Detectando e mitigando ataques DDoS com a abordagem MTD com base na classificação de fluxo automatizada em redes SDN
| Ano de defesa: | 2022 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Tecnológica Federal do Paraná
Curitiba Brasil Programa de Pós-Graduação em Computação Aplicada UTFPR |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.utfpr.edu.br/jspui/handle/1/30973 |
Resumo: | The Distributed Denial of Service (DdoS) coordinates synchronized attacks on systems on the Internet using a set of infected hosts (bots). Bots are programmed to attack a determined target by firing a lot of synchronized requests, causing slowness or unavailability of the service. This type of attack has recently grown in magnitude, diversity, and economic cost. Thus, this study aims to present a DdoS detection and mitigation architecture on Software Defined Networking (SDN). It considers the Moving Target Defense (MTD) approach, redirecting malicious floods for expendable low-capacity servers to protect the main server while discouraging the attacker. The redirecting decision is based on a sensor, that employs Machine Learning (ML) algorithms for flow classification. When malicious flows are detected, the sensor notifies the SDN controller to include them in the malicious lists and to realize the redirection. The validation and evaluation of the proposed architecture are conducted by simulation. Results considering different classification models (probabilistic, linear model, neural networks, and trees) and attack types indicate that the proposed architecture is efficient in detecting and mitigating DdoS attacks in approximately 3.00 seconds. |