BITS Faculty Publications

Permanent URI for this communityhttp://localhost:4000/handle/123456789/1867

Browse

Subject: search.filters.subject.Software-defined networking (SDN)

Search Results

Now showing 1 - 6 of 6
  • No Thumbnail Available
    Item
    Control-data plane intelligence trade-off in SDN
    (IEEE, 2025) Sinha, Yash
    With the decoupling of network control and data planes, the upcoming Software Defined Networking (SDN) paradigm advocates better network control and manageability. It introduces logical centralized control, network programmability and abstraction of underlying infrastructure from network services and applications. With global visibility of network state and central control that eases real time monitoring, policy alterations etc., it certainly enhances network security inherently. However, the separation of planes opens up new challenges like denial of service (DoS) attack, saturation attack, man-in-the middle attack and so on. Many of the issues of controller availability, controller-switch communication delay and scalability can be solved separately by distributed controllers, out-of-band communication links and parallelization respectively. Control-data plane intelligence trade-off has the potential to solve all of these. It increases controller availability, reduces latency for traffic engineering & decision making, and improves controller scalability. Moreover, control-data plane intelligence trade-off enables the control-data plane communication to be more secure. This will tremendously offload the processing load on the controller. We present how to realize control-data plane intelligence tradeoff extending OpenFlow.
  • No Thumbnail Available
    Item
    Rational identification of suitable classification models for detecting ddos attacks in software-defined networks
    (Springer, 2023-03) Haribabu, K.
    Software-Defined Network (SDN) is an approach where the network architecture is divided into 3 planes, namely the control plane, the data plane, and the application plane. It represents a major step forward from traditional, hardware-based networking to software-based networking where a programmable central controller, at the control plane, facilitates controlling the routing of data and allows for easier network management and scalability. On the other hand, the architecture makes the controller a target for many malicious attacks, most common of them being Distributed Denial of Service (DDoS) attacks. Thus, to address cybersecurity issues in SDN architecture, we investigated recent studies and trends that used Machine Learning algorithms to detect DDoS attacks in the control plane. We compared popular ML algorithms - k-Nearest Neighbors (k-NN), Support Vector Machine (SVM), Decision Trees (DT), Artificial Neural Network (ANN) - with different feature selection methods: Neighbourhood Component Analysis (NCA), and minimum Redundancy - Maximum Relevance (mRMR). Considering real-time DDoS attack detection, we have proposed an ensemble learning model that outperforms previously proposed models for detecting DDoS attacks. The proposed model utilizes feature selection and is generalized with a 10-Fold Cross Validation Recall of a 100%, F1-Score of 99.9988%, and Accuracy of 99.9990%.
  • No Thumbnail Available
    Item
    Early detection of DDOS attacks in networks leveraging data plane programming
    (IEEE, 2023-09) Haribabu, K.
    Distributed Denial of Service (DDoS) attacks are one of the most commonly used techniques to disrupt network services today. These attacks have grown in size and frequency over the past decade and commonly target DNS infrastructure and Software as a Service (SaaS) solutions hosted on the cloud. Traditional methods for DDoS attack mitigation mostly utilize external network infrastructure to monitor traffic and detect suspicious activity. These methods however are of ten subject to issues of high latency and large memory footprint. With the rise in popularity of Software Defined Networking (SDN) and data plane programmability, these issues can be tackled as network traffic can be examined at line-rate within the forwarding devices itself. This report aims to explore the P4 data plane programming language and utilize its primitives to design an in-line traffic inspection mechanism to detect an ongoing DDoS attack. The current scheme of this implementation would be to perform an Entropy calculation of the traffic at the data plane, followed by implementing a gossip protocol to disseminate entropy information to other switches. Finally, a decision making algorithm will be used to detect the DDoS attack.
  • No Thumbnail Available
    Item
    An energy efficient data transmission approach in smart IOT systems
    (IEEE, 2024-07) Haribabu, K.
    Improving energy efficiency and maximizing network longevity are two pressing issues in the Internet of Things (IoT) and wireless sensor networks (WSN). Clustering aids in enhancing energy efficiency and extending network life. A cluster head is selected in each cluster to collect and aggregate data from its cluster members. While electing appropriate nodes as cluster heads is important, associating nodes with the elected cluster heads is another component that can aid improve the network’s longevity. In this study, the authors proposed a new algorithm belonging to the family of local search problems for performing connection migration of nodes between different cluster heads. Furthermore, the simulation environment and the toolkit developed to evaluate several Cluster Head algorithms in this simulation environment have both been presented in detail.
  • No Thumbnail Available
    Item
    DDoS attack detection in data plane
    (Springer, 2025-04) Haribabu, K.
    Distributed Denial of Service (DDoS) attacks pose significant challenges to the availability of online services, with attackers seeking to overwhelm a target’s resources by generating an overwhelming volume of traffic from multiple sources. Traditional detection methods, such as signature-based or traffic pattern analysis, often lack the adaptability required to combat evolving attack strategies effectively. This paper explores the utilization of Software-Defined Networking (SDN) and data plane programmability as a reactive and adaptive mechanism for DDoS attack detection and mitigation. By leveraging the packet-level processing capabilities of P4 (Programming Protocol-Independent Packet Processors), we propose a novel implementation that employs entropy-based detection combined with gossip algorithms for decentralized information sharing. Our approach demonstrates improved responsiveness and scalability in detecting DDoS traffic and provides a comparative analysis between epidemic-based and probability-based gossip protocols. The results highlight the strengths, limitations, and real-world feasibility of our approach.
  • No Thumbnail Available
    Item
    KarmaNet: SDN Solution to DNS-Based Denial-of-Service
    (Springer, 2019-01) Gupta, Vishal
    Networks are fundamentally designed to efficiently share network resources among end-users. The Internet has facilitated a global communication and computational environment by interconnecting billions of computers. People depend on the Internet to share professional, personal, confidential, and valuable information with other network users. Because of this high dependency of users, attackers often exploit its weaknesses to paralyze crucial and important segments of the Internet. Domain Name System (DNS) is one such segment whose proper functioning is highly crucial for the Internet to function properly. Attackers often exploit vulnerabilities of the Internet and DNS to launch large scale Distributed Denial of Service (DDoS) attacks and disrupt network services. Such DNS based DDoS attacks generally use IP spoofing to bombard target network/host so as to paralyze them with attack packets. In this paper we present a novel DDoS attack prevention mechanism by utilizing the flexibility and programmability aspects of Software Defined Networks (SDN). The principal philosophy used behind it is to route DNS response packets along the same path which was used by corresponding DNS request packet. Such routing is independent of the destination IP address present in the packet. This way, the malicious host responsible for launching DDoS attack will self-destruct itself. The results of the simulation showed that KarmaNet reduced the network delay by 41% when the network was experiencing a DDoS attack. Also, as any security mechanism comes at a cost, simulations of proposed mechanism shows that it also introduced additional delay of 8%–9% in getting DNS responses as compared to current DNS structure.