Citation
Share
Abstract
Software-defined networks provide alternatives for data management and security in enter prise environments with the help of an external controller and by separating the control planefrom the data plane. The versatility of SDN makes them suitable for the detection and mit igation of DDoS attacks. DDoS attacks are increasing in complexity and size. Several re ports state that DDoS are the second most prominent network attacks from 2022 to 2024 and are changing in behavior. New attackers are aiming at unprotected devices, such as IoT and healthcare networks, which pose a threat to human lives. DDoS also leverages new vulnerabil ities and behaviors, such as the more recent HTTP/2 attack, which shares several similarities with stealthy, Slow-rate attacks. State-of-the-art detection techniques for DDoS attacks in clude algorithms and machine learning implementations that classify data flows depending on individual features such as message length and packet frequency. However, these approaches may overload the network controller. This thesis proposes a framework that captures flow fea tures for ML detection within programmable switches, without relying on an SDN controller to increase the speed of network protection systems. This thesis presents a code written in P4 programming language for the use of BMv2 P4 programmable switches and a physical assessment using Tofino-based P4 programmable switches. Both implementations evaluate a protection framework against Slow-rate DDoS attacks using machine-learning models inside programmable switches. The results of this work showed an accuracy above 88%, ranging from 88.74% in the physical implementation to 98.28% in the simulated implementation. The results of this thesis achieved a steppingstone in DDoS attack detection as it is performed in real time at high speed due to the advantages of programmable switches. Moreover, the framework goes even further and implements a mitigation strategy that successfully blocks malicious IP addresses.
Description
https://orcid.org/0000-0002-7678-5487