Global ETD Search

81	Um serviço para anonimização em redes definidas por software Bomfim, Leonardo Henrique da Silva 22 February 2017 (has links) This work has the goal to make an implementation of an anonymization service on Software-Defined Networks (SDN) with the goal to reduce the number of attacks. With an anonymization service is possible to hide the IP address from the network’s hosts, ensuring more protection against security attacks, which allows a more time availability. One of the biggest challenge on SDN architecture is the security issue. The separation of control and data planes allows o generated challenges on security, due to the network’s permissiveness to attacks such as “ Man in the Middle ”, Denial of Service and Saturation. The service developed in this work, named as BomIP, uses the micro-data anonymization technique of randomization of IP address of the hosts. The BomIP was added in the SDN controller RunOS, which was the responsible to make the management of the real and anonymized IP address. To validate this service it was developed two Case Studies with an environment simulating a Denial of Service attack. The first Case Study made a comparison between Crypto-Pan and BomIP. While the second Case Study made a comparison between a traditional network IP and a SDN one using BomIP, both under Denial of Service attack. The analysis of results showed that the service developed has an running time 65% more efficient than Crypto-Pan. The assintotic analysis shows that BomIP is an algorith with running time of quadratic order. The results also showed that the anonymized packets can be tracked and a mitigation of 80% from the attacks trials, ensuring that the services provided by the network remain available. / Este trabalho tem como objetivo implementar um servi¸co de anonimiza¸c˜ao em Redes Definidas por Software (SDN) com o objetivo de realizar a mitiga¸c˜ao de tentativas de ataque sofridas por uma rede. Atrav´es de um servi¸co de anonimiza¸c˜ao ´e poss´ıvel realizar a oculta¸c˜ao dos endere¸cos IP dos hosts da rede, garantindo maior prote¸c˜ao contra ataques `a seguran¸ca, permitindo um aumento de sua disponibilidade. Um dos maiores desafios da arquitetura SDN ´e a seguran¸ca. A separa¸c˜ao do controle e do plano de dados permite que desafios para garantir a seguran¸ca sejam gerados, devido `a permissividade da rede a ataques como “Homem no Meio”, Nega¸c˜ao de Servi¸co e Satura¸c˜ao. O servi¸co aqui desenvolvido, denominado de BomIP, utiliza a t´ecnica de anonimiza¸c˜ao de micro-dados atrav´es da randomiza¸c˜ao dos endere¸cos IP dos hosts. O servi¸co BomIP foi adicionado ao controlador RunOS, que ficou respons´avel por realizar o gerenciamento dos endere¸cos IP reais e anonimizados. Para validar este servi¸co foram realizados dois Estudos de Caso em um ambiente simulando um ataque de Nega¸c˜ao de Servi¸co. O primeiro Estudo de Caso realizou a compara¸c˜ao do funcionamento do servi¸co de anonimiza¸c˜ao Crypto-Pan com o BomIP. Enquanto que o segundo Estudo de Caso realizou a compara¸c˜ao de uma rede IP tradicional sob ataque de Nega¸c˜ao de Servi¸co e uma SDN utilizando o BomIP. A an´alise dos resultados mostrou que o servi¸co desenvolvido tem um tempo de execu¸c˜ao 65% mais eficiente que o Crypto-Pan. A an´alise de complexidade do algoritmo do BomIP demonstrou que ´e de ordem quadr´atica. Os resultados tamb´em demonstraram que os pacotes anonimizados permitem a rastreabilidade e a mitiga¸c˜ao de 80% das tentativas de ataque, dando garantias que os servi¸cos providos pela rede continuem dispon´ıveis. Ciência da computação Programas de computador Redes de computadores Desenvolvimento de software Tecnologia da informação Redes definidas por software Anonimização OpenFlow Software-defined networking Anonymization
