Search Results (1 - 4 of 4 Results)

Sort By  
Sort Dir
 
Results per page  

Ikusan, Ademola A.Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network
Master of Science in Cyber Security (M.S.C.S.), Wright State University, 2017, Computer Science
Over the years, there have been a lot of attacks on the web servers of critical companies and organization. As much as these organizations tighten their security, it always tends not to be enough to stop all the attacks towards their servers. These attack vectors are so diffi- cult to stop because of the technicalities behind the attack. Furthermore, there are different classes of distributed denial of service(DDoS) attacks such as the high rates (SYN Flood attacks, ARP Flood attacks, etc), low-rate(HTTP-GET, HTTP-POST). Although there are different ways to stop high rate DDoS attacks by traffic sampling and detecting malformed packets and unsolicited request by using stateful firewalls and other security sensors, but with low rate DDoS attacks it is different. The attack is a carefully crafted denial of service attacks that tend to evade known security tools out there. Aside that, the traditional net- working architecture is very rigid and it makes it very difficult for new ideas or innovations that can help solve this problem, but in recent years, there have been talks about a new networking paradigm, which is Software Defined Networking (SDN); this paradigm brings the possibility to program your network which allows more innovative idea to enter into the networking world in ways not seen before. This thesis proposes a solution to the problem of attacks that are difficult for security sensors to detect or prevent by using some of the powerful features of Software Defined Networking to mitigate this attack. This project is capable of mitigating against HTTP-GET attacks, the initial testing has a successful out- come in stopping attacks from known attack tools used to launch these attacks and also with a good prospect as per future improvements in making it cover more attack vectors and robust.

Committee:

Junjie Zhang, Ph.D. (Advisor); Bin Wang, Ph.D. (Committee Member); Adam Bryant, Ph.D. (Committee Member)

Subjects:

Computer Engineering; Computer Science; Information Science; Information Systems; Information Technology

Keywords:

Software Defined Networking; Distributed Denial of Service Attack; HTTP-GET Attack; Flow rule; OpenFlow; Low-Rate Attacks

Nguyen, Hoang VinhSteve - A Programming Language for Packet Processing
Master of Science, University of Akron, 2016, Computer Science
Software-defined networking (SDN) aims to make network switches programmable to enable a class of intelligent networking applications that can automate network flow direction in ways that conventional switches cannot. We present Steve, a protocol-independent, domain-specific language (DSL) for writing these networking applications on SDN devices. Steve provides high-level language features for expressing protocol structure, decoding rules, forwarding decisions, packet manipulation, and event handling for reactive non-distributed control planes. These features define a packet processing pipeline -- the algorithm used to make forwarding decisions. Steve solves two issues in SDN language development: safe packet access and safe pipeline composition. Vulnerabilities in an application running a network switch can be disastrous, therefore the Steve compiler is designed to catch potential errors. Steve uses a type and constraints system which enforces these safety guarantees. To verify our work, we produced a Steve language compiler which implements these safety guarantees. We also present four compilable Steve applications: a MAC and IPv4 learning switch, a stateless firewall, and a wire. These applications are tested with a runtime environment which provides Steve access to switch resources.

Committee:

Andrew Sutton, Dr. (Advisor); Kathy Liszka, Dr. (Committee Member); Michael Collard, Dr. (Committee Member)

Subjects:

Computer Science

Keywords:

software-defined networking;compiler;programming language;network switches

Gruesen, Michael GTowards an Ideal Execution Environment for Programmable Network Switches
Master of Science, University of Akron, 2016, Computer Science
Software Defined Networking (SDN) aims to create more powerful, intelligent networks that are managed using programmed switching devices. Applications for these SDN switches should be target independent, while being efficiently translated to the platform's native machine code. However network switch vendors do not conform to any standard, and contain different capabilities and features that vary between manufacturers. The Freeflow Virtual Machine (FFVM) is a modular, fully programmable virtual switch that can host compiled network applications. Applications are compiled to native object libraries and dynamically loaded at run time. The FFVM provides the necessary data and computing resources required by applications to process packets. This work details the many implementation approaches investigated and evaluated in order to define a suitable execution environment for hosted network applications.

Committee:

Andrew Sutton, Dr. (Advisor)

Subjects:

Computer Science

Keywords:

Software Defined Networking; SDN; Execution environment; Virtual machine; Programmable network switch

Jamaliannasrabadi, SabaHigh Performance Computing as a Service in the Cloud Using Software-Defined Networking
Master of Science (MS), Bowling Green State University, 2015, Computer Science
Benefits of Cloud Computing (CC) such as scalability, reliability, and resource pooling have attracted scientists to deploy their High Performance Computing (HPC) applications on the Cloud. Nevertheless, HPC applications can face serious challenges on the cloud that could undermine the gained benefit, if care is not taken. This thesis targets to address the shortcomings of the Cloud for the HPC applications through a platform called HPC as a Service (HPCaaS). Further, a novel scheme is introduced to improve the performance of HPC task scheduling on the Cloud using the emerging technology of Software-Defined Networking (SDN). The research introduces “ASETS: A SDN-Empowered Task Scheduling System” as an elastic platform for scheduling HPC tasks on the cloud. In addition, a novel algorithm called SETSA is developed as part of the ASETS architecture to manage the scheduling task of the HPCaaS platform. The platform monitors the network bandwidths to take advantage of the changes when submitting tasks to the virtual machines. The experiments and benchmarking of HPC applications on the Cloud identified the virtualization overhead, cloud networking, and cloud multi-tenancy as the primary shortcomings of the cloud for HPC applications. A private Cloud Test Bed (CTB) was set up to evaluate the capabilities of ASETS and SETSA in addressing such problems. Subsequently, Amazon AWS public cloud was used to assess the scalability of the proposed systems. The obtained results of ASETS and SETSA on both private and public cloud indicate significant performance improvement of HPC applications can be achieved. Furthermore, the results suggest that proposed system is beneficial both to the cloud service providers and the users since ASETS performs better the degree of multi-tenancy increases. The thesis also proposes SETSAW (SETSA Window) as an improved version of SETSA algorism. Unlike other proposed solutions for HPCaaS which have either optimized the cloud to make it more HPC-friendly, or required adjusting HPC applications to make them more cloud-friendly, ASETS tends to provide a platform for existing cloud systems to improve the performance of HPC applications.

Committee:

Hassan Rajaei, Ph.D (Advisor); Robert Green, Ph.D (Committee Member); Jong Kwan Lee, Ph.D (Committee Member)

Subjects:

Computer Engineering; Computer Science; Technology

Keywords:

High Performance Computing; HPC; Cloud Computing; Scientific Computing; HPCaaS; Software Defined Networking; SDN; Cloud Networking; Virtualization