Mecanismo de prevenção de ataque DDoS em redes SDN
Autor(a) principal: | |
---|---|
Data de Publicação: | 2021 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Repositório Institucional da UFS |
Texto Completo: | https://ri.ufs.br/jspui/handle/riufs/15014 |
Resumo: | The Software Defined Network (SDN) offers benefits such as scalability, flexibility, monitoring and ease of innovation, due to its main characteristic of separating the data plane from the control plane. Communication between the controller and the data plane is carried out through the OpenFlow protocol, allowing the sending and receiving of messages from a switch that supports this protocol. In this way, it allows the SDN controller to send instructions through codes developed in various programming languages to the network devices. Due to its logically centralized and software-controlled structure, the controller becomes a strategic target in carrying out attacks. Among the many existing threats, the distributed denial of service (DDoS) attack has a destructive effect on SDN networks. The main objective of this cyber attack is for legitimate users to be harmed due to denial of service. The execution of the attack has distinct phases and counts on infected devices which are called bots, forming an army known as botnet. DDoS attack prevention involves methods that aim to prevent the network infrastructure from falling victim to this form of attack. Given the results observed through a systematic mapping, we decided in this work to propose and analyze a mechanism for preventing DDoS attacks in SDN networks that acts in the first phase of the attack, protecting the SDN controller. Of the two types of existing scans (horizontal and vertical), it was observed from the experiments that the engine obtains from 98.64% to 99.37% accuracy, 63.89% to 82.76% accuracy and 77.97% to 84.62% F1-Score for vertical scanning and 99.73% to 100% accuracy, 99.46% to 100% precision and 99.73% to 100% F1-Score for horizontal scanning. It can be useful for SDN network administrators in the context of defending this type of infrastructure. |
id |
UFS-2_05e209d161528b32b1eb2ad5d67aa998 |
---|---|
oai_identifier_str |
oai:ufs.br:riufs/15014 |
network_acronym_str |
UFS-2 |
network_name_str |
Repositório Institucional da UFS |
repository_id_str |
|
spelling |
Vieira, Alfredo MenezesRibeiro, Admilson de Ribamar LimaMatos Junior, Rubens de Souza2022-02-07T17:44:48Z2022-02-07T17:44:48Z2021-09-23VIEIRA, Alfredo Menezes. Mecanismo de prevenção de ataque DDoS em redes SDN. 2021. 83 f. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Sergipe, São Cristóvão, 2021.https://ri.ufs.br/jspui/handle/riufs/15014The Software Defined Network (SDN) offers benefits such as scalability, flexibility, monitoring and ease of innovation, due to its main characteristic of separating the data plane from the control plane. Communication between the controller and the data plane is carried out through the OpenFlow protocol, allowing the sending and receiving of messages from a switch that supports this protocol. In this way, it allows the SDN controller to send instructions through codes developed in various programming languages to the network devices. Due to its logically centralized and software-controlled structure, the controller becomes a strategic target in carrying out attacks. Among the many existing threats, the distributed denial of service (DDoS) attack has a destructive effect on SDN networks. The main objective of this cyber attack is for legitimate users to be harmed due to denial of service. The execution of the attack has distinct phases and counts on infected devices which are called bots, forming an army known as botnet. DDoS attack prevention involves methods that aim to prevent the network infrastructure from falling victim to this form of attack. Given the results observed through a systematic mapping, we decided in this work to propose and analyze a mechanism for preventing DDoS attacks in SDN networks that acts in