Design and Analysis of Anomaly Detection and Mitigation Schemes for Distributed Denial of Service Attacks in Software Defined Network. An Investigation into the Security Vulnerabilities of Software Defined Network and the Design of Efficient Detection and Mitigation Techniques for DDoS Attack using Machine Learning Techniques

View/ Open
PhD Thesis (3.049Mb)
Download
Publication date
2019Author
Sangodoyin, Abimbola O.Supervisor
Awan, Irfan U.Hu, Yim Fun
Pillai, Prashant
Keyword
Software Defined Networks (SDN)Distributed Denial of Service (DDoS) attacks
Network security
Attack detection
Attack mitigation
Controller
Rights

The University of Bradford theses are licenced under a Creative Commons Licence.
Institution
University of BradfordDepartment
Faculty of Engineering and InformaticsAwarded
2019
Metadata
Show full item recordAbstract
Software Defined Networks (SDN) has created great potential and hope to overcome the need for secure, reliable and well managed next generation networks to drive effective service delivery on the go and meet the demand for high data rate and seamless connectivity expected by users. Thus, it is a network technology that is set to enhance our day-to-day activities. As network usage and reliance on computer technology are increasing and popular, users with bad intentions exploit the inherent weakness of this technology to render targeted services unavailable to legitimate users. Among the security weaknesses of SDN is Distributed Denial of Service (DDoS) attacks. Even though DDoS attack strategy is known, the number of successful DDoS attacks launched has seen an increment at an alarming rate over the last decade. Existing detection mechanisms depend on signatures of known attacks which has not been successful in detecting unknown or different shades of DDoS attacks. Therefore, a novel detection mechanism that relies on deviation from confidence interval obtained from the normal distribution of throughput polled without attack from the server. Furthermore, sensitivity analysis to determine which of the network metrics (jitter, throughput and response time) is more sensitive to attack by introducing white Gaussian noise and evaluating the local sensitivity using feed-forward artificial neural network is evaluated. All metrics are sensitive in detecting DDoS attacks. However, jitter appears to be the most sensitive to attack. As a result, the developed framework provides an avenue to make the SDN technology more robust and secure to DDoS attacks.Type
ThesisQualification name
PhDCollections
Related items
Showing items related by title, author, creator and subject.
-
Cyber Attack Modelling using Threat Intelligence. An investigation into the use of threat intelligence to model cyber-attacks based on elasticsearch and honeypot data analysisAwan, Irfan U.; Al-Mohannadi, Hamad (University of BradfordSchool of Electrical Engineering and Computer Science, 2019)Cyber-attacks have become an increasing threat to organisations as well as the wider public. This has led to greatly negative impacts on the economy at large and on the everyday lives of people. Every successful cyber attack on targeted devices and networks highlights the weaknesses within the defense mechanisms responsible for securing them. Gaining a thorough understanding of cyber threats beforehand is therefore essential to prevent potential attacks in the future. Numerous efforts have been made to avoid cyber-attacks and protect the valuable assets of an organisation. However, the most recent cyber-attacks have exhibited the profound levels of sophistication and intelligence of the attacker, and have shown conven- tional attack detection mechanisms to fail in several attack situations. Several researchers have highlighted this issue previously, along with the challenges faced by alternative solu- tions. There is clearly an unprecedented need for a solution that takes a proactive approach to understanding potential cyber threats in real-time situations. This thesis proposes a progressive and multi-aspect solution comprising of cyber-attack modeling for the purpose of cyber threat intelligence. The proposed model emphasises on approaches from organisations to understand and predict future cyber-attacks by collecting and analysing network events to identify attacker activity. This could then be used to understand the nature of an attack to build a threat intelligence framework. However, collecting and analysing live data from a production system can be challenging and even dangerous as it may lead the system to be more vulnerable. The solution detailed in this thesis deployed cloud-based honeypot technology, which is well-known for mimicking the real system while collecting actual data, to see network activity and help avoid potential attacks in near real-time. In this thesis, we have suggested a new threat intelligence technique by analysing attack data collected using cloud-based web services in order to identify attack artefacts and support active threat intelligence. This model was evaluated through experiments specifically designed using elastic stack technologies. The experiments were designed to assess the identification and prediction capability of the threat intelligence system for several different attack cases. The proposed cyber threat intelligence and modeling systems showed significant potential to detect future cyber-attacks in real-time.
-
Anomaly diagnosis based on regression and classification analysis of statistical traffic featuresLiu, Lei; Jin, X.L.; Min, Geyong; Xu, L. (2014-08-24)Traffic anomalies caused by Distributed Denial-of-Service (DDoS) attacks are major threats to both network service providers and legitimate customers. The DDoS attacks regularly consume and exhaust the resources of victims and hence result in abnormal bursty traffic through end-user systems. Additionally, malicious traffic aggregated into normal traffic often show dramatic changes in the traffic nature and statistical features. This study focuses on early detection of traffic anomalies caused by DDoS attacks in light of analyzing the network traffic behavior. Key statistical features including variance, autocorrelation, and self-similarity are employed to characterize the network traffic. Further, artificial neural network and support vector machine subject to the performance metrics are employed to predict and classify the abnormal traffic. The proposed diagnosis mechanism is validated through experiments where the datasets consist of two groups. The first group is the Massachusetts Institute of Technology Lincoln Laboratory dataset containing labeled DoS attack. The second group collected from DDoS attack simulation experiments covers three representative traffic shapes resulting from the dynamic attack rate configuration, namely, constant intensity, ramp-up behavior, and pulsing behavior. The experimental results demonstrate that the developed mechanism can effectively and precisely alert the abnormal traffic within short response period.
-
Cyber-Attack Modeling Analysis Techniques: An OverviewAl-Mohannadi, Hamad; Mirza, Qublai K.A.; Namanya, Anitta P.; Awan, Irfan U.; Cullen, Andrea J.; Pagna Disso, Jules F. (2016)Cyber attack is a sensitive issue in the world of Internet security. Governments and business organisations around the world are providing enormous effort to secure their data. They are using various types of tools and techniques to keep the business running, while adversaries are trying to breach security and send malicious software such as botnets, viruses, trojans etc., to access valuable data. Everyday the situation is getting worse because of new types of malware emerging to attack networks. It is important to understand those attacks both before and after they happen in order to provide better security to our systems. Understanding attack models provide more insight into network vulnerability; which in turn can be used to protect the network from future attacks. In the cyber security world, it is difficult to predict a potential attack without understanding the vulnerability of the network. So, it is important to analyse the network to identify top possible vulnerability list, which will give an intuitive idea to protect the network. Also, handling an ongoing attack poses significant risk on the network and valuable data, where prompt action is necessary. Proper utilisation of attack modelling techniques provide advance planning, which can be implemented rapidly during an ongoing attack event. This paper aims to analyse various types of existing attack modelling techniques to understand the vulnerability of the network; and the behaviour and goals of the adversary. The ultimate goal is to handle cyber attack in efficient manner using attack modelling techniques.