هبة صلاح ياسين
Abstract
Software Defined Network (SDN) is a modern network architecture that has a centralized controller. It differs from traditional networks for being more flexible and programmable due to separation of the control plane from the data plane. However, this paradigm faces the danger of Distributed Denial of Service (DDoS) attacks which are one of the most interesting subjects in the security field because of the widespread use of these attacks. In this thesis, two algorithms are proposed to protect networks and servers from these attacks in SDN based on entropy. The first algorithm is Lower Entropy Detection (LED) which it is using the entropy to isolate the suspected traffic at a backup server outside the data center to distribute the huge amount of traffic in more than one server and avoid congestion on switches. The results of this algorithm are introduced using three scenarios to show an increase in the throughput of the server about 16% and reduce the CPU load to 8.7% during attacks compared with the direct block mitigation method, which was mostly used with entropy detection in previous research. The second algorithm is Entropy and Q-learning algorithm (EQD) which is using Reinforcement Learning to detect the DDoS attacks based on entropy. It is redirecting the traffic to the edge of the data center through a second controller to a honeypot server. This algorithm results are obtained by a number of scenarios that show how to distinguish between DDoS attacks and flash crowds based on MAC address and time delay. Moreover, there is an increase about 50% in the throughput of the server and reduce the CPU load to 23.7% compared with entropy detection in previous research.
This thesis uses the mininet emulator for network topology, real SDN controller python network operating system (POX) to manage the network, and Open V Switch which is supporting OpenFlow protocol. The Scapy and Hping3 are tools used to create normal and DDoS attacks. Moreover, measurement tools are Iperf, Wireshark, Analysis of Variance (ANOVA), and Least Significant Difference (LSD).
