Mecanismo de prevenção de ataque DDoS em redes SDN

Detalhes bibliográficos
Autor(a) principal: Vieira, Alfredo Menezes
Data de Publicação: 2021
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Repositório Institucional da UFS
Texto Completo: https://ri.ufs.br/jspui/handle/riufs/15014
Resumo: The Software Defined Network (SDN) offers benefits such as scalability, flexibility, monitoring and ease of innovation, due to its main characteristic of separating the data plane from the control plane. Communication between the controller and the data plane is carried out through the OpenFlow protocol, allowing the sending and receiving of messages from a switch that supports this protocol. In this way, it allows the SDN controller to send instructions through codes developed in various programming languages to the network devices. Due to its logically centralized and software-controlled structure, the controller becomes a strategic target in carrying out attacks. Among the many existing threats, the distributed denial of service (DDoS) attack has a destructive effect on SDN networks. The main objective of this cyber attack is for legitimate users to be harmed due to denial of service. The execution of the attack has distinct phases and counts on infected devices which are called bots, forming an army known as botnet. DDoS attack prevention involves methods that aim to prevent the network infrastructure from falling victim to this form of attack. Given the results observed through a systematic mapping, we decided in this work to propose and analyze a mechanism for preventing DDoS attacks in SDN networks that acts in the first phase of the attack, protecting the SDN controller. Of the two types of existing scans (horizontal and vertical), it was observed from the experiments that the engine obtains from 98.64% to 99.37% accuracy, 63.89% to 82.76% accuracy and 77.97% to 84.62% F1-Score for vertical scanning and 99.73% to 100% accuracy, 99.46% to 100% precision and 99.73% to 100% F1-Score for horizontal scanning. It can be useful for SDN network administrators in the context of defending this type of infrastructure.
id UFS-2_05e209d161528b32b1eb2ad5d67aa998
oai_identifier_str oai:ufs.br:riufs/15014
network_acronym_str UFS-2
network_name_str Repositório Institucional da UFS
repository_id_str
spelling Vieira, Alfredo MenezesRibeiro, Admilson de Ribamar LimaMatos Junior, Rubens de Souza2022-02-07T17:44:48Z2022-02-07T17:44:48Z2021-09-23VIEIRA, Alfredo Menezes. Mecanismo de prevenção de ataque DDoS em redes SDN. 2021. 83 f. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Sergipe, São Cristóvão, 2021.https://ri.ufs.br/jspui/handle/riufs/15014The Software Defined Network (SDN) offers benefits such as scalability, flexibility, monitoring and ease of innovation, due to its main characteristic of separating the data plane from the control plane. Communication between the controller and the data plane is carried out through the OpenFlow protocol, allowing the sending and receiving of messages from a switch that supports this protocol. In this way, it allows the SDN controller to send instructions through codes developed in various programming languages to the network devices. Due to its logically centralized and software-controlled structure, the controller becomes a strategic target in carrying out attacks. Among the many existing threats, the distributed denial of service (DDoS) attack has a destructive effect on SDN networks. The main objective of this cyber attack is for legitimate users to be harmed due to denial of service. The execution of the attack has distinct phases and counts on infected devices which are called bots, forming an army known as botnet. DDoS attack prevention involves methods that aim to prevent the network infrastructure from falling victim to this form of attack. Given the results observed through a systematic mapping, we decided in this work to propose and analyze a mechanism for preventing DDoS attacks in SDN networks that