Network Management & Optimal Design (NETMODE) Laboratory http://www.netmode.ntua.gr

Director: Prof. Vasilis Maglaris maglaris@netmode.ntua.gr

Recent NETMODE Activities on Internet Research & Experimentation: Tetsbeds, Federated e-Infrastructures,

Network Security & SDN/NFV

May 2017

ΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ - Ε.Μ.Π. NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA

School of Electrical & Computer Engineering Division of Communications, Electronics & Information Engineering

Lab Facilities Overview

• OpenFlow-enabled Devices – NEC IP8800

– Juniper MX80-48T

– HP 2920

– 2 x Open vSwitch on Xeon Processor 5160 – 3GHz, 8GB RAM, 8xGbE ports

• 6 x ESXi Hypervisors (v4.1 & 5.0), hosting ~50VMs

• Wireless – Fed4FIRE & OpenFlow Testbeds

• Hosting FEDERICA & PlanetLab Facilities

Wireless Testbed Part of EU Fed4FIRE Distributed Testbed

SDN Testbed OpenFlow Switches & Controllers

Federated e-Infrastructures NOVI Concept of Data, Control & Management Plane Stitching

(Networking innovations Over Virtualized Infrastructures)

Policy Based Resource Management NFV Model of Policy Orchestration

Graphical Overview of Policy Ontology

NFV Approach of Policy Based Architecture

Anomaly Detection & Mitigation (I) Extending Remotely Triggered Black Hole (RTBH)

Adding OF Functionality to Legacy LANs

DDoS Attack Mitigation

Anomaly Detection & Mitigation (II) Classification of Malicious Source IP Prefixes

Based on CAIDA Anonymized Data (DDoS Attack, August 2007) & Recent NTUA LAN Data

Anomaly Detection & Mitigation (III) A Cooperative Schema for Multi-domain SDN Environments

Anomaly Detection & Mitigation (IV) Collaborative Schema for Exchanging Attack Data

CN CSlab NETMODE

Trusted Third PartyNTUA NOC

Network, System Event Shipping

Publish Monitoring Eventsto Collaborators

IDS

Node 2

Node 3

Node 1

LOCAL Monitoring Repository

(NETMODE)

REMOTE Monitoring Repository(Trusted Third Party)

Data Plane Connections

Shipping IDS Events

Mirrored Traffic

Anomaly Detection & Mitigation (V) Applying Emerging Tools for Network Security

• Network Traffic Monitoring

• Advanced Statistical Methods for Anomaly Detection (Baysian, Theory of Evidence…)

• Machine Learning Techniques for Anomaly Detection & Mitigation (Neural Networks, Deep Learning, Bloom Filters)

– Attack Classification

– Filtering DNS DDoS Attacks

Packet Capturing

NetFlow

SNMP MIB Counters

Multi-Tenant Monitoring as VNF (I) A Monitoring Architecture for Research in Internet

Experimentation (MARIE)

Multi-Tenant Monitoring as VNF (II) Monitoring in SDN Multi-tenant Environments

Multi-Tenant Monitoring as VNF (III) Scalable Monitoring-as-a-Service (MaaS)

Kibana

Logstash

Logstash

Logstash

Broker

Broker

Lightweight Shipper

Lightweight Shipper

Lightweight Shipper

Store/Search

Logstash ClusterAdministrator

Data Views

Kibana

Store/Search

PersonalizedData Views

Monitoring-as-a- Service

Multi-Tenant Monitoring as VNF (IV) Application in a Federated Environment:

GÉANT Testbed Service - GTS (GÉANT – NRENs – Campuses)

Scalable Network Monitoring Data Mining via the OmniDisco Collector

MBB Carrier Selection & Offloading by Mobile Nodes Monitoring & Analysis for

Radio Interface seLection for Y2020 Networks (MARILYN)

OpenFlow Control Functionality

Open vSwitch (OVS) Client S/W:

Mounted on Android Mobile Node

(SDN-enabled Multi-SIM Mobile

Devices)

OpenFlow Controller and Selection

Policy Engine:

Mounted on Android Mobile Node

and/or within a Core Cloud

Infrastructure

Trade-off Criteria:

Power Consumption, Quality of

Experience, Seamless Reliable

Operation, H/W – S/W Cost &

Subscription/Usage Fees,

Penetration of Multi-SIM Mobile

Devices…

1. V. Maglaris, C. Papagianni, G. Androulidakis, M. Grammatikou, P. Grosso, J. van der Ham, C. de Laat, B. Pietrzak, B. Belter, J. Steger, S. Laki, M. Campanella and S. Sallent, "Toward a Holistic Federated Future Internet Experimentation Environment: The Experience of NOVI Research and Experimentation", IEEE Communications Magazine, Vol. 53, No. 7, pp. 136-147, July 2015 (Overview of the NOVI FIRE FP7 project)

2. A. Douitsis and V. Maglaris, "Towards A Scalable management Collector", in Proc. of GIIS'16, Porto, Portugal, October 2016 (Network Monitoring Architecture featuring SNMP and ElasticSearch)

3. Y. Kryftis, M. Grammatikou, D. Kalogeras and V. Maglaris, "Policy-Based Management for Federation of Virtualized Infrastructures", Journal of Network & Systems Management, Springer, June 2016 (Policy-based Network Management, Virtualized Infrastructures, Federated SLA)

4. K. Giotis, M. Apostolaki and V. Maglaris, "A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN Domains", in Proc. of IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, April 2016 (Cooperative schemes to mitigate DDoS attacks)

5. K. Giotis, G. Androulidakis and V. Maglaris, "A Scalable Anomaly Detection and Mitigation Architecture for Legacy Networks via an OpenFlow Middlebox", Security and Communication Networks, Wiley, October 2015 (Anomaly Detection & Mitigation Architecture for DDoS attacks using an approach on Legacy Networks)

6. K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras and V. Maglaris, "Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments", Computer Networks, Vol. 62, No. 7 , pp. 122-136, April 2014 (Scalable Anomaly Detection using Entropy Algorithms and sFlow sampling)

7. C. Argyropoulos, S. Mastorakis, K. Giotis, G. Androulidakis, D. Kalogeras and V. Maglaris, "Control-Plane Slicing Methods in Multi-Tenant Software Defined Networks", in Proc. IFIP/IEEE Integrated Network Management Symposium (IM 2015), Ottawa, Canada, May 2015 (Assessing Virtual Network Slicing in terms of Resource Consumption)

8. C. Siaterlis and V. Maglaris, "Detecting incoming and Outgoing DDoS Attacks at the Edge Using a Single Set of Network Characteristics“, in Proc. IEEE 10th Symposium on Computer and Communications (ISCC), Cartagena, Spain, June 2005 (Theoretical Statistical Analysis of Attack Patterns as experienced within the NTUA campus LAN)

9. C. Siaterlis and B. Maglaris, "Towards Multisensor Data Fusion for DoS detection", in Proc. ACM Symposium on Applied Computing, 2004 (Data-fusion algorithms combining Attack Metrics for DDoS Anomaly Detection)

Selected Publications