Data plane-based defense system against ddos attacks for software defined networks


Tezin Türü: Yüksek Lisans

Tezin Yürütüldüğü Kurum: Orta Doğu Teknik Üniversitesi, Mühendislik Fakültesi, Elektrik ve Elektronik Mühendisliği Bölümü, Türkiye

Tezin Onay Tarihi: 2018

Öğrenci: AHMET GÖZÜTOK

Danışman: CÜNEYT FEHMİ BAZLAMAÇCI

Özet:

Software Defined Network (SDN) is a new networking architecture. It offers promising advances and provides remarkable solutions to certain challenges in this area, yet it is still vulnerable to Distributed Denial of Service (DDoS) attacks. DDoS attacks cause devastating impacts on the SDN architecture, which may lead to failure of an entire SDN network. There is no generally accepted network defense system against these attacks for SDN architecture; in addition, there are many unresolved problems in this area. This thesis provides the MiddleModule system, which is a Network/Transport-Level DDoS attack detection and prevention system framework designed for SDN architecture. The MiddleModule system proposes a data plane-based DDoS defense system, which means this system suggests deploying the monitoring, detection and the prevention capabilities into the data plane devices, namely OpenFlow switches. In addition, the thesis states several requirements that a data plane-based defense system should satisfy and provides several attack detection algorithms against various Network/Transport-Level DDoS attack types. In the scope of this thesis, an extensive evaluation is performed on the proposed framework and on the detection algorithms, using different evaluation scenarios. The evaluation results are compared with the similar studies in the literature. Moreover, a detailed literature analysis is provided in this thesis, by explaining and classifying the related studies.