acts in the first phase of the attack, protecting the SDN controller. Of the two types of existing scans (horizontal and vertical), it was observed from the experiments that the engine obtains from 98.64% to 99.37% accuracy, 63.89% to 82.76% accuracy and 77.97% to 84.62% F1-Score for vertical scanning and 99.73% to 100% accuracy, 99.46% to 100% precision and 99.73% to 100% F1-Score for horizontal scanning. It can be useful for SDN network administrators in the context of defending this type of infrastructure.A Rede Definida por Software (SDN) oferece benefícios como escalabilidade, flexibilidade, monitoramento e facilidade de inovação, pela sua característica principal de separar o plano de dados do plano de controle. A comunicação entre o controlador e o plano de dados é realizada por meio do protocolo OpenFlow, permitindo o envio e o recebimento de mensagens de um switch com suporte deste protocolo. Desse modo, permite que o controlador SDN envie instruções por meio de códigos desenvolvidos em diversas linguagens de programação para os dispositivos de rede. Devido a sua estrutura logicamente centralizada e controlada por software, o controlador se torna um alvo estratégico na realização de ataques. Dentre as diversas ameaças existentes, o ataque distribuído de negação de serviço (DDoS) possui um efeito destrutivo em redes SDN. O principal objetivo deste ataque cibernético é que os usuários legítimos sejam prejudicados devido à negação de serviço. A realização do ataque possui fases distintas e conta com dispositivos infectados os quais são chamados de bot, formando-se um exército conhecido como botnet. A prevenção contra o ataque DDoS envolve métodos que tem como objetivo evitar que a infraestrutura de rede seja uma vítima desta forma de ataque. Diante dos resultados observados por meio de um mapeamento sistemático, resolvemos neste trabalho propor e analisar um mecanismo de prevenção de ataques DDoS em redes SDN que atue na primeira fase do ataque, na proteção do controlador SDN. Dos dois tipos de varreduras existentes (horizontal e vertical), foram observados a partir dos experimentos que o mecanismo obtém de 98,64% a 99,37% de acurácia, 63,89% a 82,76% de precisão e 77,97% a 84,62% F1-Score para varredura vertical e 99,73% a 100% de acurácia, 99,46% a 100% de precisão e 99,73% a 100% F1-Score para varredura horizontal. Pode ser útil para administradores de redes SDN no contexto de defesa desse tipo de infraestrutura.São CristóvãoporComputaçãoRede definida por software (Tecnologia de rede de computador)Proteção de dadosAtaque Distribuído de Negação de ServiçoDDoSRede Definida por SoftwareSDNPrevençãoDistributed Denial of Service Attack (DDoS)Software Defined Network (SDN)PreventionCIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOMecanismo de prevenção de ataque DDoS em redes SDNinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisPós-Graduação em Ciência da ComputaçãoUniversidade Federal de Sergipereponame:Repositório Institucional da UFSinstname:Universidade Federal de Sergipe (UFS)instacron:UFSinfo:eu-repo/semantics/openAccessORIGINALALFREDO_MENEZES_VIEIRA.pdfALFREDO_MENEZES_VIEIRA.pdfapplication/pdf7854332https://ri.ufs.br/jspui/bitstream/riufs/15014/2/ALFREDO_MENEZES_VIEIRA.pdf5d89af28cad7f3fa48847383442ae3d0MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-81475https://ri.ufs.br/jspui/bitstream/riufs/15014/1/license.txt098cbbf65c2c15e1fb2e49c5d306a44cMD51TEXTALFREDO_MENEZES_VIEIRA.pdf.txtALFREDO_MENEZES_VIEIRA.pdf.txtExtracted texttext/plain140578https://ri.ufs.br/jspui/bitstream/riufs/15014/3/ALFREDO_MENEZES_VIEIRA.pdf.txt02bff46d71af4c32dc1ced9d00ad5147MD53THUMBNAILALFREDO_MENEZES_VIEIRA.pdf.jpgALFREDO_MENEZES_VIEIRA.pdf.jpgGenerated Thumbnailimage/jpeg1375https://ri.ufs.br/jspui/bitstream/riufs/15014/4/ALFREDO_MENEZES_VIEIRA.pdf.jpgac89373c5b948dc4fedb764569a42e10MD54riufs/150142022-02-07 