Παρακαλώ χρησιμοποιήστε αυτό το αναγνωριστικό για να παραπέμψετε ή να δημιουργήσετε σύνδεσμο προς αυτό το τεκμήριο: http://artemis.cslab.ece.ntua.gr:8080/jspui/handle/123456789/18312
Τίτλος: Intelligent Services for Detection and Mitigation of Distributed Denial-of-Service Attacks in Programmable Network Environments
Συγγραφείς: Δημολιάνης, Μαρίνος
Μάγκλαρης Βασίλειος
Λέξεις κλειδιά: DDoS attacks, Anomaly Detection, Attack Mitigation, Software-Defined Networking (SDN), Data Plane Programmability, P4, eXpress Data Path (XDP), Supervised Learning, Federated Learning
Ημερομηνία έκδοσης: 19-Απρ-2022
Περίληψη: In this dissertation, we leverage on capabilities offered by the Network Softwarization paradigm and combine them with advanced data analysis techniques, i.e. Machine Learning (ML), towards the development of an integrated protection framework against cyberattacks. We focus on Distributed-Denial of Service (DDoS) attacks and implement mechanisms for efficient network data collection, fast and reliable anomaly detection and effective mitigation. Initially, we design a DDoS detection mechanism entirely offloaded in the data plane using the P4 language. Through traffic features computed and evaluated in-network, DDoS attacks victims are identified rapidly within short timeframes. Detection in the data plane is one step ahead of control plane mechanisms that stall real-time detection and mitigation of network attacks. Detecting the victim of network attacks is only the first step towards mitigating them and is followed by traffic classification procedures. Thus, in this dissertation we introduce a novel signature-based classification and mitigation schema based on softwarized data planes, i.e. eXpress Data Path (XDP). Supervised Learning algorithms (Random Forests, Multilayer-Perceptrons), applied to packet features (signatures), segregate malicious from benign packets. The employed features are pre-selected through an automated process that eliminates inconsequential features. To expedite mitigation performance and ease filtering rules management, source IP-agnostic rules tailored to the attack traffic are generated. This is achieved via a multi-objective optimization problem formulation that reduces filtering rules number with minimal effect on benign traffic. The proposed signature-based mechanism is evaluated in two broad categories of DDoS attacks, protocol (i.e. SYN Flood) and volumetric (i.e. DNS Amplification). Based on experimental evaluations, our innovative approach outperforms the state-of-the-art flow-based protection mechanisms by (i) detecting attacks in shorter time-windows, (ii) optimizing the number and type of filtering rules, and (iii) achieving increased packet filtering performance. Finally, in this dissertation, we extend our signature-based schema to collaborative network environments. Collaborative DDoS detection relies on Federated Learning techniques that enable for cooperative and privacy-aware learning. Collaborative DDoS mitigation is implemented in programmable XDP-based middleboxes featuring a scalable, cost-effective protection as-a-service mechanism. By contrast to traditional protection schemes, we allow data exchange amongst disjoint network domains with respect to data privacy legislations; moreover, we offer a flexible yet efficient firewall solution offloaded in Commercial-off-the-Shelf hardware. Our integrated protection framework is deployed in programmable network hardware and evaluated using production network data from diverse and heterogeneous network environments, featuring fully realistic experimentation.
URI: http://artemis.cslab.ece.ntua.gr:8080/jspui/handle/123456789/18312
Εμφανίζεται στις συλλογές:Διδακτορικές Διατριβές - Ph.D. Theses

Αρχεία σε αυτό το τεκμήριο:
Αρχείο Περιγραφή ΜέγεθοςΜορφότυπος 
MD_dissertation.pdf4.67 MBAdobe PDFΕμφάνιση/Άνοιγμα


Όλα τα τεκμήρια του δικτυακού τόπου προστατεύονται από πνευματικά δικαιώματα.