the first phase of the attack, protecting the SDN controller. Of the two types of existing scans (horizontal and vertical), it was observed from the experiments that the engine obtains from 98.64% to 99.37% accuracy, 63.89% to 82.76% accuracy and 77.97% to 84.62% F1-Score for vertical scanning and 99.73% to 100% accuracy, 99.46% to 100% precision and 99.73% to 100% F1-Score for horizontal scanning. It can be useful for SDN network administrators in the context of defending this type of infrastructure.A Rede Definida por Software (SDN) oferece benefícios como escalabilidade, flexibilidade, monitoramento e facilidade de inovação, pela sua característica principal de separar o plano de dados do plano de controle. A comunicação entre o controlador e o plano de dados é realizada por meio do protocolo OpenFlow, permitindo o envio e o recebimento de mensagens de um switch com suporte deste protocolo. Desse modo, permite que o controlador SDN envie instruções por meio de códigos desenvolvidos em diversas linguagens de programação para os dispositivos de rede. Devido a sua estrutura logicamente centralizada e controlada por software, o controlador se torna um alvo estratégico na realização de ataques. Dentre as diversas ameaças existentes, o ataque distribuído de negação de serviço (DDoS) possui um efeito destrutivo em redes SDN. O principal objetivo deste ataque cibernético é que os usuários legítimos sejam prejudicados devido à negação de serviço. A realização do ataque possui fases distintas e conta com dispositivos infectados os quais são chamados de bot, formando-se um exército conhecido como botnet. A prevenção contra o ataque DDoS envolve métodos que tem como objetivo evitar que a infraestrutura de rede seja uma vítima desta forma de ataque. Diante dos resultados observados por meio de um mapeamento sistemático, resolvemos neste trabalho propor e analisar um mecanismo de prevenção de ataques DDoS em redes SDN que atue na primeira fase do ataque, na proteção do controlador SDN. Dos dois tipos de varreduras existentes (horizontal e vertical), foram observados a partir dos experimentos que o mecanismo obtém de 98,64% a 99,37% de acurácia, 63,89% a 82,76% de precisão e 77,97% a 84,62% F1-Score para varredura vertical e 99,73% a 100% de acurácia, 99,46% a 100% de precisão e 99,73% a 100% F1-Score para varredura horizontal. Pode ser útil para administradores de redes SDN no contexto de defesa desse tipo de infraestrutura.São CristóvãoporComputaçãoRede definida por software (Tecnologia de rede de computador)Proteção de dadosAtaque Distribuído de Negação de ServiçoDDoSRede Definida por SoftwareSDNPrevençãoDistributed Denial of Service Attack (DDoS)Software Defined Network (SDN)PreventionCIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOMecanismo de prevenção de ataque DDoS em redes SDNinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisPós-Graduação em Ciência da ComputaçãoUniversidade Federal de Sergipereponame:Repositório Institucional da UFSinstname:Universidade Federal de Sergipe (UFS)instacron:UFSinfo:eu-repo/semantics/openAccessORIGINALALFREDO_MENEZES_VIEIRA.pdfALFREDO_MENEZES_VIEIRA.pdfapplication/pdf7854332https://ri.ufs.br/jspui/bitstream/riufs/15014/2/ALFREDO_MENEZES_VIEIRA.pdf5d89af28cad7f3fa48847383442ae3d0MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-81475https://ri.ufs.br/jspui/bitstream/riufs/15014/1/license.txt098cbbf65c2c15e1fb2e49c5d306a44cMD51TEXTALFREDO_MENEZES_VIEIRA.pdf.txtALFREDO_MENEZES_VIEIRA.pdf.txtExtracted texttext/plain140578https://ri.ufs.br/jspui/bitstream/riufs/15014/3/ALFREDO_MENEZES_VIEIRA.pdf.txt02bff46d71af4c32dc1ced9d00ad5147MD53THUMBNAILALFREDO_MENEZES_VIEIRA.pdf.jpgALFREDO_MENEZES_VIEIRA.pdf.jpgGenerated Thumbnailimage/jpeg1375https://ri.ufs.br/jspui/bitstream/riufs/15014/4/ALFREDO_MENEZES_VIEIRA.pdf.jpgac89373c5b948dc4fedb764569a42e10MD54riufs/150142022-02-07 