14:44:52.369oai:ufs.br:riufs/15014TElDRU7Dh0EgREUgRElTVFJJQlVJw4fDg08gTsODTy1FWENMVVNJVkEKCkNvbSBhIGFwcmVzZW50YcOnw6NvIGRlc3RhIGxpY2Vuw6dhLCB2b2PDqiAobyBhdXRvcihlcykgb3UgbyB0aXR1bGFyIGRvcyBkaXJlaXRvcyBkZSBhdXRvcikgY29uY2VkZSDDoCBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTZXJnaXBlIG8gZGlyZWl0byBuw6NvLWV4Y2x1c2l2byBkZSByZXByb2R1emlyIHNldSB0cmFiYWxobyBubyBmb3JtYXRvIGVsZXRyw7RuaWNvLCBpbmNsdWluZG8gb3MgZm9ybWF0b3Mgw6F1ZGlvIG91IHbDrWRlby4KClZvY8OqIGNvbmNvcmRhIHF1ZSBhIFVuaXZlcnNpZGFkZSBGZWRlcmFsIGRlIFNlcmdpcGUgcG9kZSwgc2VtIGFsdGVyYXIgbyBjb250ZcO6ZG8sIHRyYW5zcG9yIHNldSB0cmFiYWxobyBwYXJhIHF1YWxxdWVyIG1laW8gb3UgZm9ybWF0byBwYXJhIGZpbnMgZGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIHRhbWLDqW0gY29uY29yZGEgcXVlIGEgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU2VyZ2lwZSBwb2RlIG1hbnRlciBtYWlzIGRlIHVtYSBjw7NwaWEgZGUgc2V1IHRyYWJhbGhvIHBhcmEgZmlucyBkZSBzZWd1cmFuw6dhLCBiYWNrLXVwIGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIGRlY2xhcmEgcXVlIHNldSB0cmFiYWxobyDDqSBvcmlnaW5hbCBlIHF1ZSB2b2PDqiB0ZW0gbyBwb2RlciBkZSBjb25jZWRlciBvcyBkaXJlaXRvcyBjb250aWRvcyBuZXN0YSBsaWNlbsOnYS4gVm9jw6ogdGFtYsOpbSBkZWNsYXJhIHF1ZSBvIGRlcMOzc2l0bywgcXVlIHNlamEgZGUgc2V1IGNvbmhlY2ltZW50bywgbsOjbyBpbmZyaW5nZSBkaXJlaXRvcyBhdXRvcmFpcyBkZSBuaW5ndcOpbS4KCkNhc28gbyB0cmFiYWxobyBjb250ZW5oYSBtYXRlcmlhbCBxdWUgdm9jw6ogbsOjbyBwb3NzdWkgYSB0aXR1bGFyaWRhZGUgZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCB2b2PDqiBkZWNsYXJhIHF1ZSBvYnRldmUgYSBwZXJtaXNzw6NvIGlycmVzdHJpdGEgZG8gZGV0ZW50b3IgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIHBhcmEgY29uY2VkZXIgw6AgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU2VyZ2lwZSBvcyBkaXJlaXRvcyBhcHJlc2VudGFkb3MgbmVzdGEgbGljZW7Dp2EsIGUgcXVlIGVzc2UgbWF0ZXJpYWwgZGUgcHJvcHJpZWRhZGUgZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUgaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gb3Ugbm8gY29udGXDumRvLgoKQSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTZXJnaXBlIHNlIGNvbXByb21ldGUgYSBpZGVudGlmaWNhciBjbGFyYW1lbnRlIG8gc2V1IG5vbWUocykgb3UgbyhzKSBub21lKHMpIGRvKHMpIApkZXRlbnRvcihlcykgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIGRvIHRyYWJhbGhvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzIGNvbmNlZGlkYXMgcG9yIGVzdGEgbGljZW7Dp2EuIAo=Repositório InstitucionalPUBhttps://ri.ufs.br/oai/requestrepositorio@academico.ufs.bropendoar:2022-02-07T17:44:52Repositório Institucional da UFS - Universidade Federal de Sergipe (UFS)false
dc.title.pt_BR.fl_str_mv Mecanismo de prevenção de ataque DDoS em redes SDN
title Mecanismo de prevenção de ataque DDoS em redes SDN
spellingShingle Mecanismo de prevenção de ataque DDoS em redes SDN
Vieira, Alfredo Menezes
Computação
Rede definida por software (Tecnologia de rede de computador)
Proteção de dados
Ataque Distribuído de Negação de Serviço
DDoS
Rede Definida por Software
SDN
Prevenção
Distributed Denial of Service Attack (DDoS)
Software Defined Network (SDN)
Prevention
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
title_short Mecanismo de prevenção de ataque DDoS em redes SDN
title_full Mecanismo de prevenção de ataque DDoS em redes SDN
title_fullStr Mecanismo de prevenção de ataque DDoS em redes SDN
title_full_unstemmed Mecanismo de prevenção de ataque DDoS em redes SDN
title_sort Mecanismo de prevenção de ataque DDoS em redes SDN
author Vieira, Alfredo Menezes
author_facet Vieira, Alfredo Menezes
author_role author
dc.contributor.author.fl_str_mv Vieira, Alfredo Menezes
dc.contributor.advisor1.fl_str_mv Ribeiro, Admilson de Ribamar Lima
dc.contributor.advisor-co1.fl_str_mv Matos Junior, Rubens de Souza
contributor_str_mv Ribeiro, Admilson de Ribamar Lima
Matos Junior, Rubens de Souza
dc.subject.por.fl_str_mv Computação
Rede definida por software (Tecnologia de rede de computador)
Proteção de dados
Ataque Distribuído de Negação de Serviço
DDoS
Rede Definida por Software
SDN
Prevenção
topic Computação
Rede definida por software (Tecnologia de rede de computador)
Proteção de dados
Ataque Distribuído de Negação de Serviço
DDoS
Rede Definida por Software
SDN
Prevenção
Distributed Denial of Service Attack (DDoS)
Software Defined Network (SDN)
Prevention
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
