Software-defined networking(SDN) is a trending networking paradigm that focuses on decoupling of the control logic from the data plane. This decoupling brings programmability and flexibility for the network management...Software-defined networking(SDN) is a trending networking paradigm that focuses on decoupling of the control logic from the data plane. This decoupling brings programmability and flexibility for the network management by introducing centralized infrastructure. The complete control logic resides in the controller, and thus it becomes the intellectual and most important entity of the SDN infrastructure. With these advantages, SDN faces several security issues in various SDN layers that may prevent the growth and global adoption of this groundbreaking technology. Control plane exhaustion and switch buffer overflow are examples of such security issues. Distributed denial-of-service(DDoS) attacks are one of the most severe attacks that aim to exhaust the controller’s CPU to discontinue the whole functioning of the SDN network. Hence, it is necessary to design a quick as well as accurate detection scheme to detect the attack traffic at an early stage. In this paper, we present a defense solution to detect and mitigate spoofed flooding DDoS attacks. The proposed defense solution is implemented in the SDN controller. The detection method is based on the idea of an statistical measure — Interquartile Range(IQR). For the mitigation purpose, the existing SDN-in-built capabilities are utilized. In this work, the experiments are performed considering the spoofed SYN flooding attack. The proposed solution is evaluated using different performance parameters, i.e., detection time, detection accuracy, packet_in messages, and CPU utilization. The experimental results reveal that the proposed defense solution detects and mitigates the attack effectively in different attack scenarios.展开更多
The Internet of Things(IoT)has been widely adopted in various domains including smart cities,healthcare,smart factories,etc.In the last few years,the fitness industry has been reshaped by the introduction of smart fit...The Internet of Things(IoT)has been widely adopted in various domains including smart cities,healthcare,smart factories,etc.In the last few years,the fitness industry has been reshaped by the introduction of smart fitness solutions for individuals as well as fitness gyms.The IoT fitness devices collect trainee data that is being used for various decision-making.However,it will face numerous security and privacy issues towards its realization.This work focuses on IoT security,especially DoS/DDoS attacks.In this paper,we have proposed a novel blockchain-enabled protocol(BEP)that uses the notion of a self-exposing node(SEN)approach for securing fitness IoT applications.The blockchain and SDN architectures are employed to enhance IoT security by a highly preventive security monitoring,analysis and response system.The proposed approach helps in detecting the DoS/DDoS attacks on the IoT fitness system and then mitigating the attacks.The BEP is used for handling Blockchain-related activities and SEN could be a sensor or actuator node within the fitness IoT system.SEN provides information about the inbound and outbound traffic to the BEP which is used to analyze the DoS/DDoS attacks on the fitness IoT system.The SENcalculates the inbound and outbound traffic features’entropies and transmits them to the Blockchain in the form of transaction blocks.The BEP picks the whole mined blocks’transactions and transfers them to the SDN controller node.The controller node correlates the entropies data of SENs and decides about the DoS or DDoS attack.So,there are two decision points,one is SEN,and another is the controller.To evaluate the performance of our proposed system,several experiments are performed and results concerning the entropy values and attack detection rate are obtained.The proposed approach has outperformed the other two approaches concerning the attack detection rate by an increase of 11%and 18%against Approach 1 and Approach 2 respectively.展开更多
The concept of Software-Defined Networking(SDN)evolves to overcome the drawbacks of the traditional networks with Internet Protocol(I.P.)packets sending and packets handling.The SDN structure is one of the critical ad...The concept of Software-Defined Networking(SDN)evolves to overcome the drawbacks of the traditional networks with Internet Protocol(I.P.)packets sending and packets handling.The SDN structure is one of the critical advantages of efficiently separating the data plane from the control plane tomanage the network configurations and network management.Whenever there aremultiple sending devices inside the SDNnetwork,theOpenFlow switches are programmed to handle the limited number of requests for their interface.When the recommendations are exceeded from the specific threshold,the load on the switches also increases.This research article introduces a new approach named LBoBS to handle load balancing by adding the load balancing server to the SDN network.Besides,it is used to maximize SDN’s reliability and efficiency.It also works in coordination with the controller to effectively handle the load balancing policies.The load balancing server is implemented to manage the switches load effectively.Results are evaluated on the NS-3 simulator for packet delivery,bandwidth utilization,latency control,and packet decision ratios on the OpenFlow switches.It has been found that the proposed method improved SDN’s load balancing by 70%compared to the previous state-of-the-art methods.展开更多
Resource allocation for multi-tier web appli- cations in virtualization environments is one of the most important problems in autonomous computing. On one hand, the more resources that are provisioned to a multi- tier...Resource allocation for multi-tier web appli- cations in virtualization environments is one of the most important problems in autonomous computing. On one hand, the more resources that are provisioned to a multi- tier web application, the easier it is to meet service level objectives (SLO). On the other hand, the virtual machine which hosts the multi-tier web application needs to be consolidated as much as possible in order to maintain high resource utilization. This paper presents an adaptive resource controller which consists of a feedback utiliza- tion controller and an auto-regressive and moving average model (ARMA)-based model estimator. It can meet application-level quality of service (QoS) goals while achieving high resource utilization. To evaluate the proposed controllers, simulations are performed on a testbed simulating a virtual data center using Xen virtual machines. Experimental results indicate that the control- lers can improve CPU utilization and make the best trade- off between resource utilization and performance for multi-tier web applications.展开更多
文摘Software-defined networking(SDN) is a trending networking paradigm that focuses on decoupling of the control logic from the data plane. This decoupling brings programmability and flexibility for the network management by introducing centralized infrastructure. The complete control logic resides in the controller, and thus it becomes the intellectual and most important entity of the SDN infrastructure. With these advantages, SDN faces several security issues in various SDN layers that may prevent the growth and global adoption of this groundbreaking technology. Control plane exhaustion and switch buffer overflow are examples of such security issues. Distributed denial-of-service(DDoS) attacks are one of the most severe attacks that aim to exhaust the controller’s CPU to discontinue the whole functioning of the SDN network. Hence, it is necessary to design a quick as well as accurate detection scheme to detect the attack traffic at an early stage. In this paper, we present a defense solution to detect and mitigate spoofed flooding DDoS attacks. The proposed defense solution is implemented in the SDN controller. The detection method is based on the idea of an statistical measure — Interquartile Range(IQR). For the mitigation purpose, the existing SDN-in-built capabilities are utilized. In this work, the experiments are performed considering the spoofed SYN flooding attack. The proposed solution is evaluated using different performance parameters, i.e., detection time, detection accuracy, packet_in messages, and CPU utilization. The experimental results reveal that the proposed defense solution detects and mitigates the attack effectively in different attack scenarios.
