Towards a Secure SDN Controller-Based Machine Learning / Roumaissa Chibout

Public ISBD Titre : Towards a Secure SDN Controller-Based Machine Learning Type de document : texte imprimé Auteurs : Roumaissa Chibout, Auteur ; Soundes Belagrouz ; Gherbi ,Chirihane, Directeur de thèse Editeur : Setif:UFA Année de publication : 2024 Importance : 1 vol (77 f .) Format : 29 cm Langues : Anglais (eng) Catégories : Thèses & Mémoires:Informatique Mots-clés : Software-Defined Networking (SDN) Distributed Denial of Service Attack (DDoS) Machine learning (ML) Index. décimale : 004 - Informatique Résumé : Software-defined networking (SDN) is an innovative approach that aims to improve the performance of traditional networks by separating the control plane from the data plane. SDN networks are characterized by centralized control that facilitates network management but also exposes them to the risk of Distributed Denial of Service (DDoS) attacks, which can cripple the network and make it unusable. This master’s thesis presents a solution based on machine learning (ML) algorithms to detect and mitigate DDoS attacks. We used the Mininet tool and the Ryu controller to simulate the network. The Hping3 tool was used to simulate DDoS attacks. Four supervised machine learning algorithms were tested: Logistic Regression (LR), Na¨ıve Bayes (NB), Decision Tree (DT), and Random Forest (RF) on real and synthetic datasets. In our proposed approach, mitigation was achieved by adding a flow rule on the switch to drop malicious traffic , which showed its effectiveness in detecting and mitigating DDoS attacks using a decision tree (DT) classifier that was integrated and implemented based on the results obtained, which showed the superiority of the model trained using the synthetic dataset as the DT and RF algorithms performed better than the other algorithms evaluated. This study highlights the great potential of using machine learning to enhance the security of software-defined networks, contributing to more stable and secure networks. Note de contenu : Sommaire Table of contents viii List of figures x List of tables xi Abbreviations xii Introduction 1 1 SDN and Network Security 4 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 SDN(Software-Defined Netwok) . . . . . . . . . . . . . . . . . . . . . . 5 1.2.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.2 SDN networks Vs traditional networks . . . . . . . . . . . . . . 5 1.2.3 The architecture of the SDN . . . . . . . . . . . . . . . . . . . . 6 1.2.4 Benefits of SDN . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.5 Challenges of SDN . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3 OpenFlow Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3.1 OpenFlow switch . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3.2 OpenFlow ports . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.3 OpenFlow channel . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3.4 Connectivity Channels . . . . . . . . . . . . . . . . . . . . . . . 11 1.4 Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.4.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.4.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4.3 Network attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.5 SDN Security problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.6 Machine Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.6.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.6.2 Taxonomy of Machine Learning . . . . . . . . . . . . . . . . . . 14 1.6.3 Machine Learning for solving SDN security Problems . . . . . . 15 1.6.4 Machine Learning and SDN . . . . . . . . . . . . . . . . . . . . 16 1.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2 Related Work 17 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2 Denial of Service (DoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.2 DoS Attacks Mechanisms . . . . . . . . . . . . . . . . . . . . . . 18 2.3 Distributed Denial of Service (DDoS) Attacks . . . . . . . . . . . . . . 19 2.3.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.3.2 Taxonomy of DDoS attacks . . . . . . . . . . . . . . . . . . . . 19 2.4 Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4.2 Botnets in DDoS Attacks: . . . . . . . . . . . . . . . . . . . . . 20 2.4.3 Mitigating Botnet in the DDoS attacks . . . . . . . . . . . . . . 21 2.5 DDoS attacks in SDN networks . . . . . . . . . . . . . . . . . . . . . . 22 2.6 Types of DDoS attacks in SDN . . . . . . . . . . . . . . . . . . . . . . 24 2.6.1 Application layer DDoS attacks . . . . . . . . . . . . . . . . . . 