Browsing by Subject "SDN"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item An Engineer's Journey into Network Function Virtualization & 5G Research(2021-05) Quant, JacobSoftwarization (using software to provide functionality previously performed by hardware) has been driving developments in the computer networking field for more than a decade. Two examples of this are SDN (software-defined networking) and NFV (network function virtualization). Both of these play important roles in ushering in new technologies such as 5G (5th generation standards for high-speed cellular networks).Ever-increasing NIC (network interface card) data transfer rates necessitate improvements in NFV system design in order to avoid degrading throughput. This thesis introduces NFlambda and summarizes my contributions to it as well as the 5G-Tracker project. NFlambda is an NFV framework designed to facilitate efficient scaling of virtual network functions (VNFs) so that they can operate at line rates in excess of 100Gbps using commodity hardware. To achieve this in practice (i.e. without artificiallycontriving the traffic profile or using unrealistically simple VNFs) it becomes essential to avoid the timing penalties imposed by having to access the last level cache (LLC) or main memory. NFlambda achieves this primarily by decomposing VNFs into finer-grained components, which can be scaled independently and, in many cases, avoid having to share their state among multiple instances (running on separate CPU cores). Several key contributions that I made to this work are: adding support for YAML-based configuration, developing a proof-of-concept protocol for integrating an external controller, automating experiment design & execution, and assisting with the implementation of an IPsec VNF. 5G-Tracker is a crowd-sourced system for collecting and analyzing data related to commercial 5G network deployments. It can be used to build coverage maps, identify contextual factors affecting performance, and more. My work on this project focused on the development and documentation of the API used by the mobile application to communicate with back-end servers and the design of a web interface to support collaboration among researchers using the platform.Item Securing and Protecting Enterprise Networks via Data-driven Analytics and Application-aware SDN(2016-09) Mekky, HeshamThe popularity of online services, such as social networks and online banking, has made them a popular platform for attackers. Cybercriminals leverage them to spread malicious software (malware) and steal personal information. In a cybercriminal operation, miscreants infect their victims'’ machines with malware that performs malicious activities. This occurs due to poor security measures implemented by enterprise networks, and the complexity of network management tools. By studying existing malware distribution networks and enterprise networks management tools, we aim to understand the techniques used to infect victims such as drive-by downloads, study malware families and design better detection methodologies, and seek solutions towards an improved network management framework. Towards these goals, this thesis studies three orthogonal problems aiming at addressing security and management problems in modern networks. First, we study malware infections due to drive-by downloads using a large ISP dataset. We show that attackers employ redirections which automatically redirect users' requests through a series of intermediate websites, before landing on the final distribution site. To detect these malicious redirections, we developed a machine learning framework that relies on a distinctive set of features to label the malicious redirections and block them. Second, we study malware network traces for infected hosts in an enterprise network using real malware traces, and we show that malware traffic comes mixed up with legitimate user traffic such as browsing traffic. To improve malware detection, we developed a novel system that decomposes the traffic into separate components, and applies the detection system to the suspected malware component only, and consequently improve detection rates. Third, we postulate native network functions within the Software-defined Network (SDN) data plane, where the same logical controller controls both network services and routing. This is enabled by extending Software-defined Networking to support stateful flow handling based on higher layers in the packet beyond layers 2-4. As a result, network functions (a.k.a middleboxes) can be chained on demand, directly on the data plane. We present an implementation of this architecture based on Open vSwitch, and show that it enables popular network functions effectively and addresses the management problems in enterprise networks. In summary, this thesis addresses these three closely related problems by: (1) protecting enterprise networks from drive-by downloads launched using redirections via a data-driven approach; (2) detecting existing malware activity on the network by decomposing the end-host traffic into a benign component and a suspected malware component, then classifying the malware into its malware family; and (3) building a flexible network architecture that enables managing network functions (e.g. such as systems in (1) and (2) and others like firewalls and load balancers) within the data plane along with the routing using a unified control plane.