Loading...
Mitigation of Different Network Attacks and Optimization in Software Defined Network
Citations
Altmetric:
Genre
Thesis/Dissertation
Date
2021
Advisor
Committee member
Group
Department
Computer and Information Science
Subject
Permanent link to this record
Collections
Research Projects
Organizational Units
Journal Issue
DOI
http://dx.doi.org/10.34944/dspace/6869
Abstract
Cyber attacks are growing with the increase in internet usage. There are several types of network attacks including volumetric and non-volumetric attacks.In a volumetric attack, the target resource is taken down with a huge amount of traffic. Distributed denial-of-service (DDoS) and transit-link DDoS are examples of these types of attacks.
A DDoS attack is a cyber-attack in which the attacker sends out a huge number of requests to exhaust the capacity of a server so that it can no longer serve incoming requests and DoS occurs. The most devastating distributed DoS attack is performed by malicious programs called bots.
A transit-link DDoS attack is a special attack in which the attacker sends out a huge number of requests to exhaust the capacity of a link on the path the traffic comes to a server. As a result, user traffic cannot reach the server. As a result, denial-of-service and degradation of Quality-of-Service (QoS) occur. Because the attack traffic does not go to the victim, protecting the legitimate traffic alone is hard for the victim.
With the help of a special type of router called filter router (FR), the victim can protect itself and reduce useless congestion in the network. A server can send out filters to FRs for blocking attack traffic. The victim needs to select a subset of FRs wisely to minimize attack traffic and blockage of legitimate users (LUs). By using FR, the victim can also protect the legitimate traffic. An FR can receive a filter from servers and apply the filter to block a link incident to it. The victim needs to select some of these possible congested links and send a filter to the corresponding FR so that the legitimate traffic follows non-congested paths. This way we can protect the victim/resources from the attackers that reside outside the datacenter network.
To protect the resources from the attackers that reside inside a datacenter we need to monitor all of the flows. Some of the free virtual machines (VMs) can be used as traffic monitors.
The monitoring process induces some network overhead which should be the lowest for the best performance. Monitoring becomes more challenging when the number of monitors is not enough to monitor all the flows in a datacenter. In that case, the packets in flows are sub-sampled to fit the capacity of the monitors.
In a non-volumetric attack, the attackers try to steal or get illegal authorization of some resources in a network. This type of attack can be severe even with a small amount of traffic. Non-volumetric attacks can be stopped by applying a moving target defense approach at the nodes on the attack path. An attack path is a series of steps and the attacker needs to succeed in all of those steps to gain access to the resources.
The routing in an SDN switch is controlled by the rules installed in it or provided by the controller. The SDN switches have limited capacity for the rules and the performance dramatically drops when the number of stored rules is higher. To prevent the link congestion due to regular traffic and link flooding attacks (LFA), the rules need to be changed over time to reconfigure the flow path. It takes some time to adopt the changes by the SDN switches which causes an interruption in flow. We also aim at minimizing the number of rule changes while redirecting some of the traffic from the congested link.
We contribute to solving these problems in this paper. We formulate several problems for selecting filter routers given a constraint on the number of filters. The first problem considers the source-based filter and we provide several solutions include a dynamic programming solution. The second problem considers the destination-based filter and how to minimize the total amount of attack traffic and blocked LUs. We propose a dynamic programming solution for the second problem.
To defend the transit-link DDoS attack, we formulate optimization two problems for selecting the minimum number of possible congested links so that the legitimate traffic goes through a non-congested path. We consider the scenario where every user has at least one non-congested shortest path in the first problem. We extend the first problem to a scenario where there are some users whose shortest paths are all congested. We transform the original problem to the vertex separation problem to find the links to block.
We propose a mechanism to protect against DDoS attacks originated within a datacenter. Our system is composed of two parts: flow monitoring and traffic filtering. In flow monitoring, we formulate two problems: one for finding flow assignments to monitors and another for selecting the best locations of monitors. We provide an optimal and a greedy solutions for the first and second problems, respectively.
We also propose a flow grouping and sampling rate distribution approach based on behavioral similarity among the VMs followed by hierarchical clustering of VMs. The sampling rate is uniform among all the flows in a group. We investigate the relationship between the sampling rate and the DDoS detection rate. Then, we formulate an optimization problem for finding an optimal sampling rate distribution and solve it using mix-integer linear programming.
To minimize the number of rule changes while redirecting some of the traffic from the congested link. We formulate two problems to minimize the number of rule changes to redirect traffic. The first problem is the basic and it considers a congested link and a flow to direct. We provide a Dijkstra-based and a rule merging-based solution to the problems. The second problem considers multiple flows and we propose flow grouping and rule merging based solutions.
To protect against the non-volumetric attack, we formulate an optimization problem to minimize the damage while securing the resources by deploying the minimum number of moving target defense methods. We provide a dynamic programming-based solution to this problem.
Description
Citation
Citation to related work
Has part
ADA compliance
For Americans with Disabilities Act (ADA) accommodation, including help with reading this content, please contact scholarshare@temple.edu