Sistema de proteção contra-ataques de botnets usando redes definidas por software

Detalhes bibliográficos
Autor(a) principal: Gonçalves, Diego Stelman de Medeiros
Data de Publicação: 2020
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Biblioteca Digital de Teses e Dissertações da UERJ
Texto Completo: http://www.bdtd.uerj.br/handle/1/16874
Resumo: Denial of service attacks are growing every year requiring financial and technolo- gical investments by corporations to prevent damage to their services provided on the Internet. In general, protection systems against these attacks are implemented using ex- pensive equipment that processes a high volume of traffic. In addition, some companies offer malicious traffic handling services to other autonomous systems on the Internet that are also expensive. This dissertation proposes a protection system against HTTP flood botnet attacks based on SDN (Software Defined Networking) network technology using the collaboration of other ASs. These ASs use SDN networks controlled through a VPN by the protection system of the web server targeted by the attacks. Another implemented VPN is used to allow collaborating ASs to send requests directly to the web server that is protected by the original system. The requests destined to the web server with the final service are answered by the system and receive a redirection to the real destination of the protected application. Through the implementation of the system with SDN, each request will have a permissive flow written on a virtual switch that gives access to the web server. Since requests from botnets will not access the actual destination because they do not follow the received redirect, only requests from legitimate clients will reach the protected server. This allows the system to differentiate attacking IPs from legitimate client IPs. In this way, attackers are blocked through blocking flows inserted into the system’s virtual input switch. The proposed system was implemented and performance evaluations were carried out. The results obtained show gradual reductions in CPU consumption of the local controller server, during an attack, as collaborating ASs are added to the system. With six collaborating ASs and the system under attack, a drop in CPU consumption of the local controller server of 65.32%, a drop in latency perceived by customers from 6 s to approximately 400 ms and a drop in in 78% web server CPU consumption.
id UERJ_e894fdce6d1b4a21021940575d1f66f7
oai_identifier_str oai:www.bdtd.uerj.br:1/16874
network_acronym_str UERJ
network_name_str Biblioteca Digital de Teses e Dissertações da UERJ
repository_id_str 2903
spelling Rubinstein, Marcelo Gonçalveshttp://lattes.cnpq.br/2787725227134746Couto, Rodrigo de Souzahttp://lattes.cnpq.br/2902496394823593Sztajnberg, Alexandrehttp://lattes.cnpq.br/0403732822984772Campista, Miguel Elias Mitrehttp://lattes.cnpq.br/4256483085616956http://lattes.cnpq.br/6669417907654622Gonçalves, Diego Stelman de Medeiros2021-11-05T23:59:58Z2020-02-19GONÇALVES, Diego Stelman de Medeiros. Sistema de proteção contra-ataques de botnets usando redes definidas por software. 2020. 63 f. Dissertação (Mestrado em Engenharia Eletrônica) - Faculdade de Engenharia, Universidade do Estado do Rio de Janeiro, Rio de Janeiro, 2020.http://www.bdtd.uerj.br/handle/1/16874Denial of service attacks are growing every year requiring financial and technolo- gical investments by corporations to prevent damage to their services provided on the Internet. In general, protection systems against these attacks are implemented using ex- pensive equipment that processes a high volume of traffic. In addition, some companies offer malicious traffic handling services to other autonomous systems on the Internet that are also expensive. This dissertation proposes a protection system against HTTP flood botnet attacks based on SDN (Software Defined