24 2.6.2 Control layer DDoS attacks . . . . . . . . . . . . . . . . . . . . 24 2.6.3 Data layer DDoS attacks . . . . . . . . . . . . . . . . . . . . . . 24 2.7 DDos attack detection techniques in SDN . . . . . . . . . . . . . . . . . 25 2.8 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.8.1 DDoS attack detection and defense in SDN based on machine learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.8.2 Detection of Distributed Denial of Service Attacks in SDN using Machine learning techniques . . . . . . . . . . . . . . . . . . . . 30 2.8.3 Collaborative detection and mitigation of DDoS in software-defined networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.8.4 comparison table between the articles . . . . . . . . . . . . . . . 36 2.9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3 Proposed approach 39 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.2 Proposed Approach Phases . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.2.1 Model Building Phase . . . . . . . . . . . . . . . . . . . . . . . 41 3.2.2 Detecting Anomalies Phase (DDoS) . . . . . . . . . . . . . . . . 45 3.2.3 DDoS Mitigation Phase . . . . . . . . . . . . . . . . . . . . . . 46 3.3 RYU Contoller Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 4 Implementation and Resaults 48 4.1 Introduction: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2 Tools Selection: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2.1 Material ressources: . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2.2 Software: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 4.3 Dataset and Machine Learning algorithms: . . . . . . . . . . . . . . . . 53 4.3.1 Dataset Generation: . . . . . . . . . . . . . . . . . . . . . . . . 53 4.3.2 Comparison between ML algorithms: . . . . . . . . . . . . . . . 55 4.3.3 SDN Topology: . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 4.3.4 Integration of the model with Ryu controller: . . . . . . . . . . 60 4.4 Work evaluation: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 4.4.1 Evaluating our work using a real Data Set: . . . . . . . . . . . . 63 4.4.2 Comparison of results: . . . . . . . . . . . . . . . . . . . . . . . 67 4.5 Conclusion: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Côte titre : MAI/0917 Towards a Secure SDN Controller-Based Machine Learning [texte imprimé] / Roumaissa Chibout, Auteur ; Soundes Belagrouz ; Gherbi ,Chirihane, Directeur de thèse . - [S.l.] : Setif:UFA, 2024 . - 1 vol (77 f .) ; 29 cm. Langues : Anglais (eng) Catégories : Thèses & Mémoires:Informatique Mots-clés : Software-Defined Networking (SDN) Distributed Denial of Service Attack (DDoS) Machine learning (ML) Index. décimale : 004 - Informatique Résumé : Software-defined networking (SDN) is an innovative approach that aims to improve the performance of traditional networks by separating the control plane from the data plane. SDN networks are characterized by centralized control that facilitates network management but also exposes them to the risk of Distributed Denial of Service (DDoS) attacks, which can cripple the network and make it unusable. This master’s thesis presents a solution based on machine learning (ML) algorithms to detect and mitigate DDoS attacks. We used the Mininet tool and the Ryu controller to simulate the network. The Hping3 tool was used to simulate DDoS attacks. Four supervised machine learning algorithms were tested: Logistic Regression (LR), Na¨ıve Bayes (NB), Decision Tree (DT), and Random Forest (RF) on real and synthetic datasets. In our proposed approach, mitigation was achieved by adding a flow rule on the switch to drop malicious traffic , which showed its effectiveness in detecting and mitigating DDoS attacks using a decision tree (DT) classifier that was integrated and implemented based on the results obtained, which showed the superiority of the model trained using the synthetic dataset as the DT and RF algorithms performed better than the other algorithms evaluated. This study highlights the great potential of using machine learning to enhance the security of software-defined networks, contributing to more stable and secure networks. Note de contenu : Sommaire Table of contents viii List of figures x List of tables xi Abbreviations xii Introduction 1 1 SDN and Network Security 4 1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 SDN(Software-Defined Netwok) . . . . . . . . . . . . . . . . . . . . . . 5 1.2.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.2 SDN networks Vs traditional networks . . . . . . . . . . . . . . 5 1.2.3 The architecture of the SDN . . . . . . . . . . . . . . . . . . . . 