dc.subject.eng.fl_str_mv Distributed Denial of Service Attack (DDoS)
Software Defined Network (SDN)
Prevention
dc.subject.cnpq.fl_str_mv CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
description The Software Defined Network (SDN) offers benefits such as scalability, flexibility, monitoring and ease of innovation, due to its main characteristic of separating the data plane from the control plane. Communication between the controller and the data plane is carried out through the OpenFlow protocol, allowing the sending and receiving of messages from a switch that supports this protocol. In this way, it allows the SDN controller to send instructions through codes developed in various programming languages to the network devices. Due to its logically centralized and software-controlled structure, the controller becomes a strategic target in carrying out attacks. Among the many existing threats, the distributed denial of service (DDoS) attack has a destructive effect on SDN networks. The main objective of this cyber attack is for legitimate users to be harmed due to denial of service. The execution of the attack has distinct phases and counts on infected devices which are called bots, forming an army known as botnet. DDoS attack prevention involves methods that aim to prevent the network infrastructure from falling victim to this form of attack. Given the results observed through a systematic mapping, we decided in this work to propose and analyze a mechanism for preventing DDoS attacks in SDN networks that acts in the first phase of the attack, protecting the SDN controller. Of the two types of existing scans (horizontal and vertical), it was observed from the experiments that the engine obtains from 98.64% to 99.37% accuracy, 63.89% to 82.76% accuracy and 77.97% to 84.62% F1-Score for vertical scanning and 99.73% to 100% accuracy, 99.46% to 100% precision and 99.73% to 100% F1-Score for horizontal scanning. It can be useful for SDN network administrators in the context of defending this type of infrastructure.
publishDate 2021
dc.date.issued.fl_str_mv 2021-09-23
dc.date.accessioned.fl_str_mv 2022-02-07T17:44:48Z
dc.date.available.fl_str_mv 2022-02-07T17:44:48Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.citation.fl_str_mv VIEIRA, Alfredo Menezes. Mecanismo de prevenção de ataque DDoS em redes SDN. 2021. 83 f. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Sergipe, São Cristóvão, 2021.
dc.identifier.uri.fl_str_mv https://ri.ufs.br/jspui/handle/riufs/15014
identifier_str_mv VIEIRA, Alfredo Menezes. Mecanismo de prevenção de ataque DDoS em redes SDN. 2021. 83 f. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Sergipe, São Cristóvão, 2021.
url https://ri.ufs.br/jspui/handle/riufs/15014
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.publisher.program.fl_str_mv Pós-Graduação em Ciência da Computação
dc.publisher.initials.fl_str_mv Universidade Federal de Sergipe
dc.source.none.fl_str_mv reponame:Repositório Institucional da UFS
instname:Universidade Federal de Sergipe (UFS)
instacron:UFS
instname_str Universidade Federal de Sergipe (UFS)
instacron_str UFS
institution UFS
reponame_str Repositório Institucional da UFS
collection Repositório Institucional da UFS
bitstream.url.fl_str_mv https://ri.ufs.br/jspui/bitstream/riufs/15014/2/ALFREDO_MENEZES_VIEIRA.pdf
https://ri.ufs.br/jspui/bitstream/riufs/15014/1/license.txt
https://ri.ufs.br/jspui/bitstream/riufs/15014/3/ALFREDO_MENEZES_VIEIRA.pdf.txt
https://ri.ufs.br/jspui/bitstream/riufs/15014/4/ALFREDO_MENEZES_VIEIRA.pdf.jpg
bitstream.checksum.fl_str_mv 5d89af28cad7f3fa48847383442ae3d0
098cbbf65c2c15e1fb2e49c5d306a44c
02bff46d71af4c32dc1ced9d00ad5147
ac89373c5b948dc4fedb764569a42e10
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
MD5
repository.name.fl_str_mv Repositório Institucional da UFS - Universidade Federal de Sergipe (UFS)
repository.mail.fl_str_mv repositorio@academico.ufs.br
_version_ 1802110708126580736

Registros relacionados