14:44:52.369oai:ufs.br:riufs/15014TElDRU7Dh0EgREUgRElTVFJJQlVJw4fDg08gTsODTy1FWENMVVNJVkEKCkNvbSBhIGFwcmVzZW50YcOnw6NvIGRlc3RhIGxpY2Vuw6dhLCB2b2PDqiAobyBhdXRvcihlcykgb3UgbyB0aXR1bGFyIGRvcyBkaXJlaXRvcyBkZSBhdXRvcikgY29uY2VkZSDDoCBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTZXJnaXBlIG8gZGlyZWl0byBuw6NvLWV4Y2x1c2l2byBkZSByZXByb2R1emlyIHNldSB0cmFiYWxobyBubyBmb3JtYXRvIGVsZXRyw7RuaWNvLCBpbmNsdWluZG8gb3MgZm9ybWF0b3Mgw6F1ZGlvIG91IHbDrWRlby4KClZvY8OqIGNvbmNvcmRhIHF1ZSBhIFVuaXZlcnNpZGFkZSBGZWRlcmFsIGRlIFNlcmdpcGUgcG9kZSwgc2VtIGFsdGVyYXIgbyBjb250ZcO6ZG8sIHRyYW5zcG9yIHNldSB0cmFiYWxobyBwYXJhIHF1YWxxdWVyIG1laW8gb3UgZm9ybWF0byBwYXJhIGZpbnMgZGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIHRhbWLDqW0gY29uY29yZGEgcXVlIGEgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU2VyZ2lwZSBwb2RlIG1hbnRlciBtYWlzIGRlIHVtYSBjw7NwaWEgZGUgc2V1IHRyYWJhbGhvIHBhcmEgZmlucyBkZSBzZWd1cmFuw6dhLCBiYWNrLXVwIGUgcHJlc2VydmHDp8Ojby4KClZvY8OqIGRlY2xhcmEgcXVlIHNldSB0cmFiYWxobyDDqSBvcmlnaW5hbCBlIHF1ZSB2b2PDqiB0ZW0gbyBwb2RlciBkZSBjb25jZWRlciBvcyBkaXJlaXRvcyBjb250aWRvcyBuZXN0YSBsaWNlbsOnYS4gVm9jw6ogdGFtYsOpbSBkZWNsYXJhIHF1ZSBvIGRlcMOzc2l0bywgcXVlIHNlamEgZGUgc2V1IGNvbmhlY2ltZW50bywgbsOjbyBpbmZyaW5nZSBkaXJlaXRvcyBhdXRvcmFpcyBkZSBuaW5ndcOpbS4KCkNhc28gbyB0cmFiYWxobyBjb250ZW5oYSBtYXRlcmlhbCBxdWUgdm9jw6ogbsOjbyBwb3NzdWkgYSB0aXR1bGFyaWRhZGUgZG9zIGRpcmVpdG9zIGF1dG9yYWlzLCB2b2PDqiBkZWNsYXJhIHF1ZSBvYnRldmUgYSBwZXJtaXNzw6NvIGlycmVzdHJpdGEgZG8gZGV0ZW50b3IgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIHBhcmEgY29uY2VkZXIgw6AgVW5pdmVyc2lkYWRlIEZlZGVyYWwgZGUgU2VyZ2lwZSBvcyBkaXJlaXRvcyBhcHJlc2VudGFkb3MgbmVzdGEgbGljZW7Dp2EsIGUgcXVlIGVzc2UgbWF0ZXJpYWwgZGUgcHJvcHJpZWRhZGUgZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUgaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gb3Ugbm8gY29udGXDumRvLgoKQSBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBTZXJnaXBlIHNlIGNvbXByb21ldGUgYSBpZGVudGlmaWNhciBjbGFyYW1lbnRlIG8gc2V1IG5vbWUocykgb3UgbyhzKSBub21lKHMpIGRvKHMpIApkZXRlbnRvcihlcykgZG9zIGRpcmVpdG9zIGF1dG9yYWlzIGRvIHRyYWJhbGhvLCBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIGFsw6ltIGRhcXVlbGFzIGNvbmNlZGlkYXMgcG9yIGVzdGEgbGljZW7Dp2EuIAo=Repositório InstitucionalPUBhttps://ri.ufs.br/oai/requestrepositorio@academico.ufs.bropendoar:2022-02-07T17:44:52Repositório Institucional da UFS - Universidade Federal de Sergipe (UFS)false |
dc.title.pt_BR.fl_str_mv |
Mecanismo de prevenção de ataque DDoS em redes SDN |
title |
Mecanismo de prevenção de ataque DDoS em redes SDN |
spellingShingle |
Mecanismo de prevenção de ataque DDoS em redes SDN Vieira, Alfredo Menezes Computação Rede definida por software (Tecnologia de rede de computador) Proteção de dados Ataque Distribuído de Negação de Serviço DDoS Rede Definida por Software SDN Prevenção Distributed Denial of Service Attack (DDoS) Software Defined Network (SDN) Prevention CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
title_short |
Mecanismo de prevenção de ataque DDoS em redes SDN |
title_full |
Mecanismo de prevenção de ataque DDoS em redes SDN |
title_fullStr |
Mecanismo de prevenção de ataque DDoS em redes SDN |
title_full_unstemmed |
Mecanismo de prevenção de ataque DDoS em redes SDN |
title_sort |
Mecanismo de prevenção de ataque DDoS em redes SDN |
author |
Vieira, Alfredo Menezes |
author_facet |
Vieira, Alfredo Menezes |
author_role |
author |
dc.contributor.author.fl_str_mv |
Vieira, Alfredo Menezes |
dc.contributor.advisor1.fl_str_mv |
Ribeiro, Admilson de Ribamar Lima |
dc.contributor.advisor-co1.fl_str_mv |
Matos Junior, Rubens de Souza |
contributor_str_mv |
Ribeiro, Admilson de Ribamar Lima Matos Junior, Rubens de Souza |
dc.subject.por.fl_str_mv |
Computação Rede definida por software (Tecnologia de rede de computador) Proteção de dados Ataque Distribuído de Negação de Serviço DDoS Rede Definida por Software SDN Prevenção |
topic |
Computação Rede definida por software (Tecnologia de rede de computador) Proteção de dados Ataque Distribuído de Negação de Serviço DDoS Rede Definida por Software SDN Prevenção Distributed Denial of Service Attack (DDoS) Software Defined Network (SDN) Prevention CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
dc.subject.eng.fl_str_mv |
