Mitigation of Crossfire Attacks in Software Defined Networks Using Random Forest Machine Learning Algorithm

Williams, Gabon

Mitigation of Crossfire Attacks in Software Defined Networks Using Random Forest Machine Learning Algorithm

Search for this publication on Google Scholar

Williams, G. (2020). Mitigation of Crossfire Attacks in Software Defined Networks Using Random Forest Machine Learning Algorithm. Unc Charlotte Electronic Theses And Dissertations.

Download PDF

Analytics

3230 views ◎
25 downloads ⇓

Abstract

Software Defined Networks have emerged and developed to become a prevalent indus-try used infrastructure. The mitigation around DDoS (Distributed Denial of Service)attacks in SDN has been a big topic since the network type has come into the scopeof day to day operations. The crossfire attack is a link flooding Distributed Denialof Service attack that increases the amount of benign traffic from a massively dis-tributed botnet to congest a network link, also known as the target link. This spikein traffic is used to deplete the network resources allocated for the target link. Thisattack normally does not contain any malicious payloads, which makes detecting andmitigating more difficult. This research was inspired by the low likelihood of theability to detect and defend against a crossfire attack in software defined networksand is focused on detection and mitigation of these attacks [1]. The environmentcreated in this experiment uses SDN Switches on a specific network topology in ad-dition to the ryu controller. The random forest machine learning model was alsoutilized to dynamically analyze traffic and classify when an attack was beginning tooccur. When the classifier alerts the controller that the threshold is being reachedfor a particular target link the controller will find and deny flows from the sourcewhich has generated the most traffic and is not regularly generating traffic at sucha high rate. Denying flows closer to the source limits the impact that a flood canhave on legitimate traffic in the topology. The threshold set for the target link inthis experiment is 50 MB. The model is able to classify when an interface needs to bedenied at a rate of 90.625 percent. Considering this is a base work, accuracy couldbe improved by having additional functionality applied to the proposed design.

Details

Author: Williams, Gabon
Title: Mitigation of Crossfire Attacks in Software Defined Networks Using Random Forest Machine Learning Algorithm
Physical Description: 1 online resource (51 pages) : PDF
Date: 2020
Degree Granting Institution: University of North Carolina at Charlotte
Abstract: Software Defined Networks have emerged and developed to become a prevalent indus-try used infrastructure. The mitigation around DDoS (Distributed Denial of Service)attacks in SDN has been a big topic since the network type has come into the scopeof day to day operations. The crossfire attack is a link flooding Distributed Denialof Service attack that increases the amount of benign traffic from a massively dis-tributed botnet to congest a network link, also known as the target link. This spikein traffic is used to deplete the network resources allocated for the target link. Thisattack normally does not contain any malicious payloads, which makes detecting andmitigating more difficult. This research was inspired by the low likelihood of theability to detect and defend against a crossfire attack in software defined networksand is focused on detection and mitigation of these attacks [1]. The environmentcreated in this experiment uses SDN Switches on a specific network topology in ad-dition to the ryu controller. The random forest machine learning model was alsoutilized to dynamically analyze traffic and classify when an attack was beginning tooccur. When the classifier alerts the controller that the threshold is being reachedfor a particular target link the controller will find and deny flows from the sourcewhich has generated the most traffic and is not regularly generating traffic at sucha high rate. Denying flows closer to the source limits the impact that a flood canhave on legitimate traffic in the topology. The threshold set for the target link inthis experiment is 50 MB. The model is able to classify when an interface needs to bedenied at a rate of 90.625 percent. Considering this is a base work, accuracy couldbe improved by having additional functionality applied to the proposed design.
Genre: masters theses
Subjects--Topics: Computer science
Information technology
Degree: M.S.
Subject Area: Computer Science
Advisor(s): Wang, Weichao
Committee Members: Wang, Weichao
Moyer, Thomas
Lipford, Heather
Degree Note: Thesis (M.S.)--University of North Carolina at Charlotte, 2020.
Rights Statement: This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). For additional information, see http://rightsstatements.org/page/InC/1.0/.
Rights Holder Information: Copyright is held by the author unless otherwise indicated.
Identifier: Williams_uncc_0694N_12451
Permalink: http://hdl.handle.net/20.500.13093/etd:2474

J. Murrey Atkins Library

J. Murrey Atkins Library