Publications
Detailed Information
Information Entropy based Network Anomaly Detection in Software-Defined Networking : SDN에서의 정보 엔트로피를 활용한 네트워크 이상 상황 탐지
Cited 0 time in
Web of Science
Cited 0 time in Scopus
- Authors
- Advisor
- 김종권
- Major
- 공과대학 컴퓨터공학부
- Issue Date
- 2018-02
- Publisher
- 서울대학교 대학원
- Keywords
- Software Defined Networking ; SDN ; Network Anomaly Detection ; Network Traffic Monitoring ; Information Entropy ; Network Security
- Description
- 학위논문 (석사)-- 서울대학교 대학원 : 공과대학 컴퓨터공학부, 2018. 2. 김종권.
- Abstract
- Due to the spread of various smart devices and concomitant rise of network traffic rate, the importance of network infrastructure to accommodate them is increasing. As the network environment changes, a flexible and efficient network infrastructure that can easily deal with this has become necessary. So, Software-Defined Networking (SDN) has gained a lot of attention in recent years. SDN separates the physical forwarding function and logical control function of the network, and it centrally controls the network via API. However, the centralized control and programmable characteristics bring a lot of security issues. To mitigate security threats in SDN, many researchers have tried to monitor network traffic. Particularly to monitor SDN network, they collect flow statistics from the OpenFlow switches and detect network anomalies in the controller. But when the network scale becomes large, the flow statistics collecting process burdens the communication between the OpenFlow switches and the controller. In this thesis, we design a flow aggregation module in the OpenFlow switch based on the flow-based nature of SDN. This lightens the controller's overhead caused by the flow statistics collecting process and achieves a distributed flow statistics collection in SDN. In view of computing overhead and scalability, we apply information entropy to monitor and detect network anomalies in the controller. Information entropy is an important concept of information theory, which is a measure of the uncertainty or randomness associated with data. We prove the practicality of proposed network anomaly detection mechanism by using real legitimate and malicious traffic traces. The proposed mechanism achieves a high detection accuracy with a low false positive rate and significantly improves CPU utilization, compared with previous work.
- Language
- English
- Files in This Item:
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.