Networking) network technology using the collaboration of other ASs. These ASs use SDN networks controlled through a VPN by the protection system of the web server targeted by the attacks. Another implemented VPN is used to allow collaborating ASs to send requests directly to the web server that is protected by the original system. The requests destined to the web server with the final service are answered by the system and receive a redirection to the real destination of the protected application. Through the implementation of the system with SDN, each request will have a permissive flow written on a virtual switch that gives access to the web server. Since requests from botnets will not access the actual destination because they do not follow the received redirect, only requests from legitimate clients will reach the protected server. This allows the system to differentiate attacking IPs from legitimate client IPs. In this way, attackers are blocked through blocking flows inserted into the system’s virtual input switch. The proposed system was implemented and performance evaluations were carried out. The results obtained show gradual reductions in CPU consumption of the local controller server, during an attack, as collaborating ASs are added to the system. With six collaborating ASs and the system under attack, a drop in CPU consumption of the local controller server of 65.32%, a drop in latency perceived by customers from 6 s to approximately 400 ms and a drop in in 78% web server CPU consumption.Os ataques de negação de serviço crescem a cada ano exigindo investimentos financeiros e tecnológicos por parte das corporações para evitar danos aos seus serviços prestados na Internet. Em geral, os sistemas de proteção contra esses ataques são implementados através de equipamentos caros que processam um alto volume de tráfego. Além disso, algumas empresas oferecem serviços de tratamento de tráfego malicioso destinado a outros sistemas autônomos na Internet que também são caros. Esta dissertação propõe um sistema de proteção contra-ataques de botnets do tipo HTTP flood baseado na tecnologia de redes SDN (Software Defined Networking) utilizando a colaboração de outros ASs. Esses ASs utilizam redes SDN controladas através de uma VPN pelo sistema de proteção do servidor web alvo dos ataques. Uma outra VPN implementada é utilizada para permitir que os ASs colaboradores enviem requisições diretamente ao servidor web que encontra-se protegido pelo sistema original. As requisições destinadas ao servidor web com o serviço desejado são atendidas pelo sistema e recebem um redirecionamento para o destino real da aplicação protegida. Através da implementação do sistema com SDN, cada requisição terá um fluxo permissivo escrito em um comutador virtual que dá acesso ao servidor web. Como as requisições das botnets não acessarão o destino real por não seguirem o redirecionamento recebido, apenas requisições de clientes legítimos alcançarão o servidor protegido. Isso permite ao sistema diferenciar IPs atacantes de IPs de clientes legítimos. Dessa forma, os atacantes são bloqueados através de fluxos de bloqueio inseridos no comutador virtual de entrada do sistema. O sistema proposto foi implementado e avaliações de desempenho foram realizadas. Os resultados obtidos mostram reduções gradativas no consumo de CPU do servidor do controlador local, durante um ataque, na medida que ASs colaboradores são adicionados ao sistema. Com seis ASs colaboradores e com o sistema sendo atacado, foram registradas uma queda de consumo de CPU do servidor do controlador local de 65,32%, uma queda de latência percebida pelos clientes de 6 s para aproximadamente 400 ms e uma queda no consumo de CPU do servidor web de 78%.Submitted by Julia CTC/B (julia.vieira@uerj.br) on 2021-11-05T23:59:58Z No. of bitstreams: 1 Dissertação - Diego Stelman de Medeiros Gonçalves - 