Detalhes bibliográficos
| Ano de defesa: |
2021 |
| Autor(a) principal: |
Nunez Segura, Gustavo Alonso |
| Orientador(a): |
Não Informado pela instituição |
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Tese
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
eng |
| Instituição de defesa: |
Biblioteca Digitais de Teses e Dissertações da USP
|
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: |
|
| Link de acesso: |
https://www.teses.usp.br/teses/disponiveis/3/3141/tde-22022022-093544/
|
Resumo: |
Software-defined networking (SDN) is a paradigm that was meant to improve networks programmability and management facilities. These benefits motivated its implementation in Low-power and Lossy Networks (LLNs), such as Internet of Things and wireless sensor networks, to address challenges considering flexibility and resource reuse. SDNbased networks are vulnerable to denial of service (DoS) and Distibuted DoS (DDoS) attacks, and this vulnerability is critical in resource-constrained networks. Analyzing the state of the art for SDN-based LLNs, we identified two main challenges: scalability and complexity. Proposals with high detection performance are mainly centralized and require communication resources that are not compatible with LLNs, such as out-of-band communication and constant monitoring in short periods, restricting scalability. There are also hybrid proposals that reduced packets traffic and the bottleneck effect. These works reported inferior performance than centralized approaches or required specific nodes with high capabilities inside the LLN to support the detection. To address this gap, we propose a cooperative intrusion detection strategy where all the nodes have active participation. We use centralized monitoring to detect anomalies in the network behavior, adjusting the communication frequency to the network size and communication resources. At the same time, every LLN node is monitoring its behavior using a higher sampling frequency to compensate the delay of the detection from the centralized information. The intrusion detection is based on anomaly detection using change-point analysis. The algorithm proposed is a modified version of state-of-the-art CUSUM algorithms and is so lightweight that it can run on TelosB motes requiring around 7.2 KB of memory space only. The cooperative intrusion detection was simulated on networks with 36, 100 and 225 nodes with only one controller. The results showed that by solving the complexity issues of the distributed detection we were able to improve scalability without reducing detection and network performance, obtaining detection accuracy comparable to high-traffic centralized approaches without the need of high capabilities devices. Moreover, the cooperation among the nodes allowed us to identify nodes launching the attack and the type of the attack with a probability exceeding 0.89. |
