ΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ - Ε.Μ.Π. NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA School of Electrical & Computer Engineering

Transcription

1 ΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ - Ε.Μ.Π. NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA School of Electrical & Computer Engineering Recent NETMODE Activities on Internet Research & Experimentation: Tetsbeds, Federated e-infrastructures, Network Security & SDN/NFV Vasilis Maglaris maglaris@netmode.ntua.gr Director, Network Management & Optimal Design (NETMODE) Lab September 2017

2 Lab Facilities Overview OpenFlow-enabled Devices NEC IP8800 Juniper MX80-48T HP x Open vswitch on Xeon Processor GHz, 8GB RAM, 8xGbE ports 6 x ESXi Hypervisors (v4.1 & 5.0), hosting ~50VMs Wireless Fed4FIRE & OpenFlow Testbeds Hosting FEDERICA & PlanetLab Facilities

3 Wireless Testbed Part of EU Fed4FIRE Distributed Testbed

4 SDN Testbed OpenFlow Switches & Controllers

5 Federated e-infrastructures NOVI Concept of Data, Control & Management Plane Stitching (Networking innovations Over Virtualized Infrastructures)

6 Policy Based Resource Management NFV Model of Policy Orchestration NFV Approach of Policy Based Architecture Graphical Overview of Policy Ontology

7 Anomaly Detection & Mitigation (I) Extending Remotely Triggered Black Hole (RTBH) Adding OF Functionality to Legacy LANs DDoS Attack Mitigation

8 Anomaly Detection & Mitigation (II) Classification of Malicious Source IP Prefixes Based on CAIDA Anonymized Data (DDoS Attack, August 2007) & Recent NTUA LAN Data

9 Anomaly Detection & Mitigation (III) A Cooperative Schema for Multi-domain SDN Environments

10 Anomaly Detection & Mitigation (IV) Collaborative Schema for Exchanging Attack Data Trusted Third Party NTUA NOC REMOTE Monitoring Repository (Trusted Third Party) Network, System Event Shipping Node 1 Publish Monitoring Events to Collaborators CN CSlab NETMODE Node 2 Node 3 Shipping IDS Events Data Plane Connections LOCAL Monitoring Repository (NETMODE) IDS Mirrored Traffic

11 Network Traffic Monitoring Advanced Statistical Methods /Data Fusion for Anomaly Detection Bayesian Inference of Hypothesis based on posterior probabilities Anomaly Detection & Mitigation (V) Applying Emerging Tools for Network Security Hypothesis Belief Functions based on membership functions (Dempster - Shafer s Theory of Evidence, 1976) Machine Learning Techniques for Anomaly Detection & Mitigation (Neural Networks, Deep Learning, Bloom Filters) Attack Classification Filtering DNS DDoS Attacks Packet Capturing SNMP MIB Counters NetFlow

12 Multi-Tenant Monitoring as VNF (I) A Monitoring Architecture for Research in Internet Experimentation (MARIE)

13 Multi-Tenant Monitoring as VNF (II) Monitoring in SDN Multi-tenant Environments

14 Multi-Tenant Monitoring as VNF (III) Scalable Monitoring-as-a-Service (MaaS) Monitoring-as-a- Service Logstash Cluster Administrator Data Views Lightweight Shipper Logstash Kibana Broker Personalized Data Views Lightweight Shipper Logstash Store/Search Kibana Broker Lightweight Shipper Logstash Store/Search

15 Multi-Tenant Monitoring as VNF (IV) Application in a Federated Environment: GÉANT Testbed Service - GTS (GÉANT NRENs Campuses)

16 Scalable Network Monitoring Data Mining via the OmniDisco Collector

17 MBB Carrier Selection & Offloading by Mobile Nodes Monitoring & Analysis for Radio Interface selection for Y2020 Networks (MARILYN) OpenFlow Control Functionality Open vswitch (OVS) Client S/W: Mounted on Android Mobile Node (SDN-enabled Multi-SIM Mobile Devices) OpenFlow Controller and Selection Policy Engine: Mounted on Android Mobile Node and/or within a Core Cloud Infrastructure Trade-off Criteria: Power Consumption, Quality of Experience, Seamless Reliable Operation, H/W S/W Cost & Subscription/Usage Fees, Penetration of Multi-SIM Mobile Devices

18 Selected Publications 1. V. Maglaris, C. Papagianni, G. Androulidakis, M. Grammatikou, P. Grosso, J. van der Ham, C. de Laat, B. Pietrzak, B. Belter, J. Steger, S. Laki, M. Campanella and S. Sallent, "Toward a Holistic Federated Future Internet Experimentation Environment: The Experience of NOVI Research and Experimentation", IEEE Communications Magazine, Vol. 53, No. 7, pp , July 2015 (Overview of the NOVI FIRE FP7 project) 2. A. Douitsis and V. Maglaris, "Towards A Scalable management Collector", in Proc. of GIIS'16, Porto, Portugal, October 2016 (Network Monitoring Architecture featuring SNMP and ElasticSearch) 3. Y. Kryftis, M. Grammatikou, D. Kalogeras and V. Maglaris, "Policy-Based Management for Federation of Virtualized Infrastructures", Journal of Network & Systems Management, Springer, June 2016 (Policy-based Network Management, Virtualized Infrastructures, Federated SLA) 4. K. Giotis, M. Apostolaki and V. Maglaris, "A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN Domains", in Proc. of IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, April 2016 (Cooperative schemes to mitigate DDoS attacks) 5. K. Giotis, G. Androulidakis and V. Maglaris, "A Scalable Anomaly Detection and Mitigation Architecture for Legacy Networks via an OpenFlow Middlebox", Security and Communication Networks, Wiley, October 2015 (Anomaly Detection & Mitigation Architecture for DDoS attacks using an approach on Legacy Networks) 6. K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras and V. Maglaris, "Combining OpenFlow and sflow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments", Computer Networks, Vol. 62, No. 7, pp , April 2014 (Scalable Anomaly Detection using Entropy Algorithms and sflow sampling) 7. C. Argyropoulos, S. Mastorakis, K. Giotis, G. Androulidakis, D. Kalogeras and V. Maglaris, "Control-Plane Slicing Methods in Multi-Tenant Software Defined Networks", in Proc. IFIP/IEEE Integrated Network Management Symposium (IM 2015), Ottawa, Canada, May 2015 (Assessing Virtual Network Slicing in terms of Resource Consumption) 8. C. Siaterlis and V. Maglaris, "Detecting incoming and Outgoing DDoS Attacks at the Edge Using a Single Set of Network Characteristics, in Proc. IEEE 10th Symposium on Computer and Communications (ISCC), Cartagena, Spain, June 2005 (Theoretical Statistical Analysis of Attack Patterns as experienced within the NTUA campus LAN) 9. C. Siaterlis and B. Maglaris, "Towards Multisensor Data Fusion for DoS detection", in Proc. ACM Symposium on Applied Computing, 2004 (Data-fusion algorithms combining Attack Metrics for DDoS Anomaly Detection)