6 1.2.4 Benefits of SDN . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.2.5 Challenges of SDN . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3 OpenFlow Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3.1 OpenFlow switch . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3.2 OpenFlow ports . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.3.3 OpenFlow channel . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3.4 Connectivity Channels . . . . . . . . . . . . . . . . . . . . . . . 11 1.4 Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.4.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.4.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4.3 Network attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.5 SDN Security problems . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.6 Machine Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.6.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.6.2 Taxonomy of Machine Learning . . . . . . . . . . . . . . . . . . 14 1.6.3 Machine Learning for solving SDN security Problems . . . . . . 15 1.6.4 Machine Learning and SDN . . . . . . . . . . . . . . . . . . . . 16 1.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2 Related Work 17 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2 Denial of Service (DoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.2 DoS Attacks Mechanisms . . . . . . . . . . . . . . . . . . . . . . 18 2.3 Distributed Denial of Service (DDoS) Attacks . . . . . . . . . . . . . . 19 2.3.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.3.2 Taxonomy of DDoS attacks . . . . . . . . . . . . . . . . . . . . 19 2.4 Botnets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.4.2 Botnets in DDoS Attacks: . . . . . . . . . . . . . . . . . . . . . 20 2.4.3 Mitigating Botnet in the DDoS attacks . . . . . . . . . . . . . . 21 2.5 DDoS attacks in SDN networks . . . . . . . . . . . . . . . . . . . . . . 22 2.6 Types of DDoS attacks in SDN . . . . . . . . . . . . . . . . . . . . . . 24 2.6.1 Application layer DDoS attacks . . . . . . . . . . . . . . . . . . 24 2.6.2 Control layer DDoS attacks . . . . . . . . . . . . . . . . . . . . 24 2.6.3 Data layer DDoS attacks . . . . . . . . . . . . . . . . . . . . . . 24 2.7 DDos attack detection techniques in SDN . . . . . . . . . . . . . . . . . 25 2.8 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.8.1 DDoS attack detection and defense in SDN based on machine learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.8.2 Detection of Distributed Denial of Service Attacks in SDN using Machine learning techniques . . . . . . . . . . . . . . . . . . . . 30 2.8.3 Collaborative detection and mitigation of DDoS in software-defined networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.8.4 comparison table between the articles . . . . . . . . . . . . . . . 36 2.9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3 Proposed approach 39 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.2 Proposed Approach Phases . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.2.1 Model Building Phase . . . . . . . . . . . . . . . . . . . . . . . 41 3.2.2 Detecting Anomalies Phase (DDoS) . . . . . . . . . . . . . . . . 45 3.2.3 DDoS Mitigation Phase . . . . . . . . . . . . . . . . . . . . . . 46 3.3 RYU Contoller Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 4 Implementation and Resaults 48 4.1 Introduction: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2 Tools Selection: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2.1 Material ressources: . . . . . . . . . . . . . . . . . . . . . . . . . 48 4.2.2 Software: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 4.3 Dataset and Machine Learning algorithms: . . . . . . . . . . . . . . . . 53 4.3.1 Dataset Generation: . . . . . . . . . . . . . . . . . . . . . . . . 53 4.3.2 Comparison between ML algorithms: . . . . . . . . . . . . . . . 55 4.3.3 SDN Topology: . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 4.3.4 Integration of the model with Ryu controller: . . . . . . . . . . 60 4.4 Work evaluation: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 4.4.1 Evaluating our work using a real Data Set: . . . . . . . . . . . . 63 4.4.2 Comparison of results: . . . . . . . . . . . . . . . . . . . . . . . 67 4.5 Conclusion: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Côte titre : MAI/0917

Exemplaires (1)

Code-barres	Cote	Support	Localisation	Section	Disponibilité
MAI/0917	MAI/0917	Mémoire	Bibliothéque des sciences	Anglais	Disponible Disponible

---

1 (1 - 1 / 1)