الفهرس | Only 14 pages are availabe for public view |
Abstract Toward the start of last years, Software Defined Network (SDN) pulled into the world’s consideration. SDN is quickly emerging as a new approach to the networking world which modified the architecture of traditional networks by separating the control plane (brains) and data plane (muscle) and makes the control plane independent, programmable, dynamic, and manageable. SDN architecture consists of three layers, the infrastructure layer, the Control layer, and the Application layer. The network management becomes simple because of this separation. It is centralized network architecture. The central controller monitors network behavior, manages network devices and network traffic, while network switches become simple forwarding devices. The controller decides where to forward network packets, from the data plane and the data plane is the plane that executes this decision and actually forwards the traffic. The central controller becomes a key to the SDN system. The controller has a global network view so it’s responsible for planning routing for packets. The controller creates rules for how network traffic is handled and routed in the network. Rules are then installed in network forwarding devices. Due to the coupling between data and control plane, Software-defined networking (SDN) has many advantages over a traditional network such as increased flexibility, cost savings and more fine-grained network management services. Despite the advantages of the separation, it introduces new protocols, networking devices and security challenges which append attack surface of the network and many security vulnerabilities, i.e., Distributed Denial-of-Service (DDoS) attacks on OpenFlow(OF) SDN networks exhaust the control plane bandwidth and overload the buffer memory of OpenFlow switch. DDoS attack on SDN becomes an important problem, and varieties of methods had been applied for detection and mitigation purposes. Currently, SDN research is growing fast significantly, and many companies plan to use it for future network. SDN architecture can reinforce the network security with its essential capacities, such as centralized network monitoring, provisioning, centralization of security and policy control, which is not exist in the current network. These features cause SDN to become one of the most significant platforms for network security developments. In this thesis, a design and implementation of secure guard to assist in solving the issue of DDoS attacks on pox controller is presented, this guard is named SGuard. A Five-tuple as feature vector is utilized for classifying traffic flow using Support Vector Machine (SVM). A Mininet is utilized to evaluate SGuard in a software environment. It is used to build topology that consists of 21 hosts, six switches, and one controller, and both normal and malicious traffic data are generated using Hping3. The introduced system is evaluated by measuring the system’s performance in terms of delay, bandwidth, traffic flow and accuracy. The traffic is monitored and evaluated to notice the difference between the normal traffic, the presence of an attack and the use of the SGuard. The bandwidth of the link between hosts is measured, and we observed that in the case of the attack over time the communication between the two hosts was interrupted. It also observed that the bandwidth with the SGuard is less than the normal traffic, but the connection is still present between the hosts. System accuracy is measured with a different number of attacking hosts and a different number of samples. The proposed model acts with a very high accuracy based on the experimental results. |