A Typical Prototype For SDN Traceback Based On Packet Marking And Logging

Software-defined networking(SDN)is an emerging architecture that subverts traditional network,which redefines the mode of controlling the data stream.The separation of the control plane from the data plane of a switch breaks through the architecture limitation of traditional network under the impact of big data.But the imbalance of workload between data plane and control plane incurs considerable security flaws as SDN develops.Existing security technologies(e.g.,IPS and IDS)are not always effective.Attackers can forge malicious packets and exploit OpenFlow protocol leaks to hijack the controller and to control the whole network.Therefore,how to develop a security mechanism to determine the root of an anomaly and identify the responsible entities is an urgent but challenging task to enhance SDN security.After analyzing SDN architecture and packet marking technology,this thesis designs a typical prototype for SDN traceback based on packet marking and logging from the perspectives of integrating with various security mechanisms.The main work is as follows:(1)Aiming to resolve the security deficiencies of SDN,this thesis proposes a comprehensive and modular framework for SDN traceback combing with SDN characteristics,which contains three components: traffic detecting component,traceback component and decision component.(2)After analyzing the workflow of OpenvSwitch,this thesis proposes a method to implement the traceback component by adding marking functions to OVS source code and designing a path reconstruction algorithm depending on data plane(Mark-OVS).(3)After analyzing two-layer switch application and the programming model of Ryu,this thesis proposes a method to implement the traceback component by developing a marking application with Ryu and designing a path reconstruction algorithm depending on control plane(Mark-Ryu).(4)This thesis makes a comparison of realization between two traceback components on architecture design and experimental performance,and illustrates two use cases of traceback component in debugger and network behavior analysis.