الفهرس 
INTRODUCTIONOnly 14 pages are availabe for public view
 |  | from | 85 |  |  |
| | | from | 85 | | |
Abstract
Toward the start of last years, Software Defined Network (SDN) pulled
into the world’s consideration. SDN is quickly emerging as a new approach
to the networking world which modified the architecture of traditional
networks by separating the control plane (brains) and data plane (muscle)
and makes the control plane independent, programmable, dynamic, and
manageable. SDN architecture consists of three layers, the infrastructure
layer, the Control layer, and the Application layer. The network management becomes simple because of this separation. It is centralized network architecture. The central controller monitors network behavior, manages
network devices and network traffic, while network switches become simple
forwarding devices. The controller decides where to forward network
packets, from the data plane and the data plane is the plane that executes this
decision and actually forwards the traffic. The central controller becomes a key to the SDN system. The controller has a global network view so it’s
responsible for planning routing for packets. The controller creates rules for
how network traffic is handled and routed in the network. Rules are then
installed in network forwarding devices. Due to the coupling between data
and control plane, Software-defined networking (SDN) has many advantages
over a traditional network such as increased flexibility, cost savings and
more fine-grained network management services. Despite the advantages of
the separation, it introduces new protocols, networking devices and security
challenges which append attack surface of the network and many security
vulnerabilities, i.e., Distributed Denial-of-Service (DDoS) attacks on
OpenFlow(OF) SDN networks exhaust the control plane bandwidth and
overload the buffer memory of OpenFlow switch. DDoS attack on SDN
becomes an important problem, and varieties of methods had been applied
for detection and mitigation purposes.
Currently, SDN research is growing fast significantly, and many
companies plan to use it for future network. SDN architecture can reinforce
the network security with its essential capacities, such as centralized network
monitoring, provisioning, centralization of security and policy control,
which is not exist in the current network. These features cause SDN to
become one of the most significant platforms for network security
developments. In this thesis, a design and implementation of secure guard to assist in
solving the issue of DDoS attacks on pox controller is presented, this guard
is named SGuard. A Five-tuple as feature vector is utilized for classifying
traffic flow using Support Vector Machine (SVM). A Mininet is utilized to
evaluate SGuard in a software environment. It is used to build topology that
consists of 21 hosts, six switches, and one controller, and both normal and
malicious traffic data are generated using Hping3. The introduced system is
evaluated by measuring the system’s performance in terms of delay,
bandwidth, traffic flow and accuracy. The traffic is monitored and evaluated
to notice the difference between the normal traffic, the presence of an attack and the use of the SGuard. The bandwidth of the link between hosts is
measured, and we observed that in the case of the attack over time the
communication between the two hosts was interrupted. It also observed that
the bandwidth with the SGuard is less than the normal traffic, but the
connection is still present between the hosts. System accuracy is measured
with a different number of attacking hosts and a different number of
samples. The proposed model acts with a very high accuracy based on the
experimental results.