Department of Computer Science and Information Systems

Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928

Browse

Has files: NoSubject: search.filters.subject.SDN

Search Results

Now showing 1 - 10 of 11
  • No Thumbnail Available
    Item
    Enhancing flow security in RYU controller through set operations
    (IEEE, 2017) Dua, Amit
    Software-Define Networking (SDN) is a new generation architecture for managing and controlling the network in cost-effective and efficient way. This architecture segregates the network such that forwarding and control plan is now decoupled. The network is divided into three planes: Application plane, Control plane, and Data plane. SDN provides a programming interface with which a network administrator can modify the flow of data through flow rules. With these benefits and dynamism, it also open new security threats and challenges. In this paper, the possible threats at various SDN layers are discussed. Following which a possible solution to one of security threat proposed. The proposed solution based on set operation has been proven to be secure and practically applicable
  • No Thumbnail Available
    Item
    SymSDN: A DRDoS Attack Prevention Approach
    (IEEE, 2023) Gupta, Vishal
    Distributed Denial of Service (DDoS) attacks are hostile attempts toward the normal functioning of a system. The attacker exploits vulnerabilities present in various systems to convert them into botnets or bots. These bots generate massive amount of internet traffic towards the victim, choking its bandwidth, and disrupting its connectivity to the internet. Distributed Reflection Denial of Service (DRDoS) attack, a type of DDoS attack, exploit vulnerable servers to generate huge attack traffic towards the target by source IP spoofing, making them even worse. In this paper, we present a mechanism to defend against DRDoS attacks. The mechanism is based on symmetric routing that forces response packets to take the same path as that of request packets. This causes the attack to divert back to the attacker, saving the client from it and also hampering the attacker’s ability to launch further attacks. The proposed methodology, SymSDN, also optimizes flow entries to deal with the overflow of routing tables by DDoS attacks. The percentage of packet loss and the throughput calculation in the result section prove the authenticity of our proposed approach.
  • No Thumbnail Available
    Item
    Secure domain name service in software defined network
    (IEEE, 2017) Gupta, Vishal
    Domain Name Service (DNS) is an important service generally used by other application layer protocols of TCP/IP protocol stack. These protocols use DNS to translate human readable web address to machine readable IP address which is then used by other protocols of network stack for communication between computers over the network. The correctness of DNS translation cannot be compromised as it may lead to unsecure transactions with in the network. Because of this, DNS is generally a soft target for attackers and is vulnerable to different security threats including DNS spoofing, DNS cache poisoning, etc. Many solutions for such threats are proposed for traditional IP network. In this paper we talk about security loops in DNS and propose a solution for it in Software Defined Network (SDN) environment.
  • No Thumbnail Available
    Item
    DNS Amplification Based DDoS Attacks in SDN Environment: Detection and Mitigation
    (IEEE, 2019) Gupta, Vishal; Kulshrestha, Rakhee
    Domain Name System (DNS) amplification based Distributed Denial of Service (DDoS) attacks have been part of the Internet's history for a long time. Since the inception of Internet protocol, several security measures, improved protocols, and hardware have been developed but there still is not a foolproof way to avoid such DDoS attacks. Attackers have used it to congest networks and servers with the aim of disrupting services which in turn lead to huge financial losses. Software-Defined Network (SDN) environment has evolved as a promising alternative to legacy networks. It essentially gives the underlying network an external controller (brain) which makes respective network layer devices centrally programmable. This gives administrators absolute control over the network, to decide and take action on how each and every packet in the network should move around. It is predicted as the future of computer networking to thwart major cyberattacks with nearly full autonomy on the network. Through this research, it is intended to identify and mitigate DNS Amplification based DDoS attacks in such an environment. A middle-layer third-party solution is proposed to protect an organization's network by offloading the attack to an open flow enabled SDN network. Using a bloom filter as a defense mechanism, detection and mitigation of an attack is done.
  • No Thumbnail Available
    Item
    Prevention and Mitigation of DNS based DDoS attacks in SDN Environment
    (IEEE, 2019) Gupta, Vishal
    Denial-of-Service attack (DoS attack) is an attack on network in which an attacker tries to disrupt the availability of network resources by overwhelming the target network with attack packets. In DoS attack it is typically done using a single source, and in a Distributed Denial-of-Service attack (DDoS attack), like the name suggests, multiple sources are used to flood the incoming traffic of victim. Typically, such attacks use vulnerabilities of Domain Name System (DNS) protocol and IP spoofing to disrupt the normal functioning of service provider or Internet user. The attacks involving DNS, or attacks exploiting vulnerabilities of DNS are known as DNS based DDOS attacks. Many of the proposed DNS based DDoS solutions try to prevent/mitigate such attacks using some intelligent non-“network layer” (typically application layer) protocols. Utilizing the flexibility and programmability aspects of Software Defined Networks (SDN), via this proposed doctoral research it is intended to make underlying network intelligent enough so as to prevent DNS based DDoS attacks.
