| Tên máy | Interface | Địa chỉ IP |
|---|---|---|
| Switch VM | VMNet 2, VMNet 1 | VMNet 2: 192.168.111.10/24 VMNet 1: 192.168.184.10/24 |
| Management VM | VMNet 2 | VMNet 2: 192.168.111.11/24 |
| Controller VM | VMNet 2 | VMNet 2: 192.168.111.12/24 |
| Victim VM | VMNet 2 | VMNet 2: 192.168.111.13/24 |
| Attacker | VMNet 1 | 192.168.184.11 |
sequenceDiagram
participant A as Attacker (hping3)
participant S as OVS Switch
participant C as Ryu Controller
participant I as Suricata IDS
participant V as Victim
Note over A: Bắt đầu tấn công SYN Flood
loop Hàng ngàn packets/giây
A->>S: Gửi TCP SYN (Src IP ngẫu nhiên)
par Xử lý SDN
S->>C: Packet-In (Gói tin mới)
C->>S: Packet-Out + FlowMod (Cài luật)
Note right of C: CPU Controller tăng vọt (Quá tải)
and Xử lý IDS
S->>I: Mirror/Copy Traffic
I->>I: Khớp luật (Signature Match)
I-->>Log: Ghi log "Possible DDoS attack"
end
S->>V: Chuyển tiếp gói tin (Nếu không bị drop)
end
-
Created a SDN Architecture with OVSSwitch and Ryu Controller:
-
Monitoring System with Prometheus, Grafana, Loki:
-
Successfully detected DDoS attack with Suricata
Setup and Deployment Guide: SETUP
-
Open vSwitch (OVS) – Virtual switch for Software-Defined Networking
https://docs.openvswitch.org/ -
Ryu SDN Controller – Python-based SDN controller framework
https://ryu.readthedocs.io/ -
Suricata IDS/IPS – Network intrusion detection and prevention system
https://docs.suricata.io/ -
Prometheus – Monitoring and metrics collection system
https://prometheus.io/docs/ -
Grafana – Visualization and monitoring dashboards
https://grafana.com/docs/ -
Grafana Loki – Log aggregation system for cloud-native environments
https://grafana.com/docs/loki/ -
hping3 – Network tool used for generating TCP SYN flood traffic
https://github.com/antirez/hping