Titulo Estágio
Evaluating SDN Security through Attack Scenarios and Machine Learning-based Detection Techniques
Local do Estágio
DEI
Enquadramento
Software-Defined Networking (SDN) has emerged as a foundational technology to support the increasing complexity and dynamism of modern networked systems, enabling centralized control, programmability, and adaptability across a wide range of domains—from cloud infrastructures and data centers to 5G and IoT networks. However, SDN’s reliance on logically centralized control introduces unique security challenges, particularly in the face of evolving cyber threats.
Building upon previous research that proposed an enhanced benchmarking framework for SDN controllers—incorporating both dependability and security aspects—this thesis aims to deepen the security dimension by simulating a broad set of known attack scenarios in a controlled SDN testbed and evaluating the capacity of machine learning (ML)-based techniques to detect malicious activity.
The motivation stems from the need for intelligent intrusion detection systems (IDS) that go beyond rule-based mechanisms and leverage flow statistics, controller logs, and behavioral anomalies to detect sophisticated and stealthy attacks in real time. The thesis will integrate these ML-based detection approaches into the benchmarking methodology previously developed, contributing to the construction of robust, adaptive, and trustworthy SDN infrastructures.
Objetivo
This thesis has the following main objectives:
1. Security Threat Analysis in SDN: Identify and characterize key SDN-specific attack vectors, including DoS/DDoS on controllers, flow rule manipulation, topology poisoning, and application-layer attacks.
2. Testbed Setup and Scenario Simulation: Extend the SDN benchmarking framework to include realistic attack scenarios using emulation tools (e.g., Mininet) and popular SDN controllers (e.g., ONOS, OpenDaylight).
3. Feature Engineering for ML-based Detection: Extract relevant features from flow-level data, controller telemetry, and log events to support ML-based intrusion detection.
4. Machine Learning Pipeline: Develop and evaluate ML models (e.g., Random Forest, SVM, Deep Learning, Autoencoders) for the detection of security incidents, comparing supervised and unsupervised approaches.
5. Evaluation and Benchmarking: Quantify detection performance (precision, recall, F1-score, latency) across scenarios and controllers, and analyze trade-offs between accuracy and overhead.
6. Contributions to SDN Security Evaluation: Deliver an extensible and replicable methodology for benchmarking SDN security with a focus on proactive and intelligent detection mechanisms.
Plano de Trabalhos - Semestre 1
Literature Review
In-depth study of SDN fundamentals, its security vulnerabilities, and existing machine learning-based intrusion detection techniques in networked systems.
[13/10/2025 to 09/11/2025] Threat Modeling and Attack Scenario Selection
Mapping of realistic SDN-specific attack scenarios (e.g., DoS, MitM, rule forgery) and planning of corresponding test cases for emulation in the testbed.
[10/11/2025 to 07/12/2025] Testbed Expansion and Data Collection
Extension of the existing testbed to integrate new attack scenarios. Execution of preliminary campaigns to collect traffic data, controller logs, and flow statistics.
[08/12/2025 to --/01/2026] Thesis Proposal Writing
Drafting and submission of the thesis proposal, including problem description, objectives, methodology, and initial experimental plan.
Plano de Trabalhos - Semestre 2
Development of the ML-Based Detection Pipeline
Implementation of detection models using machine learning based on the collected data. Hyperparameter tuning and comparison of different ML approaches (e.g., supervised and unsupervised).
[02/03/2026 to 19/04/2026] Experimental Campaign and Validation
Systematic execution of attack scenarios and collection of performance metrics for the detection pipeline. Comparison across different SDN controllers and attack types.
[20/04/2026 to 10/05/2026] Analysis and Benchmarking of Results
Analysis of experimental results, identification of strengths and limitations of the detection techniques, and discussion on scalability and deployment feasibility.
[11/05/2026 to --/06/2026] Thesis Writing
Compilation and presentation of results, writing of the final thesis document, and formalization of the proposed ML-enhanced SDN security evaluation methodology.
Condições
This work occurs within the context of the NEXUS (C645112083-00000059 investment project no. .º 53) project and depending on the evolution of the internship a studentship may be available to support the development of the work. The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering (SSE) Group and Cyber Security Laboratory (CS-Lab) and in collaboration with CESAR (Recife Center for Advanced Studies and Systems) and UFRPE (Federal Rural University of Pernambuco). An internship at CESAR is also possible, depending on the evolution of the internship.
Orientador
Joao Campos
jrcampos@dei.uc.pt 📩