Genetic algorithm for SDN protection against network attacks

Authors

  • Stanislav Igorovych Zabielin Educational-scientific complex "Institute for Applied System Analysis" NTUU "KPI", Kyiv, Ukraine

DOI:

https://doi.org/10.20535/SRIT.2308-8893.2016.2.02

Keywords:

SDN, controller, OPENFLOW, POX, network attacks, MININET, defensive algorithm

Abstract

This paper examines the problem of detecting and blocking network attacks using SDN. This problem is formulated as the problem of finding the "correct" vector, in fact, it is the task of the binary integer programming. The DDoS-attack is used as a network attack. A mathematical model of the problem and algorithm to identify sets of attacking hosts from the recorded data is developed. Upon detection of the set, the problem is reduced to the problem of preventing the attack, which means blocking IP-addresses. To evaluate the effectiveness of the proposed algorithm of intrusion detection, experimental studies have been conducted. To simulate SDN networks, Mininet network emulator was used. The task of the binary integer programming was solved. The analysis of results confirms that using SDN advantages, namely, centralized management and flexibility, we were able to implement a genetic algorithm, which protected the network from one of the most common network attacks — DDoS.

Author Biography

Stanislav Igorovych Zabielin, Educational-scientific complex "Institute for Applied System Analysis" NTUU "KPI", Kyiv

Stanislav Igorovych Zabielin,

a student of Educational-scientific complex "Institute for Applied System Analysis" NTUU "KPI", Kyiv, Ukraine

References

Nadeau T. SDN: Software Defined Network [Text] / T. Nadeau, K. Gray. — Washington: O’Reilly Media, 2013. — P. 9–11.

Open Networking Lab - Confluence [Digital source] : POX Wiki.Ali Al-Shabibi. — Available at: https://openflow.stanford.edu/display/ONL/POX+Wiki

Holland J. Adaptation in natural and artificial systems [Text] / J. Holland. — University of Michigan Press, Ann Arbor, 1975. — P. 2.

Limoncelli T. Adaptation in natural and artificial systems [Text] / T. Limoncelli. — ACM, 2012. — 55 p.

Composing software-defined networks / C. Monsanto, P. Private, A. Monsanto etc. — New York, USA: USENIX NSDI, 2013. — 13 p.

A security enforcement kernel for openflow networks / P. Porras, S. Shin, V. Yegneswaran etc. — New York, USA: ACM, 2012. — 10 p.

Published

2016-06-21

Issue

Section

Progressive information technologies, high-efficiency computer systems