.  Home  .  Publikationen  .  Fopra/SEP/Bachelor  .  gima16

Girstenbrei, C., Marczinek, A. (2016):

Monitoring and Mitigiating Attacks in the Environment of Software Defined Networks

Chris: In recent times, \ac{SDN} have quickly gained popularity. The opened capabilities and addressing of shortcomings in traditional networks has sparked a lot of interest. But considering the extent of testing regular networks are over, \acp{SDN} have to make up a lot of ground. Especially due to new attacks on network clients and networks itself, a reliable and adaptive strategy is necessary. Having insight into the network and access to reliable information is one of the most important properties of a modern network. The intent of this thesis is to address the first step of monitoring data, making it available to other components and alert on possible attacks to enable a reactive and flexible network in context of an \ac{SDN} environment. Different techniques of gathering, analyzing and output data will be proposed and shown with an example implementation. Comparison between these techniques will present their advantages and disadvantages, providing information on which tool to choose for which type of data or attack. Alex: Software Defined Networks are a technology that is quickly becoming popular. It enables new network functionality through its standardized interface and the decoupling of the data and control plane. Yet, also attacks on networks are as popular as ever, with attacks disrupting the operation of even large and well prepared companies. These attacks often are Denial of Service attacks. The architecture of Software Defined Networks also has exploitable vulnerabilities To help overcome these issues, a detection and mitigation mechanism based on SDN within a reproducible test environment is proposed. This builds a foundation for research on monitoring and mitigation in software defined environments. This test setup is then used for the implementation and evaluation of TCP SYN Flood, Distributed TCP SYN Flood and Flow Flooding attacks. The results show that by monitoring the network through an Intrusion Detection System and using statistics of the flows, the attacks can be detected and this information can be used to create flows that are capable of mitigating the attacks.