The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified ne...Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.展开更多
Software-Defined Networking(SDN)is a new network technology that uses programming to complement the data plane with a control plane.To enable safe connection,however,numerous security challenges must be addressed.Floo...Software-Defined Networking(SDN)is a new network technology that uses programming to complement the data plane with a control plane.To enable safe connection,however,numerous security challenges must be addressed.Flooding attacks have been one of the most prominent risks on the internet for decades,and they are now becoming challenging difficulties in SDN networks.To solve these challenges,we proposed a unique firewall application built on multiple levels of packet filtering to provide a flooding attack prevention system and a layer-based packet detection system.This study offers a systematic strategy for wrapping up the examination of SDN operations.The Mininet simulator examines the effectiveness of SDN-based firewalls at various network tiers.The fundamental network characteristics that specify how SDN should operate.The three main analytical measures of the network are jitter,response time,and throughput.During regular operations,their behavior evaluates in the standard SDN conditions of Transmission Control Protocol(TCP)flooding and User Datagram Protocol(UDP)flooding with no SDN occurrences.Low Orbit Ion Cannon(LOIC)is applied to launch attacks on the transmission by the allocated server.Wireshark and MATLAB are used for the behavioral study to determine how sensitive the parameters are used in the SDN network and monitor the fluctuations of those parameters for different simulated scenarios.展开更多
In light of the escalating demand and intricacy of services in contemporary terrestrial,maritime,and aerial combat operations,there is a compelling need for enhanced service quality and efficiency in airborne cluster ...In light of the escalating demand and intricacy of services in contemporary terrestrial,maritime,and aerial combat operations,there is a compelling need for enhanced service quality and efficiency in airborne cluster communication networks.Software-Defined Networking(SDN)proffers a viable solution for the multifaceted task of cooperative communication transmission and management across different operational domains within complex combat contexts,due to its intrinsic ability to flexibly allocate and centrally administer network resources.This study pivots around the optimization of SDN controller deployment within airborne data link clusters.A collaborative multi-controller architecture predicated on airborne data link clusters is thus proposed.Within this architectural framework,the controller deployment issue is reframed as a two-fold problem:subdomain partition-ing and central interaction node selection.We advocate a subdomain segmentation approach grounded in node value ranking(NDVR)and a central interaction node selection methodology predicated on an enhanced Artificial Fish Swarm Algorithm(AFSA).The advanced NDVR-AFSA(Node value ranking-Improved artificial fish swarm algorithm)algorithm makes use of a chaos algorithm for population initialization,boosting population diversity and circumventing premature algorithm convergence.By the integration of adaptive strategies and incorporation of the genetic algorithm’s crossover and mutation operations,the algorithm’s search range adaptability is enhanced,thereby increasing the possibility of obtaining globally optimal solutions,while concurrently augmenting cluster reliability.The simulation results verify the advantages of the NDVR-IAFSA algorithm,achieve a better load balancing effect,improve the reliability of aviation data link cluster,and significantly reduce the average propagation delay and disconnection rate,respectively,by 12.8%and 11.7%.This shows that the optimization scheme has important significance in practical application,and can meet the high requirements of modern sea,land,and air operations to aviation airborne communication networks.展开更多
In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the grow...In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.展开更多
This white paper explores three popular development methodologies for network softwarization: DevOps, NetOps, and Verification. The paper compares and contrasts the strengths and weaknesses of each approach and provid...This white paper explores three popular development methodologies for network softwarization: DevOps, NetOps, and Verification. The paper compares and contrasts the strengths and weaknesses of each approach and provides recommendations for organizations looking to adopt network softwarization.展开更多
