Comparative Study of Floodlight ACL and Firewall on SDN Architecture Security for DDoS Attack Mitigation

ANDRY PUTRA FAJAR

Informasi Dasar

18.05.080
C
Karya Ilmiah - Thesis (S2) - Reference

Abstract

The topic of the thesis is about comparison study of Floodlight Static Flow Pusher and Firewall on Software Defined Networking (SDN) which used as flow management tools for handle Distributed Denial of Services (DDoS) Attack. This attack typically sends a huge number of packets to the victim that drives the SDN Controller to stall state and make the entire connected network become inaccessible.

There are many detection methods for DDoS attack offered by researchers, but they commonly use same mitigation method, which is filter type mitigation using flow management tools that divided into two modules, Access Control List (ACL) module with proactive way and Firewall module which is pushing rules on the reactive way. The best detection method becomes dull when combined with poor mitigation method, so this thesis will try to study the difference of ACL and Firewall in terms of performance for handle DDoS attack and ensure the availability of SDN network that depends on the controller state.

The research scheme uses Floodlight as SDN Controller, Mininet for network model simulator, and all flow streams are monitored by custom sFlow-RT. The performance of ACL and Firewall determines by their DDoS attack block capability on various attack rate. This performance consists of three metrics, reaction time, downtime, and recovery time.

As the result, Firewall has better performance than ACL, even on maximum attack rate. ACL performance will be comparable with Firewall on lower packet rate (lower than 600pps) so, Firewall mitigation scheme is more suitable for handle burst packet from DDoS attack than ACL.

#

Subjek

NETWORK SECURITY
 

Katalog

Comparative Study of Floodlight ACL and Firewall on SDN Architecture Security for DDoS Attack Mitigation
 
 
 

Sirkulasi

Rp. 0
Rp. 0
Tidak

Pengarang

ANDRY PUTRA FAJAR
Perorangan
Tito Waluyo Purboyo, Ida Wahidah
 

Penerbit

Universitas Telkom
 
2018

Koleksi

Kompetensi

  • TTG5H3 - JARINGAN DATA DAN PROTOKOL
  • TTH6M3 - KEAMANAN JARINGAN
  • TTH6N3 - SOFTWARE DEFINED NETWORKS
  • TTI6I3 - JARINGAN DATA DAN PROTOKOL

Download / Flippingbook

 

Ulasan

Belum ada ulasan yang diberikan
anda harus sign-in untuk memberikan ulasan ke katalog ini