  • No Thumbnail Available
    Item
    MPLS based hybridization in SDN
    (IEEE, 2017) Shekhawat, Virendra Singh; Chalapathi, G.S.S.; Sinha, Yash
    The new paradigm of Software Defined Networking (SDN) although has great potential to address the complex problems presented by enterprise networks, it has its own deployment and scalability issues. Further, a full SDN deployment has its own business and economic challenges. A smooth transition from legacy networks to SDN (disruption free, accommodating budget constraints, with progressive improvement in network management) requires a hybrid networking model as an inevitable intermediate step; that allows heterogeneous paradigms to function together while the full transition is realized in phases. Therefore, the need of the hour is to develop an incremental deployment strategy that caters to the needs of the organization. We present here a class-based hybrid SDN model for Multi Protocol Label Switching (MPLS) networks. We discuss the model, design, components, their interactions, advantages and drawbacks. We also present a n implementation and evaluation of a prototype. In legacy networks, MPLS architecture closely resembles SDN paradigm in terms of separation of control and data planes, flow-abstraction etc. Moreover, ISPs have preferred MPLS over the years due to benefits of virtual private networks and traffic engineering. The central idea is to partition traffic using forwarding equivalence classes at the ingress router, the rules of which can be updated via a centralized controller using OpenFlow. Therefore, we aim to use the standard MPLS data-plane together with a control-plane based on OpenFlow to come up with a systematic incremental deployment methodology as well as a hybrid operation model
  • No Thumbnail Available
    Item
    Real-time monitoring of network latency in Software Defined Networks
    (IEEE, 2015) Haribabu, K
    Latency in a network is an important parameter that can be utilized by Service providers and end users alike. Delay on a network path is often measured using end-to-end probing packets. When multiple end systems measure end-to-end latency, there are overlaps in their paths. Since end systems do not have this knowledge, it results in redundant work and network overhead. In this paper, we propose a method to measure end-to-end path latency in Software Defined Networks (SDN). This method avoids redundant work and measures latency in real-time. Our proposal is an improvement over the looping technique. We simplified the looping technique by using IP TTL as a counter. In order to avoid duplicate work, latency is measured per link and stored in the controller. End systems may register their flow labels with the SDN controller to receive latency information. For each registered flow, controller composes individual link latencies on that path to compute end-to-end latency. We also propose another approach to measure latency using queue lengths at network switches. This technique removes network overhead. In our simulations, improved looping technique is found to be giving better results with reduced computational and network overhead, while the proposed queue length technique shows comparable results.
  • No Thumbnail Available
    Item
    Meticulous Measurement of Control Packets in SDN
    (ACM Digital Library, 2017-04) Haribabu, K; Sinha, Yash
    The data packet statistics sent by OpenFlow compliant switches cumulatively includes statistics about control traffic which is used for network control and management. This reduces the accuracy of calculation of QoS metrics and thus hampers network monitoring. We present here a novel algorithm to accurately measure the fraction of control packets in SDN within 3% error rate.
  • No Thumbnail Available
    Item
    Achieving waypoint enforcement in multi-VLAN hybrid SDN
    (IEEE, 2018) Haribabu, K; Bhatia, Ashutosh
    The waypoint enforcement in a network can be seen as the act of diverting the path of packets flowing in the network towards a predefined checkpoint to gain a higher degree of control over the network. Most of the existing solutions which perform waypoint enforcement in hybrid-SDN either disturb the existing VLAN configurations or possess certain limitation in terms of placement of SDN switches in the network. In this paper, we address the problem of achieving waypoint enforcement in a multi-VLAN hybrid software defined network (hybrid-SDN), which does not have these limitations. In particular, the proposed method uses the concept of gratuitous ARP (Address Resolution Protocol) to poison the ARP table of all the hosts in the network to divert the traffic packet towards an SDN switch.
  • No Thumbnail Available
    Item
    OpenSnap: Collection of Globally Consistent Statistics in Software Defined Network
    (IEEE, 2019) Haribabu, K; Bhatia, Ashutosh
    Capturing and monitoring the global state of the network in a software defined network (SDN) is crucial for efficient routing, performance monitoring, Quality of Service (QoS) assurance, etc. The two major existing approaches for statistics collection in SDN are polling-based and event-based. Due to the asynchronous nature of the network, statistics collected through polling have inconsistencies and are not suitable for capturing the consistent global state of the network. On the other hand, event-based monitoring schemes may give sparse information about the network. Globally consistent state detection is well studied for asynchronous systems. However, current SDN standards such as OpenFlow do not support any functionality to collect globally consistent statistics. In this paper, we propose “OpenSnap”, an algorithm to determine the globally consistent state of the system. To support OpenSnap, we extend the OpenFlow protocol by adding a new action. The experimental results show that the statistics collected at the SDN controller using the proposed OpenSnap algorithm are always consistent.