82	Enhanced communication security and mobility management in small-cell networks Namal, S. (Suneth) 09 December 2014 (has links) Abstract Software-Defined Networks (SDN) focus on addressing the challenges of increased complexity and unified communication, for which the conventional networks are not optimally suited due to their static architecture. This dissertation discusses the methods about how to enhance communication security and mobility management in small-cell networks with IEEE 802.11 backhaul. Although 802.11 has become a mission-critical component of enterprise networks, in many cases it is not managed with the same rigor as the wired networks. 802.11 networks are thus in need of undergoing the same unified management as the wired networks. This dissertation also addresses several new issues from the perspective of mobility management in 802.11 backhaul. Due to lack of built-in quality of service support, IEEE 802.11 experiences serious challenges in meeting the demands of modern services and applications. 802.11 networks require significantly longer duration in association compared to what the real-time applications can tolerate. To optimise host mobility in IEEE 802.11, an extension to the initial authentication is provided by utilising Host Identity Protocol (HIP) based identity attributes and Elliptic Curve Cryptography (ECC) based session key generation. Finally, this dissertation puts forward the concept of SDN based cell mobility and network function virtualization, its counterpart. This is validated by introducing a unified SDN and cognitive radio architecture for harmonized end-to-end resource allocation and management presented at the end. / Tiivistelmä Ohjelmisto-ohjatut verkot (SDN) keskittyvät ratkaisemaan haasteita liittyen kasvaneeseen verkkojen monimutkaisuuteen ja yhtenäiseen kommunikaatioon, mihin perinteiset verkot eivät staattisen rakenteensa vuoksi sovellu. Väitöskirja käsittelee menetelmiä, joilla kommunikaation turvallisuutta ja liikkuvuuden hallintaa voidaan parantaa IEEE 802.11 langattomissa piensoluverkoissa. Vaikkakin 802.11 on muodostunut avainkomponentiksi yritysverkoissa, monissa tapauksissa sitä ei hallinnoida yhtä täsmällisesti kuin langallista verkkoa. 802.11 verkoissa on näin ollen tarve samantyyppiselle yhtenäiselle hallinnalle, kuin langallisissa verkoissa on. Väitöskirja keskittyy myös moniin uusiin liikkuvuuden hallintaan liittyviin ongelmiin 802.11 verkoissa. Johtuen sisäänrakennetun yhteyden laatumäärittelyn (QoS) puuttumisesta, IEEE 802.11 verkoille on haasteellista vastata modernien palvelujen ja sovellusten vaatimuksiin. 802.11 verkot vaativat huomattavasti pidemmän ajan verkkoon liittymisessä, kuin reaaliaikasovellukset vaativat. Työssä on esitelty laajennus alustavalle varmennukselle IEEE 802.11-standardiin isäntälaitteen liikkuvuuden optimoimiseksi, joka hyödyntää Host Identity Protocol (HIP)-pohjaisia identiteettiominaisuuksia sekä elliptisten käyrien salausmenetelmiin (ECC) perustuvaa istunnon avaimen luontia. Lopuksi työssä esitellään ohjelmisto-ohjattuihin verkkoihin pohjautuva solujen liikkuvuuden konsepti, sekä siihen olennaisesti liittyvä verkon virtualisointi. Tämä validoidaan esittelemällä yhtenäinen SDN:ään ja kognitiiviseen radioon perustuva arkkitehtuuri harmonisoidulle päästä päähän resurssien varaamiselle ja hallinnoinnille, joka esitellään lopussa. authentication fast initial authentication mobile femtocells software defined networking mobiilit femtosolut nopea alustava varmennus ohjelmisto-ohjattu verkko varmentaminen Host Identity Protocol OMNet++ OpenFlow
83	Návrh a implementace síťového kolektoru / Design and implementation of network collector Bošeľa, Jaroslav January 2020 (has links) This master’s thesis deals with description of information protocol of network flow, mainly definition of Cisco NetFlow version 9. Describes it’s features, message format and attributes of transmitted data. The thesis is primarly focused onto NetFlow v9 transmitted template, which defines fileds and data in consecutive data flow. The essence of the thesis consists in implementation of simple NetFlow v9 parser, which has been programmed in Python prog.language, it’s tests of captured UDP data from file and port capture testing on development server in lab. There is a possibility of saving captured and parsed data into prepared database within implementation as output from capturing.
84	Simulace SDN sítě / Simulation of SDN network Vrablic, Pavol January 2017 (has links) The main aim of this work is to become familiar with the technology of software-defined networks and learn to use some of the tools to measure and simulate these networks.