Distributed Denial of Service Attack (DDoS) Software Defined Network (SDN) Prevention |
dc.subject.cnpq.fl_str_mv |
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
description |
The Software Defined Network (SDN) offers benefits such as scalability, flexibility, monitoring and ease of innovation, due to its main characteristic of separating the data plane from the control plane. Communication between the controller and the data plane is carried out through the OpenFlow protocol, allowing the sending and receiving of messages from a switch that supports this protocol. In this way, it allows the SDN controller to send instructions through codes developed in various programming languages to the network devices. Due to its logically centralized and software-controlled structure, the controller becomes a strategic target in carrying out attacks. Among the many existing threats, the distributed denial of service (DDoS) attack has a destructive effect on SDN networks. The main objective of this cyber attack is for legitimate users to be harmed due to denial of service. The execution of the attack has distinct phases and counts on infected devices which are called bots, forming an army known as botnet. DDoS attack prevention involves methods that aim to prevent the network infrastructure from falling victim to this form of attack. Given the results observed through a systematic mapping, we decided in this work to propose and analyze a mechanism for preventing DDoS attacks in SDN networks that acts in the first phase of the attack, protecting the SDN controller. Of the two types of existing scans (horizontal and vertical), it was observed from the experiments that the engine obtains from 98.64% to 99.37% accuracy, 63.89% to 82.76% accuracy and 77.97% to 84.62% F1-Score for vertical scanning and 99.73% to 100% accuracy, 99.46% to 100% precision and 99.73% to 100% F1-Score for horizontal scanning. It can be useful for SDN network administrators in the context of defending this type of infrastructure. |
publishDate |
2021 |
dc.date.issued.fl_str_mv |
2021-09-23 |
dc.date.accessioned.fl_str_mv |
2022-02-07T17:44:48Z |
dc.date.available.fl_str_mv |
2022-02-07T17:44:48Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.citation.fl_str_mv |
VIEIRA, Alfredo Menezes. Mecanismo de prevenção de ataque DDoS em redes SDN. 2021. 83 f. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Sergipe, São Cristóvão, 2021. |
dc.identifier.uri.fl_str_mv |
https://ri.ufs.br/jspui/handle/riufs/15014 |
identifier_str_mv |
VIEIRA, Alfredo Menezes. Mecanismo de prevenção de ataque DDoS em redes SDN. 2021. 83 f. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Sergipe, São Cristóvão, 2021. |
url |
https://ri.ufs.br/jspui/handle/riufs/15014 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.publisher.program.fl_str_mv |
Pós-Graduação em Ciência da Computação |
dc.publisher.initials.fl_str_mv |
Universidade Federal de Sergipe |
dc.source.none.fl_str_mv |
reponame:Repositório Institucional da UFS instname:Universidade Federal de Sergipe (UFS) instacron:UFS |
instname_str |
Universidade Federal de Sergipe (UFS) |
instacron_str |
UFS |
institution |
UFS |
reponame_str |
Repositório Institucional da UFS |
collection |
Repositório Institucional da UFS |
bitstream.url.fl_str_mv |
https://ri.ufs.br/jspui/bitstream/riufs/15014/2/ALFREDO_MENEZES_VIEIRA.pdf https://ri.ufs.br/jspui/bitstream/riufs/15014/1/license.txt https://ri.ufs.br/jspui/bitstream/riufs/15014/3/ALFREDO_MENEZES_VIEIRA.pdf.txt https://ri.ufs.br/jspui/bitstream/riufs/15014/4/ALFREDO_MENEZES_VIEIRA.pdf.jpg |
bitstream.checksum.fl_str_mv |
5d89af28cad7f3fa48847383442ae3d0 098cbbf65c2c15e1fb2e49c5d306a44c 02bff46d71af4c32dc1ced9d00ad5147 ac89373c5b948dc4fedb764569a42e10 |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
repository.name.fl_str_mv |
Repositório Institucional da UFS - Universidade Federal de Sergipe (UFS) |
repository.mail.fl_str_mv |
repositorio@academico.ufs.br |
_version_ |
1802110708126580736 |