The number of internet of things (IoT) devices is increasing at a steady rate, with billions of IoT-connected devices emerging on a yearly basis. Hence, keeping the IoT environment secure is a task of the greatest importance. One of the prevalent threats in the IoT environment is the denial-of-service attack (DoS attack), which depletes the resources of its target, thus rendering it unusable.
The main aim of this study was to address the above-mentioned issue by using software-defined networking (SDN), a networking innovation that separates the data and control planes. This separation allows the creation of a centralised network-provisioning system, which in turn allows a greater degree of flexibility, programmability, and management.
This project proposes a testbed based on the GNS3 network emulator, whereby the testbed would emulate DoS attacks to be subsequently detected and mitigated using algorithms developed for the purpose. The detection algorithm is based on entropy, which is a measurement of uncertainty. An entropy-based detection algorithm was chosen, as such an algorithm does not incur significant overheads while still being one of most efficient methods to detect abnormal traffic patterns. In this work the entropy was calculated according to the variability of the destination IP address. The standard deviation was calculated on the basis of the entropy measurements carried out and, once an attack was detected, the malign traffic was mitigated by dynamically installing a flow to drop the traffic.
The proposed testbed consisted of the following: an RYU SDN controller which was installed on an Ubuntu machine; an OpenFlow-enabled switch; IoT devices simulated by using a Raspberry Pi virtual machine; and a Kali Linux appliance used to create malicious traffic. The simulation conducted on the testbed covered four separate test scenarios, with the last three scenarios aiming to overcome limitations present in the first scenario.
Course: B.Sc. (Hons.) Computer Engineering
Supervisor: Prof. Ing. Saviour Zammit