Forensic Analysis and Proposed Architecture for SDN Data Centers

Verified

Added on 2019/09/27

AI Summary

This project delves into the methodology and architecture of a Software-Defined Networking (SDN) data center system, focusing on forensic analysis techniques. The proposed architecture employs a three-level controller structure (source, head, and domain controllers) and a novel protocol for packet exchange, incorporating data, signature, time, and miscellaneous sections. The forensic algorithm emphasizes centralized decision-making, preservation of source IP addresses and data, and the integration of detection functions within the head controller, utilizing both embedded algorithms and external detection nodes. The project evaluates the system using the Mininet environment, simulating various attack scenarios (DDoS and IDS) and assessing parameters such as evidence preservation, accuracy, speed, and resource utilization. The protocol structure includes JSON-formatted data sections for attack packets and a signature section for authentication. The study also explores the impact of different detection implementation methods on performance and proposes measures to optimize processing time and accuracy trade-offs. The simulation results provide insights into the system's behavior under different network conditions and attack types.

Chapter Three: Methodology

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

3.1Introduction
In this chapter, the proposed protocol and architecture of the
SDN data center system, and the forensic details will be explained. The
forensic algorithm builds in main concepts as following:
- SDN architecture
- Centralized architecture
- Preserved the packet source IP address and Data section
- Decision making by centralized
- Detection functions implemented through two ways: first
detection node connected to the head controller, second utilization the
SDN programmability of head controller and embedded the detection
algorithm within.
- Backward flow once the attacks detected
The detection will be examined once the controller is not domain
controller.
However, the chapter further evaluated the proposed system
adopting Mininet environment to stimulate the datacenter protocol
structure and various parameters will be determined such as
preservation of evidence, action, absolute speed, accuracy, delay,
throughput, CPU utilization for the controllers.
3.2Proposed Architecture of the SDN network
The proposed architecture of the data center will be
accommodate the SDN architecture, where the controller of the system
will be divided in two three level called respectively the source
controller, head controller and domain controller.

The source controller is the controller which the message or
information induced from.
The Head controller has the same concept of centralized
controller, or in other words; it is the controller which only response is
to forward the packets of data to the next controller. The controller will
be head controller if it is not a source and not the destination.
The destination controller, which is the last controller in the
scheme and the target of packet to reside in.
These controllers exchange packet in term of proposed protocol,
where the extra or addition node embedded informed the head
controller of attacks through deploying various detection system or
algorithm such as the proposed Niyaz et al. study [28] which detects
the DDos attacks that consider the common attacks that datacentre
exposure. Additional algorithm will be used the Tang et al. [29], which
detect the IDS attacks. The main idea of the detection algorithm
implementation in the architecture gained based the programmability
feature of the SDN controllers or Node, which the detection node can
be added as extra node in the architecture or as embedded in the
controller functions. In the last case, many parameters have to be
concerned as CPU utilization, storage, processing time, and
throughputs.
The main parameter must be guarantee in both detection
implementation cases; the processing time must be less than the time of
data center's switches forwarding packets, where decision must be
taken before the packets reach the destination SDN network. The
processing time can be adjust based the detection algorithm chosen.
Further, the trade off between detection accuracy and time processing
must be achieved.

3.3Proposed Protocol structure
The proposed protocol exchanges between controllers, and
contains three sections the data sections, Signature section, time section,
and miscellaneous section.
Data Section: is the section, which contains the decision taken by
head controllers regards the packet if it is attacks packets. The data
contains the IP of the attacks packet and detection either by block it or
mitigate its packets. This decision is sent to the Source controller. The
data contained will be represented by JSON format; which used due to
its self-descriptive characteristic.
Signature Section: is the section, which contains the private key.
Private key is the authentication and the signature among controller. The
private key and the corresponding public key generation is conformed
the Hadoop Identity Authentication which introduced in [35].
The time stamp in the [35] is saved in the time section, thus the
time section can be grouped with signature section.
In meanwhile, the routing of the packet in the SDN network of the
controller paused the routing; and the packet saved in network until
acknowledge of source received to back forwarded the packet to source
controller network for preserving it as evidence. That mean the
evidences saved in the source controllers. Further, the head controller
only preserve the block IP lists.
miscellaneous section is the section that contains the other normal
or ordinary parts of the packet of the controller.
3.4Evolution

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The Mininet is the tool used for evolution purposes of the
proposed protocol and SDN architecture. However, the Mininet [36]
enables the user to build a realistic virtual network, and adopt real
kernel, switch and application code with an easy and simple commands.
Its is facilitate the interaction with created network using the command
line in software CLI, and adjust the components using the API
parameters.
The stimulate network in Mininet corresponding to real state
conditions, where all instance of the mininet connected via GRE
tunneling.
In the simulation of the proposed real conditions were examined.
The test will consider the both cases: case of normal clean packet, the
DDOs attack packets, and IDS attack packets generated from the source
controller network.
Also both detection implementation cases will be examined.
Various parameters will be determined such as preservation of evidence,
action, absolute speed, accuracy, processing delay, throughput, Latency,
CPU utilization and Memory utilization for the each controller.
Also the research will discuss the payload (protocol structure)
effects.
3.5References

[35] R. Tabassum and N. Tyagi, "Hadoop Identity Authentication
using Public Private Key Concept", International Journal of
Engineering Trends and Technology, vol. 45, no. 9, pp. 436-442,
2017.
[36]M. Team, "Mininet: An Instant Virtual Network on your
Laptop (or other PC) - Mininet", Mininet.org, 2018. [Online].
Available: http://mininet.org/. [Accessed: 25- Jul- 2018].

1 out of 6

Forensic Analysis and Proposed Architecture for SDN Data Centers

Paraphrase This Document

Paraphrase This Document

Related Documents

Deep Learning for Forensic-Based SDN in Data Centers

Analysis of Security and Risk Management Report: Commonwealth Bank

+13062052269

info@desklib.com

Forensic Analysis and Proposed Architecture for SDN Data Centers

Paraphrase This Document

⊘ This is a preview!⊘

Paraphrase This Document

⊘ This is a preview!⊘

Related Documents

Deep Learning for Forensic-Based SDN in Data Centers

Analysis of Security and Risk Management Report: Commonwealth Bank

+13062052269

info@desklib.com