Securing SDN Network using Distributed Controller and Real time Machine Learning

Up until now, we have seen how to emulate the SDN controller architecture on software switches on Mininet. Now, we shall look at if we can implement the same architecture on hardware switches namely - Zodiac FX. Zodiac FX switches are one of the most commonly used SDN enabled switches in research test beds. Refer to the Zodiac FX user guide to get an idea how it looks, what ports it can be connected to and how to set it up. To connect the Zodiac FX switch to your computer, follow the below instructions:  Connect the USB cable on one side to Zodiac FX and on the other side to the computer Install Putty on your machine > sudo apt install putty Open a terminal and see on what port your Zodiac FX switch is connected > dmesg | grep tty The above command displays all devices connected to your tty ports. By default the Zodiac FX connects to the ttyACM0 port on a Linux based machine Open putty > sudo putty A window is displayed,  select 'Serial' in connection t...

Today, we shall unfortunately not be learning anything new! The whole day was spent in recording and documenting results and the project procedure. I have uploaded two YouTube videos. In case you have not been following the codes so far, it is a good time to refer to the videos to see the codes that I have written previously actually running on systems and realising the entire network. Here you go: https://www.youtube.com/watch? v=R80nJLUFClQ&feature=youtu.be - Explains a basic single controller architecture on which DoS attacks are performed. https://www.youtube.com/watch? v=ehCqB6FZL2s&feature=youtu.be - Explains the architecture we shall be building as part of the project. Please refer to the previous post for the architectural design for better understanding. The code is also made available in my GitHub page. Here is the link: https://github.com/shravanyag/Distributed-SDN-Controller-Security - All code snippets are put up for your understanding. ...

So far, we've seen how to simulate what I've claimed as a master slave distributed SDN architecture. But today, I learnt something very interesting through an SDN survey paper. What we've been simulating the past week was not only a master slave architecture, but it was also a hierarchical network of distributed SDN controllers. This will become clear to you once you read the gist of the paper that I've written below. Summary of " Distributed SDN controller system: A survey on design choice ": The paper summarizes different techniques used to build distributed SDN controllers. The paper starts by specifying why it is important to shift from a single SDN controller to a distributed controller architecture. The two main reasons for the same remain - scalability and robustness. Different distributed SDN controller architectures have different strengths and weaknesses. The paper summarizes each approach along with its pros and cons. Many researchers r...

Wishing you all a very Happy REPUBLIC DAY!! :) In the spirit of celebration, let's explore and understand some buzz words in the Big Data Industry today. This will be helpful since we will be implementing and using these technologies to build the proposed real time model. What is Kafka? How Where does it fit in the architecture? To answer this question, let's dissect our problem statement into smaller pieces. Since we have to capture network packets continuously, we need a platform that supports streaming this real time data as and when its flowing in the network. We will use Kafka for streaming. "Kafka is massively scalable pub/sub message queue designed as a distributed transaction log"  ~ as quoted by Wikipedia Let's decompose the sentence into units.  Kafka is massively scalable because it runs on a  cluster of one or more servers. The concept of consumer groups which allows for load balancing brings scalability.   Kafka is publishe...

Hi fellow network enthusiasts! Today's blog post is dedicated for building a real time machine learning architecture. Why real time? Well, real time analysis makes the system more robust to attacks, since the analysis incorporates inspecting packets as it flows through the network. What we need is a scalable architecture that can handle large amount of data! We cant afford to let the machine learning model to crash because the ingested volume was too much. So, in the spirit of building a scalable, robust, secure SDN network architecture, I propose the following model To put the picture into words, primarily, collect network traffic at the switches and stream it into Spark Streaming Engine using Kafka as the data ingestion tool. Create RDDs (Resilient Distributed Data-set) and process streaming data into appropriate RDDs. After preprocessing, feed the RDDs into Spark Machine Learning Model (based on best accuracy this model will be finalized, in the future blog posts) / ...

This article was meant to be published on 24/01/2019, but due to forgetfulness on my part, it is getting published a day later xP Continuing the simulation where we left off, we had built a master slave architecture of controllers where all switches were accessed by all controllers. Today, we shall simulate a very similar network to what our problem statement demands: A distributed SDN controller where each switch is only connected to two controllers - one master controller and one equal controller. The code pretty much remains very similar. Instead of running the code on one controller, today we shall make copies of the same code and run it on different controllers. Only the master controller will remain common wrt all switches. If we assume 'c1' from the previous codes as master controller, we have to run the code with 2 cotrollers on c2, c3 and c4 machines to achieve the above architecture. In case you want to refer to the codes again, I have compiled it into a GitH...

Hey guys, as promised yesterday, let's review a recent work on DDoS attack detection method using Support Vector Machines (SVM) today. This paper beautifully describes how SDN flows can be used to build a feature set to train SVM model to detect a DDoS attack. Kudos to the authors! Jin Ye, Xiangyang Cheng, Jian Zhu, Luting Feng, and Ling Song, “A DDoS Attack Detection Method Based on SVM in Software Defined Network,”  Security and Communication Networks , vol. 2018, Article ID 9804061, 8 pages, 2018.  https://doi.org/10.1155/2018/9804061 Let's start by understanding the contents of a flow. The diagram below is a good flow structure representation. Next, a  six-tuple characteristic values matrix containing the following features is built. In all the features T is the sample interval. The speed of source IP (SSIP) is the number of source IP addresses per unit of time: If SSIP is large, more likely it is an attack. The speed of source port (SSP) is the numb...