Search Results (1 - 2 of 2 Results)

Sort By  
Sort Dir
 
Results per page  

Ikusan, Ademola A.Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network
Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2017, Computer Science
Over the years, there have been a lot of attacks on the web servers of critical companies and organization. As much as these organizations tighten their security, it always tends not to be enough to stop all the attacks towards their servers. These attack vectors are so diffi- cult to stop because of the technicalities behind the attack. Furthermore, there are different classes of distributed denial of service(DDoS) attacks such as the high rates (SYN Flood attacks, ARP Flood attacks, etc), low-rate(HTTP-GET, HTTP-POST). Although there are different ways to stop high rate DDoS attacks by traffic sampling and detecting malformed packets and unsolicited request by using stateful firewalls and other security sensors, but with low rate DDoS attacks it is different. The attack is a carefully crafted denial of service attacks that tend to evade known security tools out there. Aside that, the traditional net- working architecture is very rigid and it makes it very difficult for new ideas or innovations that can help solve this problem, but in recent years, there have been talks about a new networking paradigm, which is Software Defined Networking (SDN); this paradigm brings the possibility to program your network which allows more innovative idea to enter into the networking world in ways not seen before. This thesis proposes a solution to the problem of attacks that are difficult for security sensors to detect or prevent by using some of the powerful features of Software Defined Networking to mitigate this attack. This project is capable of mitigating against HTTP-GET attacks, the initial testing has a successful out- come in stopping attacks from known attack tools used to launch these attacks and also with a good prospect as per future improvements in making it cover more attack vectors and robust.

Committee:

Junjie Zhang, Ph.D. (Advisor); Bin Wang, Ph.D. (Committee Member); Adam Bryant, Ph.D. (Committee Member)

Subjects:

Computer Engineering; Computer Science; Information Science; Information Systems; Information Technology

Keywords:

Software Defined Networking; Distributed Denial of Service Attack; HTTP-GET Attack; Flow rule; OpenFlow; Low-Rate Attacks

Alqallaf, MahaSoftware Defined Secure Ad Hoc Wireless Networks
Doctor of Philosophy (PhD), Wright State University, 2016, Computer Science and Engineering PhD
Software defined networking (SDN), a new networking paradigm that separates the network data plane from the control plane, has been considered as a flexible, layered, modular, and efficient approach to managing and controlling networks ranging from wired, infrastructure-based wireless (e.g., cellular wireless networks, WiFi, wireless mesh net- works), to infrastructure-less wireless networks (e.g. mobile ad-hoc networks, vehicular ad-hoc networks) as well as to offering new types of services and to evolving the Internet architecture. Most work has focused on the SDN application in traditional and wired and/or infrastructure based networks. Wireless networks have become increasingly more heterogeneous. Secure and collab- orative operation of mobile wireless ad-hoc networks poses significant challenges due to the decentralized nature of mobile ad hoc wireless networks, mobility of nodes, and re- source constraints. Recent developments in software defined networking shed new light on how to control and manage an ad hoc wireless network. Given the wide deployment and availability of heterogeneous wireless technologies, the control and management of ad hoc wireless networks with the new software defined networking paradigm is offered more flexibility and opportunities to deal with trust and security issues and to enable new features and services. This dissertation focuses on the SDN MANET architecture design issues for provid- ing secure collaborative operation. Specifically, (I) We have proposed four design options for software defined secure collaborative ad hoc wireless network architecture. The de- sign options are organized into (a) centralized SDN controller architecture with controller replication and (b) distributed SDN controller architecture. While these proposed architec- ture options exhibit different characteristics, many common challenges are shared amongst these options. Challenges include fault-tolerance, scalability, efficiency, and security. The unstructured nature of ad hoc wireless networks exacerbates these challenges. We have studied the pros and cons of these different design options and their applicability in differ- ent practical scenarios via simulations. (II) Establishing the initial trust among participating devices in an SDN based wireless mobile ad hoc network will serve as a basis for enabling ensuing secure communication of the network. We proposed and studied trusted virtual certificate authorities (VCAs) based local infrastructure for supporting device mutual au- thentication to support secure communications/operations in SDN based MANETs, and therefore, relieving the MANETs of the need to rely on an external public key infrastruc- ture (PKI). We examined the ways in which this VCA based infrastructure can be integrated with the four SDN based MANET architecture design options. (III) Finally, we provided theoretically analysis of designing and incorporating an IDS/IPS system in an SDN based MANET.

Committee:

Bin Wang, Ph.D. (Advisor); Yong Pei, Ph.D. (Committee Member); Krishnaprasad Thirunarayan, Ph.D. (Committee Member); Zhiqiang Wu, Ph.D. (Committee Member)

Subjects:

Computer Engineering; Computer Science

Keywords:

MANET; Security Challenges; Trust Management Challenges; SDN; OpenFlow; SDN Security Issues and Mechanisms; Trust Management; Virtual Certificate Authority for SDNMANET; Intrusion Detection and Prevention for SDNMANET; SDNMANET Architecture