In a non-static information exchange network,routing is an overly com-plex task to perform,which has to satisfy all the needs of the network.Software Defined Network(SDN)is the latest and widely used technology in the ...In a non-static information exchange network,routing is an overly com-plex task to perform,which has to satisfy all the needs of the network.Software Defined Network(SDN)is the latest and widely used technology in the future communication networks,which would provide smart routing that is visible uni-versally.The various features of routing are supported by the information centric network,which minimizes the congestion in the dataflow in a network and pro-vides the content awareness through its mined mastery.Due to the advantages of the information centric network,the concepts of the information-centric net-work has been used in the paper to enable an optimal routing in the software-defined networks.Although there are many advantages in the information-centric network,there are some disadvantages due to the non-static communication prop-erties,which affects the routing in SDN.In this regard,artificial intelligence meth-odology has been used in the proposed approach to solve these difficulties.A detailed analysis has been conducted to map the content awareness with deep learning and deep reinforcement learning with routing.The novel aligned internet investigation technique has been proposed to process the deep reinforcement learning.The performance evaluation of the proposed systems has been con-ducted among various existing approaches and results in optimal load balancing,usage of the bandwidth,and maximization in the throughput of the network.展开更多
With the continuous expansion of the data center network scale, changing network requirements, and increasing pressure on network bandwidth, the traditional network architecture can no longer meet people’s needs. The...With the continuous expansion of the data center network scale, changing network requirements, and increasing pressure on network bandwidth, the traditional network architecture can no longer meet people’s needs. The development of software defined networks has brought new opportunities and challenges to future networks. The data and control separation characteristics of SDN improve the performance of the entire network. Researchers have integrated SDN architecture into data centers to improve network resource utilization and performance. This paper first introduces the basic concepts of SDN and data center networks. Then it discusses SDN-based load balancing mechanisms for data centers from different perspectives. Finally, it summarizes and looks forward to the study on SDN-based load balancing mechanisms and its development trend.展开更多
The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networ...The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networking services,the IoV still suffers with high processing latency,less mobility support and location awareness.In this paper,we integrate fog computing and software defined networking(SDN) to address those problems.Fog computing extends computing and storing to the edge of the network,which could decrease latency remarkably in addition to enable mobility support and location awareness.Meanwhile,SDN provides flexible centralized control and global knowledge to the network.In order to apply the software defined cloud/fog networking(SDCFN) architecture in the IoV effectively,we propose a novel SDN-based modified constrained optimization particle swarm optimization(MPSO-CO) algorithm which uses the reverse of the flight of mutation particles and linear decrease inertia weight to enhance the performance of constrained optimization particle swarm optimization(PSO-CO).The simulation results indicate that the SDN-based MPSO-CO algorithm could effectively decrease the latency and improve the quality of service(QoS) in the SDCFN architecture.展开更多
The data traffic that is accumulated at the Macro Base Station(MBS)keeps on increasing as almost all the people start using mobile phones.The MBS cannot accommodate all user’s demands,and attempts to offload some use...The data traffic that is accumulated at the Macro Base Station(MBS)keeps on increasing as almost all the people start using mobile phones.The MBS cannot accommodate all user’s demands,and attempts to offload some users to the nearby small cells so that the user could get the expected service.For the MBS to offload data traffic to an Access Point(AP),it should offer an optimal economic incentive in a way its utility is maximized.Similarly,the APs should choose an optimal traffic to admit load for the price that it gets from MBS.To balance this tradeoff between the economic incentive and the admittance load to achieve optimal offloading,Software Defined Networking(SDN)assisted Stackelberg Game(SaSG)model is proposed.In this model,the MBS selects the users carefully to aggregate the service with AP,so that the user experiencing least service gets aggregated first.The MBS uses the Received Signal Strength Indicator(RSSI)value of the users as the main parameter for aggregating a particular user for a contract period with LTE and WiFi.Each player involved in the game tries to maximize their payoff utilities,and thus,while incorporating those utilities in real-time scenario,we obtain maximum throughput per user which experiences best data service without any lack in Quality of Experience(QoE).Thus,the proposed SaSG model proves better when compared with other game theory models,and hence an optimal data offloading is achieved.展开更多
As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advanta...As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.展开更多
Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and...Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.展开更多
Software defined optical networks (SDONs) integrate software defined technology with optical communication networks and represent the promising development trend of future optical networks. The key technologies for ...Software defined optical networks (SDONs) integrate software defined technology with optical communication networks and represent the promising development trend of future optical networks. The key technologies for SDONs include software-defined optical transmission, switching, and networking. The main features include control and transport separation, hard-ware universalization, protocol standardization, controllable optical network, and flexible optical network applications. This paper introduces software defined optical networks and its innovation environment, in terms of network architecture, protocol extension solution, experiment platform and typical applications. Batch testing has been conducted to evaluate the performance of this SDON testbed. The results show that the SDON testbed has good scalability in different sizes. Meanwhile, we notice that controller output bandwidth has great influence on lightpath setup delay.展开更多
Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible netw...Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.展开更多
The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,securit...The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.展开更多
Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced net...Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.展开更多
Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. ...Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.展开更多
Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The s...Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.展开更多
Time and space complexity is themost critical problemof the current routing optimization algorithms for Software Defined Networking(SDN).To overcome this complexity,researchers use meta-heuristic techniques inside the...Time and space complexity is themost critical problemof the current routing optimization algorithms for Software Defined Networking(SDN).To overcome this complexity,researchers use meta-heuristic techniques inside the routing optimization algorithms in the OpenFlow(OF)based large scale SDNs.This paper proposes a hybrid meta-heuristic algorithm to optimize the dynamic routing problem for the large scale SDNs.Due to the dynamic nature of SDNs,the proposed algorithm uses amutation operator to overcome the memory-based problem of the ant colony algorithm.Besides,it uses the box-covering method and the k-means clustering method to divide the SDN network to overcome the problemof time and space complexity.The results of the proposed algorithm compared with the results of other similar algorithms and it shows that the proposed algorithm can handle the dynamic network changing,reduce the network congestion,the delay and running times and the packet loss rates.展开更多
Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.A...Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.展开更多
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
基金This work was funded by the Deanship of Scientific Research at Jouf University under Grant Number(DSR2022-RG-0102).
文摘Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.
基金supported in part by the Research Committee of Hamdard University Karachi Pakistan(www.hamdard.edu.pk)the Office of Research Innovation&Commercialization(ORIC)of Dawood University of Engineering&Technology Karachi Pakistan(www.duet.edu.pk).
文摘Software-Defined Networking(SDN)is a new network technology that uses programming to complement the data plane with a control plane.To enable safe connection,however,numerous security challenges must be addressed.Flooding attacks have been one of the most prominent risks on the internet for decades,and they are now becoming challenging difficulties in SDN networks.To solve these challenges,we proposed a unique firewall application built on multiple levels of packet filtering to provide a flooding attack prevention system and a layer-based packet detection system.This study offers a systematic strategy for wrapping up the examination of SDN operations.The Mininet simulator examines the effectiveness of SDN-based firewalls at various network tiers.The fundamental network characteristics that specify how SDN should operate.The three main analytical measures of the network are jitter,response time,and throughput.During regular operations,their behavior evaluates in the standard SDN conditions of Transmission Control Protocol(TCP)flooding and User Datagram Protocol(UDP)flooding with no SDN occurrences.Low Orbit Ion Cannon(LOIC)is applied to launch attacks on the transmission by the allocated server.Wireshark and MATLAB are used for the behavioral study to determine how sensitive the parameters are used in the SDN network and monitor the fluctuations of those parameters for different simulated scenarios.
基金supported by the following funds:Defense Industrial Technology Development Program Grant:G20210513Shaanxi Provincal Department of Science and Technology Grant:2021KW-07Shaanxi Provincal Department of Science and Technology Grant:2022 QFY01-14.