2020 - Completo.pdf: 1316990 bytes, checksum: ad44ae8399fb85a0c4d807882f57000b (MD5)Made available in DSpace on 2021-11-05T23:59:58Z (GMT). No. of bitstreams: 1 Dissertação - Diego Stelman de Medeiros Gonçalves - 2020 - Completo.pdf: 1316990 bytes, checksum: ad44ae8399fb85a0c4d807882f57000b (MD5) Previous issue date: 2020-02-19application/pdfporUniversidade do Estado do Rio de JaneiroPrograma de Pós-Graduação em Engenharia EletrônicaUERJBrasilCentro de Tecnologia e Ciências::Faculdade de EngenhariaElectronic engineeringData protectionExtranetsComputer networkSoftware - ProtectionEngenharia eletrônicaProteção de dadosExtranetsRedes de computadoresSoftware - ProteçãoENGENHARIAS::ENGENHARIA ELETRICA::TELECOMUNICACOESSistema de proteção contra-ataques de botnets usando redes definidas por softwareBotnet attack protection system using software defined networksinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisinfo:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da UERJinstname:Universidade do Estado do Rio de Janeiro (UERJ)instacron:UERJORIGINALDissertação - Diego Stelman de Medeiros Gonçalves - 2020 - Completo.pdfDissertação - Diego Stelman de Medeiros Gonçalves - 2020 - Completo.pdfapplication/pdf1316990http://www.bdtd.uerj.br/bitstream/1/16874/2/Disserta%C3%A7%C3%A3o+-+Diego+Stelman+de+Medeiros+Gon%C3%A7alves+-+2020+-+Completo.pdfad44ae8399fb85a0c4d807882f57000bMD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82123http://www.bdtd.uerj.br/bitstream/1/16874/1/license.txte5502652da718045d7fcd832b79fca29MD511/168742024-02-27 15:16:43.308oai:www.bdtd.uerj.br:1/16874Tk9UQTogTElDRU7Dh0EgUkVERSBTSVJJVVMKRXN0YSBsaWNlbsOnYSBkZSBleGVtcGxvIMOpIGZvcm5lY2lkYSBhcGVuYXMgcGFyYSBmaW5zIGluZm9ybWF0aXZvcy4KCkxJQ0VOw4dBIERFIERJU1RSSUJVScOHw4NPIE7Dg08tRVhDTFVTSVZBCgpDb20gYSBhcHJlc2VudGHDp8OjbyBkZXN0YSBsaWNlbsOnYSwgdm9jw6ogKG8gYXV0b3IgKGVzKSBvdSBvIHRpdHVsYXIgZG9zIGRpcmVpdG9zIGRlIGF1dG9yKSBjb25jZWRlIMOgIFVuaXZlcnNpZGFkZSAKZG8gRXN0YWRvIGRvIFJpbyBkZSBKYW5laXJvIChVRVJKKSBvIGRpcmVpdG8gbsOjby1leGNsdXNpdm8gZGUgcmVwcm9kdXppciwgIHRyYWR1emlyIChjb25mb3JtZSBkZWZpbmlkbyBhYmFpeG8pLCBlL291IApkaXN0cmlidWlyIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyAoaW5jbHVpbmRvIG8gcmVzdW1vKSBwb3IgdG9kbyBvIG11bmRvIG5vIGZvcm1hdG8gaW1wcmVzc28gZSBlbGV0csO0bmljbyBlIAplbSBxdWFscXVlciBtZWlvLCBpbmNsdWluZG8gb3MgZm9ybWF0b3Mgw6F1ZGlvIG91IHbDrWRlby4KClZvY8OqIGNvbmNvcmRhIHF1ZSBhIFVFUkogcG9kZSwgc2VtIGFsdGVyYXIgbyBjb250ZcO6ZG8sIHRyYW5zcG9yIGEgc3VhIHRlc2Ugb3UgZGlzc2VydGHDp8OjbyAKcGFyYSBxdWFscXVlciBtZWlvIG91IGZvcm1hdG8gcGFyYSBmaW5zIGRlIHByZXNlcnZhw6fDo28uCgpWb2PDqiB0YW1iw6ltIGNvbmNvcmRhIHF1ZSBhIFVFUkogcG9kZSBtYW50ZXIgbWFpcyBkZSB1bWEgY8OzcGlhIGEgc3VhIHRlc2Ugb3UgCmRpc3NlcnRhw6fDo28gcGFyYSBmaW5zIGRlIHNlZ3VyYW7Dp2EsIGJhY2stdXAgZSBwcmVzZXJ2YcOnw6NvLgoKVm9jw6ogZGVjbGFyYSBxdWUgYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIMOpIG9yaWdpbmFsIGUgcXVlIHZvY8OqIHRlbSBvIHBvZGVyIGRlIGNvbmNlZGVyIG9zIGRpcmVpdG9zIGNvbnRpZG9zIApuZXN0YSBsaWNlbsOnYS4gVm9jw6ogdGFtYsOpbSBkZWNsYXJhIHF1ZSBvIGRlcMOzc2l0byBkYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIG7Do28sIHF1ZSBzZWphIGRlIHNldSAKY29uaGVjaW1lbnRvLCBpbmZyaW5nZSBkaXJlaXRvcyBhdXRvcmFpcyBkZSBuaW5ndcOpbS4KCkNhc28gYSBzdWEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvIGNvbnRlbmhhIG1hdGVyaWFsIHF1ZSB2b2PDqiBuw6NvIHBvc3N1aSBhIHRpdHVsYXJpZGFkZSBkb3MgZGlyZWl0b3MgYXV0b3JhaXMsIHZvY8OqIApkZWNsYXJhIHF1ZSBvYnRldmUgYSBwZXJtaXNzw6NvIGlycmVzdHJpdGEgZG8gZGV0ZW50b3IgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIHBhcmEgY29uY2VkZXIgw6AgVUVSSiBvcyBkaXJlaXRvcyBhcHJlc2VudGFkb3MgbmVzdGEgbGljZW7Dp2EsIGUgcXVlIGVzc2UgbWF0ZXJpYWwgZGUgcHJvcHJpZWRhZGUgZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUgCmlkZW50aWZpY2FkbyBlIHJlY29uaGVjaWRvIG5vIHRleHRvIG91IG5vIGNvbnRlw7pkbyBkYSB0ZXNlIG91IGRpc3NlcnRhw6fDo28gb3JhIGRlcG9zaXRhZGEuCgpDQVNPIEEgVEVTRSBPVSBESVNTRVJUQcOHw4NPIE9SQSBERVBPU0lUQURBIFRFTkhBIFNJRE8gUkVTVUxUQURPIERFIFVNIFBBVFJPQ8ONTklPIE9VIApBUE9JTyBERSBVTUEgQUfDik5DSUEgREUgRk9NRU5UTyBPVSBPVVRSTyBPUkdBTklTTU8gUVVFIE7Dg08gU0VKQSBFU1RBClVOSVZFUlNJREFERSwgVk9Dw4ogREVDTEFSQSBRVUUgUkVTUEVJVE9VIFRPRE9TIEUgUVVBSVNRVUVSIERJUkVJVE9TIERFIFJFVklTw4NPIENPTU8gClRBTULDiU0gQVMgREVNQUlTIE9CUklHQcOHw5VFUyBFWElHSURBUyBQT1IgQ09OVFJBVE8gT1UgQUNPUkRPLgoKQSBVbml2ZXJzaWRhZGUgZG8gRXN0YWRvIGRvIFJpbyBkZSBKYW5laXJvIChVRVJKKSBzZSBjb21wcm9tZXRlIGEgaWRlbnRpZmljYXIgY2xhcmFtZW50ZSBvIHNldSBub21lIChzKSBvdSBvKHMpIG5vbWUocykgZG8ocykgCmRldGVudG9yKGVzKSBkb3MgZGlyZWl0b3MgYXV0b3JhaXMgZGEgdGVzZSBvdSBkaXNzZXJ0YcOnw6NvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzIApjb25jZWRpZGFzIHBvciBlc3RhIGxpY2Vuw6dhLgo=Biblioteca Digital de Teses e Dissertaçõeshttp://www.bdtd.uerj.br/PUBhttps://www.bdtd.uerj.br:8443/oai/requestbdtd.suporte@uerj.bropendoar:29032024-02-27T18:16:43Biblioteca Digital de Teses e Dissertações da UERJ - Universidade do Estado do Rio de Janeiro (UERJ)false
dc.title.por.fl_str_mv Sistema de proteção contra-ataques de botnets usando redes definidas por software
dc.title.alternative.eng.fl_str_mv Botnet attack protection system using software defined networks
title Sistema de proteção contra-ataques de botnets usando redes definidas por software
spellingShingle Sistema de proteção contra-ataques de botnets usando redes definidas por software
Gonçalves, Diego Stelman de Medeiros
Electronic engineering
Data protection
Extranets
Computer network
Software - Protection
Engenharia eletrônica
Proteção de dados
Extranets
Redes de computadores
Software - Proteção
ENGENHARIAS::ENGENHARIA ELETRICA::TELECOMUNICACOES
title_short Sistema de proteção contra-ataques de botnets usando redes definidas por software
title_full Sistema de proteção contra-ataques de botnets usando redes definidas por software
title_fullStr Sistema de proteção contra-ataques de botnets usando redes definidas por software
title_full_unstemmed Sistema de proteção contra-ataques de botnets usando redes definidas por software
title_sort Sistema de proteção contra-ataques de botnets usando redes definidas por software
author Gonçalves, Diego Stelman de Medeiros
author_facet Gonçalves, Diego Stelman de Medeiros
author_role author
dc.contributor.advisor1.fl_str_mv Rubinstein, Marcelo Gonçalves
dc.contributor.advisor1Lattes.fl_str_mv http://lattes.cnpq.br/2787725227134746
dc.contributor.advisor2.fl_str_mv Couto, Rodrigo de Souza
dc.contributor.advisor2Lattes.fl_str_mv http://lattes.cnpq.br/2902496394823593
dc.contributor.referee1.fl_str_mv Sztajnberg, Alexandre
dc.contributor.referee1Lattes.fl_str_mv http://lattes.cnpq.br/0403732822984772
dc.contributor.referee2.fl_str_mv Campista, Miguel Elias Mitre
dc.contributor.referee2Lattes.fl_str_mv http://lattes.cnpq.br/4256483085616956
dc.contributor.authorLattes.fl_str_mv http://lattes.cnpq.br/6669417907654622
dc.contributor.author.fl_str_mv Gonçalves, Diego Stelman de Medeiros
contributor_str_mv Rubinstein, Marcelo Gonçalves
Couto, Rodrigo de Souza
Sztajnberg, Alexandre
Campista, Miguel Elias Mitre
dc.subject.eng.fl_str_mv Electronic engineering
Data protection
Extranets
Computer network
Software - Protection
topic Electronic engineering
Data protection
Extranets
Computer network
Software - Protection
Engenharia eletrônica
Proteção de dados
Extranets
Redes de computadores
Software - Proteção
ENGENHARIAS::ENGENHARIA ELETRICA::TELECOMUNICACOES
dc.subject.por.fl_str_mv Engenharia eletrônica
Proteção de dados
Extranets
Redes de computadores
Software - Proteção
dc.subject.cnpq.fl_str_mv ENGENHARIAS::ENGENHARIA ELETRICA::TELECOMUNICACOES
