Starting from the build of the network topology using Mininet, I make use of the the Ryu ofctl rest API (https://ryu.readthedocs.io/en/latest/app/ofctl_rest.html) to aggregate flows from Open vSwitch switches, delete them and add new ones.
The parameters used to train are:
To simulate normal traffic the script gen_traffic.sh sets Mininet hosts network namespace visible and runs a script to each one that makes use of hping3 to send a random number of icmp packets with different bytes.
On the other hand, the attack traffic uses
hping3 --flood --rand-source --icmp h_targetfrom a Mininet host.
Then run
python collect_data.pyon another terminal to sample the flow to target ip.
In order to calulate features, in the Open vSwitch are installed by C1 flow entries with src IP, dst IP as matching field. Then, from each flow entry it's possible
to sample the packet count and byte count using the Ryu ofctl API. The python script collect_data.py samples the switch every 3s through the API and builds the dataset.
After that, you can get dataset.json.
Use dataset.json to train your model through below command
cd training/classifier
python train.pyThe python-based application uses the MVC pattern to better organize the code and its main class is DDoSControllerThread.
This class at runtime is a unique thread and it's implemented by an Asynchronous Final State Machine.
The states are 3:
Start the controllers in the host:
C1:
ryu-manager --ofp-tcp-listen-port 6653 c1.pyC2:
ryu-manager --ofp-tcp-listen-port 6633 c2.py ofctl_rest.pyStart the topology in the guest in order to maintain CPU resources when the attack occurs and run normal traffic script:
sudo mn --custom mn_ddos_topology.py --switch ovsk \
--controller=remote,ip=192.168.1.5:6653 \
--controller=remote,ip=192.168.1.5:6633 --topo ddostoposudo bash gen_traffic.sh $Target_IPIn conclusion, start the application.