85	Collaboratively Detecting HTTP-based Distributed Denial of Service Attack using Software Defined Network Ikusan, Ademola A. January 2017 (has links) No description available. Computer Science Computer Engineering Information Technology Information Systems Information Science Software Defined Networking Distributed Denial of Service Attack HTTP-GET Attack Flow rule OpenFlow Low-Rate Attacks
86	Network Resource Management in Infrastructure-as-a-Service Clouds Amarasinghe, Heli 03 May 2019 (has links) Cloud Infrastructure-as-a-Service (IaaS) is a form of utility computing which has emerged with the recent innovations in the service computing and data communication technologies. Regardless of the fact that IaaS is attractive for application service providers, satisfying user requests while ensuring cloud operational objectives is a complicated task that raises several resource management challenges. Among these challenges, limited controllability over network services delivered to cloud consumers is prominent in single datacenter cloud environments. In addition, the lack of seamless service migration and optimization, poor infrastructure utilization, and unavailability of efficient fault tolerant techniques are noteworthy challenges in geographically distributed datacenter clouds. Initially in this thesis, a datacenter resource management framework is presented to address the challenge of limited controllability over cloud network traffic. The proposed framework integrates network virtualization functionalities offered by software defined networking (SDN) into cloud ecosystem. To provide rich traffic control features to IaaS consumers, control plane virtualization capabilities offered by SDN have been employed. Secondly, a quality of service (QoS) aware seamless service migration and optimization framework has been proposed in the context of geo-distributed datacenters. Focus has been given to a mobile end-user scenario where frequent cloud service migrations are required to mitigate QoS violations. Finally, an SDN-based dynamic fault restoration scheme and a shared backup-based fault protection scheme have been proposed. The fault restoration has been achieved by introducing QoS-aware reactive and shared risk link group-aware proactive path computation algorithms. Shared backup protection has been achieved by optimizing virtual and backup link embedding through a novel integer linear programming approach. The proposed solutions significantly improve bandwidth utilization in inter-datacenter networks while recovering from substrate link failures. Cloud Computing Composition Infrastructure-as-a-Service Network virtualization Resource Management Software-defined-networking Mobile Clouds Networked cloud infrastructure OpenFlow Protection Restoration Resource allocation Shared backup Survivable virtual network embedding Traffic-engineering
87	Multi-operator greedy routing based on open routers Venmani, Daniel Philip 26 February 2014 (has links) (PDF) Revolutionary mobile technologies, such as high-speed packet access 3G (HSPA+) and LTE, have significantly increased mobile data rate over the radio link. While most of the world looks at this revolution as a blessing to their day-to-day life, a little-known fact is that these improvements over the radio access link results in demanding tremendous improvements in bandwidth on the backhaul network. Having said this, today's Internet Service Providers (ISPs) and Mobile Network Operators (MNOs) are intemperately impacted as a result of this excessive smartphone usage. The operational costs (OPEX) associated with traditional backhaul methods are rising faster than the revenue generated by the new data services. Building a mobile backhaul network is very different from building a commercial data network. A mobile backhaul network requires (i) QoS-based traffic with strict requirements on delay and jitter (ii) high availability/reliability. While most ISPs and MNOs have promised advantages of redundancy and resilience to guarantee high availability, there is still the specter of failure in today's networks. The problems of network failures in today's networks can be quickly but clearly ascertained. The underlying observation is that ISPs and MNOs are still exposed to rapid fluctuations and/or unpredicted breakdowns in traffic; it goes without saying that even the largest operators can be affected. But what if, these operators could now put in place designs and mechanisms to improve network survivability to avoid such occurrences? What if mobile network operators can come up with low-cost backhaul solutions together with ensuring the required availability and reliability in the networks? With this problem statement in-hand, the