis, for UDP flood attack, we will carry out a simulation to prove flooding attack can harm the controller. After that, the defense presented a lightweight method is presented. Via the experiments, we demonstrate the performance and safety of our proposed defense mechanism. The advantage of our defense is that it will not incur too much computation and communication burden if no attack is launched. The controller itself has no need to be modified with our defense mechanism. In particular, our defense can always monitor the status of the controller. If necessary, add flow table rules to ensure normal operation of the controller and the network. Chia-Mu Yu 游家牧 2016 學位論文 ; thesis 26 en_US
collection NDLTD
language en_US
format Others
sources NDLTD
description 碩士 === 元智大學 === 資訊工程學系 === 104 === Software-defined networking (SDN) is a new network architecture with the central control. The purpose is to allow network to become more flexible and easier to manage. Besides, the need for the resources and services of applications can have better also management. SDN architecture is to separate the control plane and data plane. Control plane uses a controller to centrally manage SDN switch, while the data plane handles only data transmission, which can reduce the difficulty of management. SDN using OPENFLOW protocol to connect the control plane and data plane, so that when the packet enters first into the flow table, the matching flows can be forwarded directly. SDN has been proven successful in improving not only network performance but also network security. However, the centralized control in SDN architecture incurs new security vulnerabilities. Because all of the management functionality are in the controller, the UDP flooding attack can be easily launched and causes serious packet transmission delay, performance loss on the controller and therefore even network shutdown. Therefore, in this thesis, for UDP flood attack, we will carry out a simulation to prove flooding attack can harm the controller. After that, the defense presented a lightweight method is presented. Via the experiments, we demonstrate the performance and safety of our proposed defense mechanism. The advantage of our defense is that it will not incur too much computation and communication burden if no attack is launched. The controller itself has no need to be modified with our defense mechanism. In particular, our defense can always monitor the status of the controller. If necessary, add flow table rules to ensure normal operation of the controller and the network.
author2 Chia-Mu Yu
author_facet Chia-Mu Yu
Hung-Chuan Wei
魏鴻娟
author Hung-Chuan Wei
魏鴻娟
spellingShingle Hung-Chuan Wei
魏鴻娟
Counteracting UDP Flooding Attacks in SDN
author_sort Hung-Chuan Wei
title Counteracting UDP Flooding Attacks in SDN
title_short Counteracting UDP Flooding Attacks in SDN
title_full Counteracting UDP Flooding Attacks in SDN
title_fullStr Counteracting UDP Flooding Attacks in SDN
title_full_unstemmed Counteracting UDP Flooding Attacks in SDN
title_sort counteracting udp flooding attacks in sdn
publishDate 2016
url http://ndltd.ncl.edu.tw/handle/56753540948380371723
work_keys_str_mv AT hungchuanwei counteractingudpfloodingattacksinsdn
AT wèihóngjuān counteractingudpfloodingattacksinsdn
AT hungchuanwei zàiruǎntǐdìngyìwǎnglùdejiàgòuxiàdǐyùudphóngshuǐgōngjī
AT wèihóngjuān zàiruǎntǐdìngyìwǎnglùdejiàgòuxiàdǐyùudphóngshuǐgōngjī
_version_ 1718519723800395776