| Author: | Gao, Shang |
| Title: | Exploiting software-defined networks : DoS attacks and security enhancement |
| Advisors: | Xiao, Bin (COMP) |
| Degree: | Ph.D. |
| Year: | 2018 |
| Subject: | Hong Kong Polytechnic University -- Dissertations Software-defined networking (Computer network technology) Computer networks -- Security measures |
| Department: | Department of Computing |
| Pages: | xviii, 153 pages : color illustrations |
| Language: | English |
| Abstract: | Software-defined networking (SDN) has introduced a more flexible way to manage and control network traffic with high programmability by decoupling the control plane from the data plane in traditional networks. The attributes of centralized control and programmability in SDN can be exploited to enhance network security with a highly reactive security system. However, the same centralized structure is also considered vulnerable, which can cause severe network security problems. In the thesis, the security in SDN is studied in both identifying vulnerabilities in SDN and enhancing network security with SDN. For SDN vulnerability identification, we study the DoS attacks aiming at OpenFlow networks, and propose FloodDefender, a scalable, efficient and protocol-independent defense framework against the DoS attacks. Furthermore, we identify new SDN-aimed DDoS attacks which could use the communication bottleneck between the two planes to jam switch-controller links and overload the control plane in proactive OpenFlow networks. To mitigate the new DDoS attack, we propose FloodBarrier to reduce the communication and efficiently handle attack traffic. For the SDN-enabled security, we propose software-defined firewall (SDF) based on the architecture of SDN to enhance personal firewalls for malware detection. SDF can detect the hidden traffic generated by malware and enable programmable security policy control by abstracting the firewall architecture into control and data planes. Experimental results show that the proposed FloodDefender and FloodBarrier systems can efficiently protect OpenFlow networks against the attacks with little overhead, and SDF can successfully monitor all network traffic and improve the accuracy of malicious traffic identification. |
| Rights: | All rights reserved |
| Access: | open access |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 991022180947603411.pdf | For All Users | 1.71 MB | Adobe PDF | View/Open |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/9861