文摘In light of the escalating demand and intricacy of services in contemporary terrestrial,maritime,and aerial combat operations,there is a compelling need for enhanced service quality and efficiency in airborne cluster communication networks.Software-Defined Networking(SDN)proffers a viable solution for the multifaceted task of cooperative communication transmission and management across different operational domains within complex combat contexts,due to its intrinsic ability to flexibly allocate and centrally administer network resources.This study pivots around the optimization of SDN controller deployment within airborne data link clusters.A collaborative multi-controller architecture predicated on airborne data link clusters is thus proposed.Within this architectural framework,the controller deployment issue is reframed as a two-fold problem:subdomain partition-ing and central interaction node selection.We advocate a subdomain segmentation approach grounded in node value ranking(NDVR)and a central interaction node selection methodology predicated on an enhanced Artificial Fish Swarm Algorithm(AFSA).The advanced NDVR-AFSA(Node value ranking-Improved artificial fish swarm algorithm)algorithm makes use of a chaos algorithm for population initialization,boosting population diversity and circumventing premature algorithm convergence.By the integration of adaptive strategies and incorporation of the genetic algorithm’s crossover and mutation operations,the algorithm’s search range adaptability is enhanced,thereby increasing the possibility of obtaining globally optimal solutions,while concurrently augmenting cluster reliability.The simulation results verify the advantages of the NDVR-IAFSA algorithm,achieve a better load balancing effect,improve the reliability of aviation data link cluster,and significantly reduce the average propagation delay and disconnection rate,respectively,by 12.8%and 11.7%.This shows that the optimization scheme has important significance in practical application,and can meet the high requirements of modern sea,land,and air operations to aviation airborne communication networks.
基金This work is supported by the Fundamental Research Funds for the Central Universities.
文摘In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.
文摘This white paper explores three popular development methodologies for network softwarization: DevOps, NetOps, and Verification. The paper compares and contrasts the strengths and weaknesses of each approach and provides recommendations for organizations looking to adopt network softwarization.
文摘In a non-static information exchange network,routing is an overly com-plex task to perform,which has to satisfy all the needs of the network.Software Defined Network(SDN)is the latest and widely used technology in the future communication networks,which would provide smart routing that is visible uni-versally.The various features of routing are supported by the information centric network,which minimizes the congestion in the dataflow in a network and pro-vides the content awareness through its mined mastery.Due to the advantages of the information centric network,the concepts of the information-centric net-work has been used in the paper to enable an optimal routing in the software-defined networks.Although there are many advantages in the information-centric network,there are some disadvantages due to the non-static communication prop-erties,which affects the routing in SDN.In this regard,artificial intelligence meth-odology has been used in the proposed approach to solve these difficulties.A detailed analysis has been conducted to map the content awareness with deep learning and deep reinforcement learning with routing.The novel aligned internet investigation technique has been proposed to process the deep reinforcement learning.The performance evaluation of the proposed systems has been con-ducted among various existing approaches and results in optimal load balancing,usage of the bandwidth,and maximization in the throughput of the network.
文摘With the continuous expansion of the data center network scale, changing network requirements, and increasing pressure on network bandwidth, the traditional network architecture can no longer meet people’s needs. The development of software defined networks has brought new opportunities and challenges to future networks. The data and control separation characteristics of SDN improve the performance of the entire network. Researchers have integrated SDN architecture into data centers to improve network resource utilization and performance. This paper first introduces the basic concepts of SDN and data center networks. Then it discusses SDN-based load balancing mechanisms for data centers from different perspectives. Finally, it summarizes and looks forward to the study on SDN-based load balancing mechanisms and its development trend.
基金supported in part by National Natural Science Foundation of China (No.61401331,No.61401328)111 Project in Xidian University of China(B08038)+2 种基金Hong Kong,Macao and Taiwan Science and Technology Cooperation Special Project (2014DFT10320,2015DFT10160)The National Science and Technology Major Project of the Ministry of Science and Technology of China(2015zx03002006-003)FundamentalResearch Funds for the Central Universities (20101155739)
文摘The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networking services,the IoV still suffers with high processing latency,less mobility support and location awareness.In this paper,we integrate fog computing and software defined networking(SDN) to address those problems.Fog computing extends computing and storing to the edge of the network,which could decrease latency remarkably in addition to enable mobility support and location awareness.Meanwhile,SDN provides flexible centralized control and global knowledge to the network.In order to apply the software defined cloud/fog networking(SDCFN) architecture in the IoV effectively,we propose a novel SDN-based modified constrained optimization particle swarm optimization(MPSO-CO) algorithm which uses the reverse of the flight of mutation particles and linear decrease inertia weight to enhance the performance of constrained optimization particle swarm optimization(PSO-CO).The simulation results indicate that the SDN-based MPSO-CO algorithm could effectively decrease the latency and improve the quality of service(QoS) in the SDCFN architecture.