基金This research was supported by Energy Cloud R&D Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science,ICT(2019M3F2A1073387)and this research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(2018R1D1A1A09082919)and this research was supported by Institute for Information&communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2018-0-01456,AutoMaTa:Autonomous Management framework based on artificial intelligent Technology for adaptive and disposable IoT).Any correspondence related to this paper should be addressed to Do-hyeun Kim.
文摘The Internet of Things(IoT)has been widely adopted in various domains including smart cities,healthcare,smart factories,etc.In the last few years,the fitness industry has been reshaped by the introduction of smart fitness solutions for individuals as well as fitness gyms.The IoT fitness devices collect trainee data that is being used for various decision-making.However,it will face numerous security and privacy issues towards its realization.This work focuses on IoT security,especially DoS/DDoS attacks.In this paper,we have proposed a novel blockchain-enabled protocol(BEP)that uses the notion of a self-exposing node(SEN)approach for securing fitness IoT applications.The blockchain and SDN architectures are employed to enhance IoT security by a highly preventive security monitoring,analysis and response system.The proposed approach helps in detecting the DoS/DDoS attacks on the IoT fitness system and then mitigating the attacks.The BEP is used for handling Blockchain-related activities and SEN could be a sensor or actuator node within the fitness IoT system.SEN provides information about the inbound and outbound traffic to the BEP which is used to analyze the DoS/DDoS attacks on the fitness IoT system.The SENcalculates the inbound and outbound traffic features’entropies and transmits them to the Blockchain in the form of transaction blocks.The BEP picks the whole mined blocks’transactions and transfers them to the SDN controller node.The controller node correlates the entropies data of SENs and decides about the DoS or DDoS attack.So,there are two decision points,one is SEN,and another is the controller.To evaluate the performance of our proposed system,several experiments are performed and results concerning the entropy values and attack detection rate are obtained.The proposed approach has outperformed the other two approaches concerning the attack detection rate by an increase of 11%and 18%against Approach 1 and Approach 2 respectively.
基金This research was supported by a Grant(21RERP-B090228-08)from Residential Environment Research Program funded by Ministry of Land,Infrastructure and Transport of Korean government.
文摘The concept of Software-Defined Networking(SDN)evolves to overcome the drawbacks of the traditional networks with Internet Protocol(I.P.)packets sending and packets handling.The SDN structure is one of the critical advantages of efficiently separating the data plane from the control plane tomanage the network configurations and network management.Whenever there aremultiple sending devices inside the SDNnetwork,theOpenFlow switches are programmed to handle the limited number of requests for their interface.When the recommendations are exceeded from the specific threshold,the load on the switches also increases.This research article introduces a new approach named LBoBS to handle load balancing by adding the load balancing server to the SDN network.Besides,it is used to maximize SDN’s reliability and efficiency.It also works in coordination with the controller to effectively handle the load balancing policies.The load balancing server is implemented to manage the switches load effectively.Results are evaluated on the NS-3 simulator for packet delivery,bandwidth utilization,latency control,and packet decision ratios on the OpenFlow switches.It has been found that the proposed method improved SDN’s load balancing by 70%compared to the previous state-of-the-art methods.
文摘Resource allocation for multi-tier web appli- cations in virtualization environments is one of the most important problems in autonomous computing. On one hand, the more resources that are provisioned to a multi- tier web application, the easier it is to meet service level objectives (SLO). On the other hand, the virtual machine which hosts the multi-tier web application needs to be consolidated as much as possible in order to maintain high resource utilization. This paper presents an adaptive resource controller which consists of a feedback utiliza- tion controller and an auto-regressive and moving average model (ARMA)-based model estimator. It can meet application-level quality of service (QoS) goals while achieving high resource utilization. To evaluate the proposed controllers, simulations are performed on a testbed simulating a virtual data center using Xen virtual machines. Experimental results indicate that the control- lers can improve CPU utilization and make the best trade- off between resource utilization and performance for multi-tier web applications.
