Machine learning methods can be used to solve the problems of detecting and countering attacks on software-defined networks. For such methods, it is necessary to prepare a large amount of initial data for training. Mininet is used as a modeling environment for SDN. The main tasks of modeling a software-defined network are studying traffic within the network, as well as practicing various scenarios of attacks on network elements. The SDN controller ONOS (Open Network Operating System) is used as the network controller. Various network topologies are considered in the modeling. The possibility of analyzing information about traffic within the network using an SDN controller in real time is investigated, as well as the possibility of collecting information in the form of a set of features. Modeling of software-defined networks under different initial conditions and for different attack scenarios can be carried out on a distributed computing system. Since the computational problem to be solved can be divided according to the data into many autonomous tasks, it is possible to use desktop grid system and voluntary distributed computing to speed up the process.
Software-Defined Network (SDN) [
This work is devoted to the issue of modeling SDN in order to obtain data for the further operation with machine learning algorithms. The main task of the study is to select tools and develop a complete data collection process. The work considers the following aspects of SDN modeling: ● Software-defined network emulator. ● SDN controller. ● Development of network topologies. ● Network traffic generation. ● Traffic data collection and features extraction.
The study attempts to solve two tasks. The first is collecting traffic flows data within a software-defined network using a SDN-controller. The second task is extraction of traffic features which can be used for machine learning algorithms in intrusion detection systems.
Among the existing network emulators, the following can be distinguished:
● Mininet [
SDN environments. ● OpenNet [5] – the SDN emulator that is based on the two previous tools (Mininet and ns-3). ● Containernet [6] – fork of Mininet for working with application containers. Docker containers act as hosts of emulated networks. ● Tinynet [7] – A lightweight library that helps you quickly prototype SDN networks. But this tool is not suitable for emulating large-scale networks due to limited functionality. ● MaxiNet [8] – tool that allows you to use Mininet on multiple physical machines and work with large-scale SDN networks. Each of the machines runs Mininet and emulates its part of the general network. Switches and hosts communicate with each other using GRE tunnels. To manage the components of such a network, MaxiNet provides an API.
Since for this task we do not need too overloaded functionality, and we also need the ability to work with custom topologies, it was decided to use Mininet. The computer network in Mininet is deployed within one virtual machine. A computer network means simple systems that consist of hosts, switches and OpenFlow-controllers.
The study examines various network topologies. Some topologies have loops. One of the main
criteria for choosing a controller is its ability to manage a network with loops in a topology. During
the study, two controllers were selected: ONOS [9] and Open Daylight [
Thus, the ONOS controller turned out to be the most suitable option for our task. The ability to graphically display statistics in the web interface and support for loops in the topology make this controller a more versatile solution. 2.3 Network topologies ● ● ● ● ● ●
Release: 2.4.0 Uguisu (2020) Topology Loop Support Availability of a web interface Ability to view data flow and connection load in real time Traffic analysis services Services for viewing statistics
Several topologies have been tested with the following common parameters: ● ● ● ● ● ●
Number of traffic flows: 200 000 Number of switches: 40 Number of links: 100 And the following various parameters: Links between switches Switches throughput
Start time, end time and direction of each flow
Mininet offers convenient functionality for simulating host activity. It is possible to execute console commands (ping, wget, curl etc.) by any host using a global terminal, as well as from a personal terminal of the host. Since the ability to use a global terminal is implemented, you can run custom scripts. All hosts also have shared access to files, which is very convenient for running scripts.
In order not to restrict traffic generation to simple commands, you can use traffic generation
utilities. One of the most suitable utilities for generating dissimilar network traffic is D-ITG [
Single-flow, Multi-flow, Daemon modes Detailed setting (generation time, delay, size / number of packets) Different types of protocols (UDP, TCP, ICMP, SCTP, DCCP) Traffic emulation ○ Telnet - Telnet traffic emulator ○ DNS - DNS traffic emulator ○ Quake3 – Quake 3 traffic emulator ○ Csa – Counter strike traffic emulator of active player ○ Csi – Counter strike traffic emulator of inactive player ○ VoIP – Voice-over-IP traffic emulator
Using this functionality, you can implement the generation of different traffic for each host.
To solve the task of capturing traffic, one of the most popular utilities was used – Wireshark
[
Thus, the controller receives only information about the network using the OpenFlow protocol. Host-to-host packet transfer information remains inside the Mininet virtual machine. In this case, the OpenFlow 1.3 protocol was used to transfer information. Table 2 shows a list of features that can be captured. They contain key information about traffic flows for further analysis. Wireshark documentation contains a complete list of the parameters available for capturing [13]. 3. Conclusion flow_removed.hard_timeout flow_removed.table_id match.length oxm.hm type match.pad oxm.length version oxm.class match.type oxm.value_etheraddr Xid oxm.value_ethertype
As a result of this work, we have formed an approach to modeling software-defined networks to solve the problem of collecting data on traffic flows within the network. In the course of the research, the most convenient and compatible tools were identified. The presented set of tools is suitable for modeling within a single physical machine, as well as on desktop grid systems to create larger scale network models. However, for modeling large networks, it is worth using modeling tools with broader functionality (e. g., MaxiNet). Future work in this direction will be related to the development of a large-scale software-defined network and generating network traffic.
The reported study was funded by RFBR according to the research project No. 18-29-03264. –