文摘The data traffic that is accumulated at the Macro Base Station(MBS)keeps on increasing as almost all the people start using mobile phones.The MBS cannot accommodate all user’s demands,and attempts to offload some users to the nearby small cells so that the user could get the expected service.For the MBS to offload data traffic to an Access Point(AP),it should offer an optimal economic incentive in a way its utility is maximized.Similarly,the APs should choose an optimal traffic to admit load for the price that it gets from MBS.To balance this tradeoff between the economic incentive and the admittance load to achieve optimal offloading,Software Defined Networking(SDN)assisted Stackelberg Game(SaSG)model is proposed.In this model,the MBS selects the users carefully to aggregate the service with AP,so that the user experiencing least service gets aggregated first.The MBS uses the Received Signal Strength Indicator(RSSI)value of the users as the main parameter for aggregating a particular user for a contract period with LTE and WiFi.Each player involved in the game tries to maximize their payoff utilities,and thus,while incorporating those utilities in real-time scenario,we obtain maximum throughput per user which experiences best data service without any lack in Quality of Experience(QoE).Thus,the proposed SaSG model proves better when compared with other game theory models,and hence an optimal data offloading is achieved.
基金supported by the National Natural Science Foundation of China(61571336)the Science and Technology Project of Henan Province in China(172102210081)the Independent Innovation Research Foundation of Wuhan University of Technology(2016-JL-036)
文摘As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.
基金This work was supported in part by the National Science Foundation,USA(ECCS-2018492,CNS-2006828,ECCS-2002897,and OIA-2040599).
文摘Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.
基金supported by ZTE Industry-Academia-Research Cooperation Funds under Grant No.Surrey-Ref-9953
文摘Software defined optical networks (SDONs) integrate software defined technology with optical communication networks and represent the promising development trend of future optical networks. The key technologies for SDONs include software-defined optical transmission, switching, and networking. The main features include control and transport separation, hard-ware universalization, protocol standardization, controllable optical network, and flexible optical network applications. This paper introduces software defined optical networks and its innovation environment, in terms of network architecture, protocol extension solution, experiment platform and typical applications. Batch testing has been conducted to evaluate the performance of this SDON testbed. The results show that the SDON testbed has good scalability in different sizes. Meanwhile, we notice that controller output bandwidth has great influence on lightpath setup delay.
基金supported in part by the“973”Program of China under Grant No.2013CB329103the National Natural Science Foundation of China under Grant No.61271171 and No.61401070+1 种基金National Key Research and Development Program of China No.2016YFB0800105the“863”Program of China under Grant No.2015AA015702 and No.2015AA016102
文摘Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.
基金This work was supported by Universiti Sains Malaysia under external grant(Grant Number 304/PNAV/650958/U154).
文摘The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.
基金Supported by the National Basic Research Program of China(No.2012CB315803)the Around Five Top Priorities of One-Three-Five Strategic Planning,CNIC(No.CNIC PY 1401)Chinese Academy of Sciences,and the Knowledge Innovation Program of the Chinese Academy of Sciences(No.CNIC_QN_1508)
文摘Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.
基金supported in part by the grant from the National Natural Science Foundation of China (60973129)
文摘Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.
文摘Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.
文摘Time and space complexity is themost critical problemof the current routing optimization algorithms for Software Defined Networking(SDN).To overcome this complexity,researchers use meta-heuristic techniques inside the routing optimization algorithms in the OpenFlow(OF)based large scale SDNs.This paper proposes a hybrid meta-heuristic algorithm to optimize the dynamic routing problem for the large scale SDNs.Due to the dynamic nature of SDNs,the proposed algorithm uses amutation operator to overcome the memory-based problem of the ant colony algorithm.Besides,it uses the box-covering method and the k-means clustering method to divide the SDN network to overcome the problemof time and space complexity.The results of the proposed algorithm compared with the results of other similar algorithms and it shows that the proposed algorithm can handle the dynamic network changing,reduce the network congestion,the delay and running times and the packet loss rates.
文摘Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.