Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Securing SDN Data Plane:Investigating the effects of IP SpoofingAttacks on SDN Switches and its Mitigation: Simulation of IP spoofing using Mininet
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2023 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Background:Software-Defined Networking (SDN) represents a network architecture that offers a separate control and data layer, facilitating its rapid deployment and utilization for diverse purposes. However, despite its ease of implementation, SDN is susceptible to numerous security attacks, primarily stemming from its centralized nature. Among these threats, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks pose the most substantial risks. In the event of a successful attack on the SDNcontroller, the entire network may suffer significant disruption. Hence, safe guarding the controller becomes crucial to ensure the integrity and availability of the SDN network.

Objectives:This thesis focuses on examining the IP spoofing attack and its impact on the Data Plane, particularly concerning the metrics of an SDN switch. The investigation centers around attacks that manipulate flow-rules to amplify the number of rules and deplete the resources of a switch within the Data Plane of an SDN network. To conduct the study, a software-defined network architecture was constructed using Mininet, with a Ryu controller employed for managing network operations. Various experiments were carried out to observe the response of the SDN system when subjected to an IP spoofing attack, aiming to identify potential mitigation strategies against such threats.

Method and Results: To simulate the resource exhaustion scenario on the SDN network’s Data Plane,we deliberately triggered an escalation in the number of flow-rules installed in the switch. This was achieved by sending packets with spoofed IP addresses, there by exploiting the switch’s limited resources. Specifically, we focused on monitoring the impact on CPU utilization, storage memory, latency, and throughput within the switch. Detailed findings were presented in the form of tables, accompanied by graphical representations to visually illustrate the effects of increasing flow rules on the switches. Furthermore, we explored potential mitigation measures by developing an application that actively monitors the flow rules on the Ryu controller, aiming to detect and counteract such resource-exhausting effects. 

Place, publisher, year, edition, pages
2023. , p. 80
Keywords [en]
Software Defined Networking, IP Spoofing, Flooding, DDoS Attacks, Data Plane, Mininet
National Category
Telecommunications
Identifiers
URN: urn:nbn:se:bth-25189OAI: oai:DiVA.org:bth-25189DiVA, id: diva2:1782968
Subject / course
ET2606 Masterarbete i elektroteknik med inriktning mot telekommunikationssystem 30,0 hp
Educational program
ETADT Plan för kvalifikation till masterexamen inom elektroteknik med inr mot telekommunikationssystem 120,0 hp
Presentation
2023-06-23, 10:30 (English)
Supervisors
Examiners
Available from: 2023-07-19 Created: 2023-07-18 Last updated: 2023-07-19Bibliographically approved

Open Access in DiVA

fulltext(2490 kB)586 downloads
File information
File name FULLTEXT02.pdfFile size 2490 kBChecksum SHA-512
9d3557cef64de6c51e1fce2835ae392da5aa2419d213bdc6efdb20c65b797a4bfd92a8ae6bc4a5396d8387ecd3007a4a4c0e2db45e06ea405f4dc20398bf287a
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
JABBU, SHIVAKUMAR YADAVMADIRAJU, ANIRUDH SAI
By organisation
Department of Computer Science
Telecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 586 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 845 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf