DDoS Attack Detection in SDN-based VANET Architectures
Authors
Todorova, Stamelina Tomova ; Todorova, Martina Stoyanova
Term
4. term
Publication year
2016
Pages
175
Abstract
Software-definerede netværk (SDN) adskiller, hvordan et netværk styres (kontrolplanen), fra hvordan data videresendes (dataplanen). Denne adskillelse gør det muligt for en central controller at få overblik over hele netværket, foretage hurtige ændringer og udnytte ressourcer mere effektivt. Køretøjsbaserede ad hoc-netværk (VANET) er trådløse netværk, hvor køretøjer fungerer som noder; de er en nøglekomponent i intelligente transportsystemer (ITS), der skal øge trafiksikkerheden og levere tjenester til førere og passagerer. Dette speciale undersøger, hvordan SDN og VANET kan kombineres for at forbedre netværksydelsen. Med en SDN-controller kan netværkets intelligens samles logisk, og applikationer kan adskilles fra den underliggende infrastruktur. Den centraliserede kontrol kan dog også blive et enkelt fejlpunkt, hvilket gør sikkerhed til en vigtig bekymring. Derfor vurderer vi, hvordan Denial of Service (DoS) og Distributed Denial of Service (DDoS) påvirker ydeevnen i SDN-baserede VANET, og vi fokuserer på at opdage DDoS-angreb, der bruger UDP-trafik, fordi mange ITS-tjenester kræver kommunikation i realtid (fx ulykkesadvarsler og information om trafikkøer). Specialet designer og tester en DDoS-detekteringsalgoritme, implementeret som et softwaremodul på SDN-controlleren. Modulet overvåger trafikegenskaber og bruger entropi (et mål for tilfældighed) til at vurdere, hvordan destinations-IP-adresser fordeler sig inden for faste tidsvinduer. Den beregnede entropi sammenlignes med en foruddefineret tærskelværdi for at klassificere trafikken som normal eller angrebstrafik. Testscenarierne omfatter både normal trafik og DDoS-trafik med forfalskede kilde-IP-adresser.
Software-defined networking (SDN) separates how a network is controlled (the control plane) from how data is forwarded (the data plane). This separation lets a central controller see the whole network, make quick changes, and use resources more efficiently. Vehicular Ad Hoc Networks (VANETs) are wireless networks where vehicles act as nodes; they are a key part of Intelligent Transport Systems (ITS) that aim to improve road safety and deliver services to drivers and passengers. This thesis explores how SDN and VANETs can be combined to improve network performance. With an SDN controller, network intelligence can be logically centralized and applications decoupled from the underlying infrastructure. However, centralized control can also become a single point of failure, making security a major concern. We therefore study how Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks affect the performance of SDN-based VANETs, and we focus on detecting DDoS attacks that use UDP traffic, because many ITS applications require real-time communication (for example accident warnings and congestion alerts). The thesis designs and tests a DDoS detection algorithm implemented as a software module on the SDN controller. The module monitors traffic features and uses entropy (a statistic that measures randomness) to assess how destination IP addresses are distributed within fixed time windows. The resulting entropy is compared to a preset threshold to classify traffic as normal or attack traffic. Test scenarios include both normal traffic and DDoS traffic with spoofed source IP addresses.
[This abstract was generated with the help of AI]
Keywords
Documents