overarching theme of this dissertation is within the following scopes: (i) to provide low-cost backhaul solutions; the motivation here being able to build networks without over-provisioning and then to bring-in new resources (link capacity/bandwidth) on occasions of unexpected traffic surges as well as on network failure conditions for particularly ensuring premium services (ii) to provide uninterrupted communications even at times of network failure conditions, but without redundancy. Here a slightly greater emphasis is laid on tackling the 'last-mile' link failures. The scope of this dissertation is therefore to propose, design and model novel network architectures for improving effective network survivability and network capacity, at the same time by eliminating network-wide redundancy, adopted within the context of mobile backhaul networks. Motivated by this, we study the problem of how to share the available resources of a backhaul network among its competitors, with whom a Service Level Agreement (SLA) has been concluded. Thus, we present a systematic study of our proposed solutions focusing on a variety of empirical resource sharing heuristics and optimization frameworks. With this background, our work extends towards a novel fault restoration framework which can cost-effectively provide protection and restoration for the operators, enabling them with a parameterized objective function to choose desired paths based on traffic patterns of their end-customers. We then illustrate the survivability of backhaul networks with reduced amount of physical redundancy, by effectively managing geographically distributed backhaul network equipments which belong to different MNOs using 'logically-centralized' physically-distributed controllers, while meeting strict constraints on network availability and reliability [INFO:INFO_OH] Computer Science/Other [INFO:INFO_OH] Informatique/Autre [SPI:OTHER] Engineering Sciences/Other Network architecture Network design Network resilience Network algorithms & operations
88	OrchFlow: uma arquitetura para orquestração de redes OpenFlow com múltiplos controladores / OrchFlow: an architecture for orchestration of OpenFlow networks with multiple controllers Frate, Marcelo 23 February 2017 (has links) Submitted by Milena Rubi (milenarubi@ufscar.br) on 2017-10-09T14:35:22Z No. of bitstreams: 1 FRATE_Marcelo-2017.pdf: 8466810 bytes, checksum: 9438c26c84ebe90cd741672c8c04d726 (MD5) / Approved for entry into archive by Milena Rubi (milenarubi@ufscar.br) on 2017-10-09T14:35:33Z (GMT) No. of bitstreams: 1 FRATE_Marcelo-2017.pdf: 8466810 bytes, checksum: 9438c26c84ebe90cd741672c8c04d726 (MD5) / Approved for entry into archive by Milena Rubi (milenarubi@ufscar.br) on 2017-10-09T14:35:45Z (GMT) No. of bitstreams: 1 FRATE_Marcelo-2017.pdf: 8466810 bytes, checksum: 9438c26c84ebe90cd741672c8c04d726 (MD5) / Made available in DSpace on 2017-10-09T14:35:53Z (GMT). No. of bitstreams: 1 FRATE_Marcelo-2017.pdf: 8466810 bytes, checksum: 9438c26c84ebe90cd741672c8c04d726 (MD5) Previous issue date: 2017-02-23 / Não recebi financiamento / Since the emergence of the Software-Defined Networking (SDN), and, more precisely, since the development of an open interface in 2008 called OpenFlow protocol, it is being observed that this new networking paradigm is deeply remodeling the IP-protocol- based networks. It means that new mechanisms of provision services are being possible, which ensures scalability and reduces costs. Although this new paradigm has been created to centralize the control logic, there is the possibility of decentralizing it through the parceling of control tasks between two or more controllers. In this scenario, the subdivision of administrative domain in smaller subdomains in order to have each of them being controlled by one single controller has been an alternative to ensure scalability in SDN. The OpenFlow protocol allows communication among switches and controllers to another controller. However, the protocol does not define how this communication between one controller to other should be done. It is mandatory, therefore, the development of protocol independent solutions able to distribute this logic inside the same administrative domain. New proposals have been arisen, but their applications either use equal controllers or demand the development of new controllers specifically designed. This master’s research aims to offer the fundamentals to the development of an architecture here so called Orch Flow, able to receive application demands and organize them in a way it provides requested services through an OpenFlow network designed with two or more different implementation controllers. The OrchFlow architecture that is being proposed accomplishes its