Basic Search / Detailed Display

Author: 廖建富
Chien-Fu Liao
Thesis Title: 於P4交換機中利用支持向量機針對低速率DDoS攻擊的偵測機制
Detecting Low-Rate DDoS Attack in P4 Switch using Support Vector Machines
Advisor: 沈上翔
Shan-Hsiang Shen
Committee: 沈上翔
Shan-Hsiang Shen
金台齡
Tai-Lin Chin
黃琴雅
Chin-Ya Huang
Degree: 碩士
Master
Department: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
Thesis Publication Year: 2023
Graduation Academic Year: 111
Language: 中文
Pages: 20
Keywords (in Chinese): 軟體定義網路P4交換機低速率DDoS支持向量機
Keywords (in other languages): Software-Defined Networking, P4 Switch, Low-Rate DDoS, Support Vector Machine
Reference times: Clicks: 245Downloads: 0
Share:
School Collection Retrieve National Library Collection Retrieve Error Report

DDoS(Distributed Denial of Service,分散式阻斷服務)是先今網路攻擊中最為普遍且有效的攻擊手法之一,傳統的DDoS攻擊是利用短時間內的大量封包請求去阻斷伺服器服務,如:SYN flood、HTTP flood等,但此攻擊手段容易被偵測及抵擋,隨後出現了低速率DDoS攻擊,它不需要大量的頻寬就能達成攻擊目的,因此很難與一般流量區分,儘管察覺到伺服器出現異常,如何準確判斷低速率DDoS攻擊也是一大難題。

本篇論文會探討SDN(軟體定義網路)架構中,針對低速率DDoS攻擊的主要三種型態進行偵測,並且在SDN環境中結合P4交換機,P4交換機是一種可程式化交換機,它使用P4語言來設置資料層的邏輯,並且可以支援各種協定和應用程式。P4交換機可以程式編寫實現特定的資料封包處理和轉發功能,以實現更靈活和高效的網路管理和控制。以往在SDN環境中偵測DDoS的做法是把封包複製一份送到中央控制器進行處理,不過如果碰到大量流量占用頻寬會導致處理延遲,所以我們提出新型態的架構,可以利用P4交換機結合SVM(支持向量機)模型進行初步的偵測與抵擋,迅速地處理封包以減少延遲,若是在SVM超平面的邊界難以判斷的點則再送往中央控制器處理,如此可增加效能也可確保對DDoS攻擊判斷的準確性,達成可靠度高的低速率DDoS攻擊偵測架構。


Distributed Denial of Service (DDoS) attacks are among the most common and effective techniques used in network attacks. Traditional DDoS attacks involve flooding servers with a large number of packet requests within a short period, such as SYN flood and HTTP flood. However, these attack methods are easily detectable and can be mitigated. Subsequently, low-rate DDoS attacks emerged, which can achieve their goals without requiring a significant amount of bandwidth. These attacks are challenging to distinguish from normal traffic, making it difficult to accurately identify low-rate DDoS attacks even when server anomalies are detected.

This paper explores three main types of low-rate DDoS attack detection within the Software-Defined Networking (SDN) architecture. It also integrates the P4 switch in the SDN environment. P4 switch is a programmable switch that uses the P4 language to define the logic of the data plane and support various protocols and applications. P4 switch enables programmable packet processing and forwarding functions, thereby facilitating flexible and efficient network management and control. In previous approaches to DDoS detection in SDN environments, packets were copied and sent to a central controller for processing. However, this approach could cause processing delays and bandwidth consumption under high traffic loads. To address this issue, we propose a novel architecture that combines P4 switch with Support Vector Machine (SVM) model to perform initial detection and mitigation, enabling rapid packet processing to reduce delays. If a vector falls into a region that is difficult to classify within the SVM hyperplane, it is forwarded to the central controller for further processing. This approach enhances performance and ensures accurate detection of DDoS attacks, leading to a reliable and high-performance low-rate DDoS attack detection framework.

教授推薦書 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i 論文口試委員審定書 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii 中文摘要 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv Acknowledegment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Table of contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 低速率DDoS攻擊 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 SDN的DDoS攻擊偵測方法 . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 封包特徵 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3 Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1 系統架構 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.2 P4交換機攻擊偵測模組 . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.3 中央控制器攻擊偵測模組 . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.4 小結 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 4.1 實驗架構 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 vi 4.2 P4封包處理 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.3 機器學習模型效能評估 . . . . . . . . . . . . . . . . . . . . . . . . . . 15 5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

[1] opennetworking.org, “Ng-sdn-tutorial-session-1.” https://
opennetworking.org/wp-content/uploads/2019/10/NG-SDN-Tutorial-Session-1.pdf, 2019.
[2] K. Collier, “Taiwanese websites hit with ddos attacks as pelosi begins visit,” NBC News.
[3] N. M. Yungaicela-Naula, C. Vargas-Rosales, and J. A. Perez-Diaz, “Sdn-based architecture for transport and application layer ddos attack detection by using machine and deep learning,” IEEE Access, vol. 9, pp. 108495–108512, 2021.
[4] M. W. Nadeem, H. G. Goh, Y. Aun, and V. Ponnusamy, “A recurrent neural network
based method for low-rate ddos attack detection in sdn,” in 2022 3rd International
Conference on Artificial Intelligence and Data Sciences (AiDAS), pp. 13–18, 2022.
[5] R. N. Carvalho, L. R. Costa, J. L. Bordim, and E. A. P. Alchieri, “Detecting ddos
attacks on sdn data plane with machine learning,” in 2021 Ninth International Symposium on Computing and Networking Workshops (CANDARW), pp. 138–144, 2021.
[6] Z. Wen, J. Shi, Q. Li, B. He, and J. Chen, “ThunderSVM: A fast SVM library on
GPUs and CPUs,” Journal of Machine Learning Research, vol. 19, pp. 797–801, 2018.
[7] T. Chen and C. Guestrin, “Xgboost: A scalable tree boosting system,” CoRR,
vol. abs/1603.02754, 2016.
[8] N. Muraleedharan and B. Janet, “Behaviour analysis of http based slow denial of service attack,” in 2017 International Conference on Wireless Communications, Signal
Processing and Networking (WiSPNET), pp. 1851–1856, 2017.
[9] G. Fioravanti, M. G. Spina, and F. De Rango, “Entropy based ddos detection in software defined networks,” in 2023 IEEE 20th Consumer Communications Networking
Conference (CCNC), pp. 636–639, 2023
[10] F. A. P. F. C. F. Musumeci, F. and M. Tornatore, “Machine-learning-enabled ddos
attacks detection in p4 programmable networks,” in 2021 Journal of Network and
Systems Management, pp. 1573–7705, 2021.
[11] Z. Xiong and N. Zilberman, “Do switches dream of machine learning? toward innetwork classification,” in Proceedings of the 18th ACM Workshop on Hot Topics in
Networks, HotNets ’19, (New York, NY, USA), p. 25–33, Association for Computing Machinery, 2019.
[12] B. M. Xavier, R. S. Guimares, G. Comarela, and M. Martinello, “Programmable
switches for in-networking classification,” in IEEE INFOCOM 2021 - IEEE Conference on Computer Communications, pp. 1–10, 2021.

無法下載圖示 Full text public date 2033/07/25 (Intranet public)
Full text public date This full text is not authorized to be published. (Internet public)
Full text public date 2033/07/25 (National library)
QR CODE