Security of software-defined networks : Denial-of-service attack detection and mitigation
Shirokova, Anastasia (2019)
Shirokova, Anastasia
2019
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2019121627063
https://urn.fi/URN:NBN:fi:amk-2019121627063
Tiivistelmä
Software-defined networking (SDN) is a recently developed architecture. This design brings programmability and efficiency into traditional networks. Awareness of potential SDN specific threats and complications is essential information for developers and engineers who intent to implement this network design for their business.
The main goal of this thesis was to research the expanding field of software-defined networking and the security of this design. Narrowing down this comprehensive area, this work covered the reliability of SDN controllers against denial-of-service (DoS) attacks. The objective was to answer two questions after the practical part was conducted: Is SDN less secure because of its architecture compared to traditional networks? Are DoS attacks a big threat for SDN architecture or can they be easily mitigated?
In the theory part, the attack surface of SDN and the available security solutions for these networks were studied. The purpose of the practical part was to illustrate a DoS attack against an SDN controller and to show possible methods to detect such types of attacks in SDN environment. To achieve this, the SDN topology was simulated using GNS3 software and the behaviour of the controller was observed under the DoS attack.
This research showed that the existing techniques can minimize the impact of denial-of-service attacks in SDN environments. Moreover, with correctly configured monitoring and proper network design, the threats can be detected instantly and mitigated accordingly. While it is certainly challenging to successfully maintain secure SDN settings and the right knowledge base is required, using this design over traditional networks does not bring additional risks.
The main goal of this thesis was to research the expanding field of software-defined networking and the security of this design. Narrowing down this comprehensive area, this work covered the reliability of SDN controllers against denial-of-service (DoS) attacks. The objective was to answer two questions after the practical part was conducted: Is SDN less secure because of its architecture compared to traditional networks? Are DoS attacks a big threat for SDN architecture or can they be easily mitigated?
In the theory part, the attack surface of SDN and the available security solutions for these networks were studied. The purpose of the practical part was to illustrate a DoS attack against an SDN controller and to show possible methods to detect such types of attacks in SDN environment. To achieve this, the SDN topology was simulated using GNS3 software and the behaviour of the controller was observed under the DoS attack.
This research showed that the existing techniques can minimize the impact of denial-of-service attacks in SDN environments. Moreover, with correctly configured monitoring and proper network design, the threats can be detected instantly and mitigated accordingly. While it is certainly challenging to successfully maintain secure SDN settings and the right knowledge base is required, using this design over traditional networks does not bring additional risks.