task through handling multiple OpenFlow controllers hierarchically and providing network access through three distinct modes: Proactive, Reactive and Hybrid. / Desde o surgimento das Redes Definidas por Software e mais especificamente à partir de 2008 com o desenvolvimento de uma interface aberta, o protocolo OpenFlow, é possível observar que este novo paradigma de redes está revolucionando as redes baseadas no protocolo IP, possibilitando a criação de novos mecanismos de aprovisionamento de serviços, garantindo a escalabilidade e reduzindo custos. Embora este novo paradigma tenha sido criado para a centralização da lógica de controle, existe a possibilidade de descentralizá-la através da divisão das tarefas de controle entre dois ou mais controladores. Neste cenário, subdividir o domínio administrativo em subdomínios menores e fazer com que cada subdomínio seja controlado por um controlador tem sido uma alternativa para garantir escalabilidade em Software-Defined Networking (SDN). O protocolo OpenFlow permite a comunicação entre switches e controladores, entretanto ele não define como deve ser feita a comunicação de um controlador para outro controlador. Faz-se necessário, portanto, o desenvolvimento de soluções independentes do protocolo, capazes de distribuir essa lógica dentro de um mesmo domínio administrativo. Neste cenário, novas propostas vão surgindo, porém as aplicações desenvolvidas ou fazem uso de controladores iguais ou são criados novos controladores especificamente para essa finalidade. Esta pesquisa de mestrado tem como objetivo o desenvolvimento de uma arquitetura, aqui denominada de OrchFlow, capaz de receber solicitações de aplicações, orquestrando as requisições a fim de prover os serviços solicitados numa rede OpenFlow com dois ou mais controladores de implementações diferentes. A arquitetura OrchFlow, desenvolvida para esta pesquisa de mestrado, realiza essa tarefa através da orquestração de múltiplos controladores OpenFlow atuando de forma hierárquica, provendo o acesso à infraestrutura da rede através de três modos distintos: o Proativo, o Reativo e o Híbrido. TCP/IP (Protocolo de rede de computador) Arquitetura de computador Orquestração Múltiplos Controladores Computer architecture TCP/IP (Computer network protocol) SDN - Software-Defined Networking OpenFlow OrchFlow Orquestration Multiple controllers
89	SDNMonitor : um serviço de monitoramento de tráfego em redes definidas por software Silva, Emanuel Ferreira da 30 August 2016 (has links) Fundação de Apoio a Pesquisa e à Inovação Tecnológica do Estado de Sergipe - FAPITEC/SE / With the popularity of the Internet and the emergence of new services, it has become increasingly necessary to make a network planning, in order to ensure that each of the elements that compose it are used e ciently. Moreover, it is necessary to control and monitor the network, making sure that everything is running the way it was planned. In networks using the SDN paradigm, by introducing a network controller, is possible the separation between the data plane (hardware) and control plane (software) existing on the network devices, allowing that new protocols and technologies are implemented and tested on any network device, regardless of its manufacturer. In contrast with it, the following question arises: how to apply tra c monitoring in an SDN network ahead of his centralized control architecture without causing delays or inconsistencies? This work proposed a tra c monitoring service for SDN networks based on the OpenFlow protocol, called SDNMonitor, which aims to provide a view of network data tra c at three levels of granularity, for each port of each switch, for each flow and for each network service. Additionally, it was also proposed a load balancing service based on the use of Round-Robin and Bandwidth-Based algorithms. The experimental evaluation of these services was conducted through controlled experiments, which were generated and monitored some tra c. The results showed that the SDNMonitor service could monitor the network tra c in the three levels of granularity without impacting negatively on its operation, and that the load balancing service has been able to improve network tra c. / Com a popularidade da Internet e a emergência de novos serviços, tornou-se cada vez mais necessário fazer um planejamento da rede, com o objetivo de assegurar que cada um dos elementos que a compõem sejam utilizados de forma eficiente. Além disso, é necessário controlar e monitorar a rede, verificando se tudo está sendo executando da maneira que foi planejada. Em redes que utilizam o paradigma SDN, através da introdução de um controlador de rede, é possível a separação entre o plano de dados (hardware) e o plano de controle (software) existentes nos dispositivos de rede, permitindo que novos protocolos e novas tecnologias sejam implementadas e testadas em qualquer dispositivo de rede, independente do seu fabricante. Em contrapartida, surge o seguinte questionamento: como aplicar monitoramento de tráfego em uma rede SDN diante da sua arquitetura de controle centralizada sem causar atrasos ou inconsistências? Este trabalho propôs um serviço de monitoramento de tráfego em redes SDN baseado no protocolo OpenFlow, chamado SDNMonitor, que tem como principal objetivo prover uma visão do tráfego de dados da rede em três níveis de granularidade, por cada porta de cada switch, por cada fluxo e por cada serviço de rede. Adicionalmente, também foi proposto um serviço de balanceamento de carga, baseado na utilização dos algoritmos Round-Robin e Bandwidth-Based. A avaliação experimental destes serviços foi realizada através de experimentos controlados, onde foram gerados e monitorados alguns tráfegos. Os resultados demonstraram que o serviço SDNMonitor conseguiu monitorar o tráfego da rede nos três níveis de granularidade sem impactar de forma negativa no seu funcionamento, e que o serviço de balanceamento de carga foi capaz de melhorar o tráfego da rede. Computação Redes de computadores Redes de computadores -- Gerência Software Arquitetura de software Sistemas de transmissão de dados Redes definidas por software Monitoramento de tráfego Balanceamento de carga OpenFlow Software-defined networking Traffic monitoring Load balancing
90	Provendo segurança em redes definidas por software através da integração com sistemas de detecção e prevenção de intrusão Fernandes, Henrique Santos 03 July 2017 (has links) Submitted by Patrícia Cerveira (pcerveira1@gmail.com) on 2017-06-07T20:29:49Z No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Approved for entry into archive by Biblioteca da Escola de Engenharia (bee@ndc.uff.br) on 2017-07-03T14:05:51Z (GMT) No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Made available in DSpace on 2017-07-03T14:05:51Z (GMT). No. of bitstreams: 1 Henrique_Fernandes Dissertação.pdf: 2826928 bytes, checksum: f7388a5396e90a8444a4aac05feada53 (MD5) / Os Sistemas de Detecção e Prevenção de Intrusão são fundamentais para a segurança da rede de computadores, inspecionar o tráfego da rede em tempo real em busca de intrusos para garantir uma rede confiável é um dos seus papéis. Porém a falta de integração com os ativos da rede é um dos principais fatores que limitam sua atuação. O conceito de Redes Definidas por Software visa diminuir a falta de integração entre os ativos de rede devido a separação do plano de dados do plano de controle. Diante da limitação da integração entre os ativos de redes e os Sistemas de Detecção e Prevenção de Intrusão, o presente estudo propõe, desenvolve e demonstra o IDSFlow, um modelo de integração de sistemas de detecção de intrusão em redes definidas por software. Para validar o IDSFlow, foram realizados testes utilizando o Openflow, o Mininet, CPqD e o Snort. Os resultados obtidos pelos algorítimos desenvolvidos e apresentados mostram a capacidade de integração proposta, é possível verificar a viabilidade de utilizar as regras já existentes e funcionais para o Snort assim como utilizar o histórico de utilização da rede para aumentar a efetividade da detecção e dos bloqueios de intrusos. / Intrusion Detection and Prevention Systems are fundamental to the network security, to inspect the traffic in real time seeking intruders to ensure a reliable network is one of it’s roles. However the lack of integration between the network equipments, is one of the biggest factors to limit its operations. The concept of Software Defined Networks aims to reduce the lack of integration among network assets due to the separation of the data plan from the control plan. Given the limitation of integration between networks assets and Intrusion Detection and Prevention Systems, the present study proposes, develops and demonstrates IDSFlow, an integration model of intrusion detection systems in softwaredefined networks. To validate IDSFlow, tests were run using Openflow, Mininet, CPqD and Snort. The results obtained by the algorithms developed and presented show the proposed integration capacity, it is possible to verify the feasibility of using the existing and functional rules for Snort as well as to use the network usage history to increase the effectiveness of intrusion detection and block. SDN Openflow Snort IDS Rede de Computadores IPS NIDS Segurança Análise de tráfego Redes definidas por software Rede de computadores Segurança de dados on-line Fluxo contínuo Sistema de telecomunicação Software defined networks Networks Network Security Security

Search results