Publications

Detailed Information

Information Entropy based Network Anomaly Detection in Software-Defined Networking : SDN에서의 정보 엔트로피를 활용한 네트워크 이상 상황 탐지

Cited 0 time in Web of Science Cited 0 time in Scopus
Authors

김나언

Advisor
김종권
Major
공과대학 컴퓨터공학부
Issue Date
2018-02
Publisher
서울대학교 대학원
Keywords
Software Defined NetworkingSDNNetwork Anomaly DetectionNetwork Traffic MonitoringInformation EntropyNetwork Security
Description
학위논문 (석사)-- 서울대학교 대학원 : 공과대학 컴퓨터공학부, 2018. 2. 김종권.
Abstract
Due to the spread of various smart devices and concomitant rise of network traffic rate, the importance of network infrastructure to accommodate them is increasing. As the network environment changes, a flexible and efficient network infrastructure that can easily deal with this has become necessary. So, Software-Defined Networking (SDN) has gained a lot of attention in recent years. SDN separates the physical forwarding function and logical control function of the network, and it centrally controls the network via API. However, the centralized control and programmable characteristics bring a lot of security issues. To mitigate security threats in SDN, many researchers have tried to monitor network traffic. Particularly to monitor SDN network, they collect flow statistics from the OpenFlow switches and detect network anomalies in the controller. But when the network scale becomes large, the flow statistics collecting process burdens the communication between the OpenFlow switches and the controller. In this thesis, we design a flow aggregation module in the OpenFlow switch based on the flow-based nature of SDN. This lightens the controller's overhead caused by the flow statistics collecting process and achieves a distributed flow statistics collection in SDN. In view of computing overhead and scalability, we apply information entropy to monitor and detect network anomalies in the controller. Information entropy is an important concept of information theory, which is a measure of the uncertainty or randomness associated with data. We prove the practicality of proposed network anomaly detection mechanism by using real legitimate and malicious traffic traces. The proposed mechanism achieves a high detection accuracy with a low false positive rate and significantly improves CPU utilization, compared with previous work.
Language
English
URI
https://hdl.handle.net/10371/141555
Files in This Item:
Appears in Collections:

Altmetrics

Item View & Download Count

  • mendeley

Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

Share