Please use this identifier to cite or link to this item:
Title: Exploiting software-defined networks : DoS attacks and security enhancement
Authors: Gao, Shang
Advisors: Xiao, Bin (COMP)
Keywords: Software-defined networking (Computer network technology)
Computer networks -- Security measures
Issue Date: 2018
Publisher: The Hong Kong Polytechnic University
Abstract: Software-defined networking (SDN) has introduced a more flexible way to manage and control network traffic with high programmability by decoupling the control plane from the data plane in traditional networks. The attributes of centralized control and programmability in SDN can be exploited to enhance network security with a highly reactive security system. However, the same centralized structure is also considered vulnerable, which can cause severe network security problems. In the thesis, the security in SDN is studied in both identifying vulnerabilities in SDN and enhancing network security with SDN. For SDN vulnerability identification, we study the DoS attacks aiming at OpenFlow networks, and propose FloodDefender, a scalable, efficient and protocol-independent defense framework against the DoS attacks. Furthermore, we identify new SDN-aimed DDoS attacks which could use the communication bottleneck between the two planes to jam switch-controller links and overload the control plane in proactive OpenFlow networks. To mitigate the new DDoS attack, we propose FloodBarrier to reduce the communication and efficiently handle attack traffic. For the SDN-enabled security, we propose software-defined firewall (SDF) based on the architecture of SDN to enhance personal firewalls for malware detection. SDF can detect the hidden traffic generated by malware and enable programmable security policy control by abstracting the firewall architecture into control and data planes. Experimental results show that the proposed FloodDefender and FloodBarrier systems can efficiently protect OpenFlow networks against the attacks with little overhead, and SDF can successfully monitor all network traffic and improve the accuracy of malicious traffic identification.
Description: xviii, 153 pages : color illustrations
PolyU Library Call No.: [THS] LG51 .H577P COMP 2018 Gao
Rights: All rights reserved.
Appears in Collections:Thesis

Files in This Item:
File Description SizeFormat 
991022180947603411_link.htmFor PolyU Users167 BHTMLView/Open
991022180947603411_pira.pdfFor All Users (Non-printable)1.74 MBAdobe PDFView/Open
Show full item record
PIRA download icon_1.1View/Download Contents

Page view(s)

Citations as of Mar 22, 2019


Citations as of Mar 22, 2019

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.