description Denial of service attacks are growing every year requiring financial and technolo- gical investments by corporations to prevent damage to their services provided on the Internet. In general, protection systems against these attacks are implemented using ex- pensive equipment that processes a high volume of traffic. In addition, some companies offer malicious traffic handling services to other autonomous systems on the Internet that are also expensive. This dissertation proposes a protection system against HTTP flood botnet attacks based on SDN (Software Defined Networking) network technology using the collaboration of other ASs. These ASs use SDN networks controlled through a VPN by the protection system of the web server targeted by the attacks. Another implemented VPN is used to allow collaborating ASs to send requests directly to the web server that is protected by the original system. The requests destined to the web server with the final service are answered by the system and receive a redirection to the real destination of the protected application. Through the implementation of the system with SDN, each request will have a permissive flow written on a virtual switch that gives access to the web server. Since requests from botnets will not access the actual destination because they do not follow the received redirect, only requests from legitimate clients will reach the protected server. This allows the system to differentiate attacking IPs from legitimate client IPs. In this way, attackers are blocked through blocking flows inserted into the system’s virtual input switch. The proposed system was implemented and performance evaluations were carried out. The results obtained show gradual reductions in CPU consumption of the local controller server, during an attack, as collaborating ASs are added to the system. With six collaborating ASs and the system under attack, a drop in CPU consumption of the local controller server of 65.32%, a drop in latency perceived by customers from 6 s to approximately 400 ms and a drop in in 78% web server CPU consumption.
publishDate 2020
dc.date.issued.fl_str_mv 2020-02-19
dc.date.accessioned.fl_str_mv 2021-11-05T23:59:58Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.citation.fl_str_mv GONÇALVES, Diego Stelman de Medeiros. Sistema de proteção contra-ataques de botnets usando redes definidas por software. 2020. 63 f. Dissertação (Mestrado em Engenharia Eletrônica) - Faculdade de Engenharia, Universidade do Estado do Rio de Janeiro, Rio de Janeiro, 2020.
dc.identifier.uri.fl_str_mv http://www.bdtd.uerj.br/handle/1/16874
identifier_str_mv GONÇALVES, Diego Stelman de Medeiros. Sistema de proteção contra-ataques de botnets usando redes definidas por software. 2020. 63 f. Dissertação (Mestrado em Engenharia Eletrônica) - Faculdade de Engenharia, Universidade do Estado do Rio de Janeiro, Rio de Janeiro, 2020.
url http://www.bdtd.uerj.br/handle/1/16874
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Universidade do Estado do Rio de Janeiro
dc.publisher.program.fl_str_mv Programa de Pós-Graduação em Engenharia Eletrônica
dc.publisher.initials.fl_str_mv UERJ
dc.publisher.country.fl_str_mv Brasil
dc.publisher.department.fl_str_mv Centro de Tecnologia e Ciências::Faculdade de Engenharia
publisher.none.fl_str_mv Universidade do Estado do Rio de Janeiro
dc.source.none.fl_str_mv reponame:Biblioteca Digital de Teses e Dissertações da UERJ
instname:Universidade do Estado do Rio de Janeiro (UERJ)
instacron:UERJ
instname_str Universidade do Estado do Rio de Janeiro (UERJ)
instacron_str UERJ
institution UERJ
reponame_str Biblioteca Digital de Teses e Dissertações da UERJ
collection Biblioteca Digital de Teses e Dissertações da UERJ
bitstream.url.fl_str_mv http://www.bdtd.uerj.br/bitstream/1/16874/2/Disserta%C3%A7%C3%A3o+-+Diego+Stelman+de+Medeiros+Gon%C3%A7alves+-+2020+-+Completo.pdf
http://www.bdtd.uerj.br/bitstream/1/16874/1/license.txt
bitstream.checksum.fl_str_mv ad44ae8399fb85a0c4d807882f57000b
e5502652da718045d7fcd832b79fca29
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da UERJ - Universidade do Estado do Rio de Janeiro (UERJ)
repository.mail.fl_str_mv bdtd.suporte@uerj.br
_version_ 1811728701036953600

Registros relacionados