Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks

The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.

Open-Source Software Defined Networking Controllers:State-of-the-Art,Challenges and Solutions for Future Network Providers

Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.

A Methodology for Reliability of WSN Based on Software Defined Network in Adaptive Industrial Environment

As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.

Software defined satellite networks:A survey

In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.

EARS: Intelligence-Driven Experiential Network Architecture for Automatic Routing in Software-Defined Networking

Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).

DDoS Attack in Software Defined Networks: A Survey

Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

ForSA — A New Software Defined Network Architecture Based on ForCES

In recent years, SDN(Software Defined Network) as a new network architecture has become the hot research point. Meanwhile,the well-known Open Flow-based SDN got a lot of attention. But it can't provide a flexible and effective network resource description method.As an open programmable technology, For CES(Forwarding and Control Element Separation)has also been concerned. However, For CES is confined within a single network node and cannot be applied to the entire network. This paper proposes a new architecture — ForS A(ForC ESbased SDN architecture). The architecture is added a configuration layer based on the traditional SDN architecture, which solves the problem that the northbound interface is not clear between the application layer and the control layer in the SDN architecture. ForS A also implements the compatibility within various forwarding devices in the forwarding layer.

Opportunistic spectrum sharing in software defined wireless network

Over the past few decades, the world has witnessed a rapid growth in mobile and wireless networks（MWNs） which significantly change human life. However, proliferating mobile demands lead to several intractable challenges that MWN has to face. Software-defined network is expected as a promising way for future network and has captured growing attention. Network virtualization is an essential feature in software-defined wireless network（SDWN）, and it brings two new entities, physical networks and virtual networks. Accordingly, efficiently assigning spectrum resource to virtual networks is one of the fundamental problems in SDWN. Directly orienting towards the spectrum resource allocation problem, firstly, the fluctuation features of virtual network requirements in SDWN are researched, and the opportunistic spectrum sharing method is introduced to SDWN. Then, the problem is proved as NP-hardness. After that, a dynamic programming and graph theory based spectrum sharing algorithm is proposed.Simulations demonstrate that the opportunistic spectrum sharing method conspicuously improves the system performance up to around 20%–30% in SDWN, and the proposed algorithm achieves more efficient performance.

ADAFT:SDN大规模流表的适应性深度聚合存储架构

为解决软件定义网络(SDN)数据平面中的三态内容可寻址存储器(TCAM)资源紧张问题,提出了一种基于内容表项树的SDN流表深度聚合方法,进而构建一种SDN大规模流表的适应性深度聚合存储架构ADAFT。该架构放宽了聚合表项之间的汉明距离要求,构建内容表项树聚合动作集不同的流表项,显著提高了流表聚合程度。设计了一种TCAM装载率感知的内容表项树动态限高机制,以降低流表查找开销。同时,提出了一种TCAM装载率感知的表项聚合适应性选择策略,以均衡流表聚合程度和查找开销。实验结果表明,ADAFT架构的流表压缩率明显高于现有方法,最高可达65.74%。

基于人工智能的SDN网络中流量优化与拥塞控制方法

文章深入研究基于强化学习的流量优化与拥塞控制方法在软件定义网络(Software Defined Network,SDN)中的应用。首先,详细阐述SDN网络的架构与原理。SDN网络的灵活性和可编程性为网络管理提供了全新的范式。其次,提出了一种基于强化学习的流量优化与拥塞控制方法,通过建模状态、动作、奖励等要素,实现网络流量智能调整。最后,在Mininet仿真环境中进行了实验验证。通过监测吞吐量、延迟、拥塞情况等性能指标,验证所提方法的有效性。实验结果表明,在网络性能方面,所提方法相较于传统方法取得了显著改善,具备更好的适应性和优化能力。

基于SDN的车联网多MEC动态负载均衡算法

车载自组织网络(VANET)承载的数据规模呈现爆炸性增长趋势。针对车联网中在线卸载场景下,多边缘服务器(MEC)负载不均衡导致车辆卸载成功率严重下降问题,提出一种基于软件定义网络(SDN)的车联网多MEC动态负载均衡算法DFPC。该算法结合排队论中先到先服务和有优先权的服务两种方式,SDN控制器通过一定的等待时延定时收集当前批任务,利用改进的K-means聚类算法快速对多维任务分类,优先入队紧急度相对高的任务;再利用SDN控制器定时收集的MEC上下文信息,实现卸载任务在多个MEC之间分配的动态反馈调节,解决了多MEC之间动态负载不均衡问题,充分利用MEC的计算资源,最终提升了整体车辆卸载成功率。为了验证DFPC算法在真实动态场景下的有效性,设计一种多MEC接入的在线卸载框架MOLF,通过低成本硬件部署模式完成在线卸载场景下负载均衡性能测试。实验结果表明,相比基准方案,DFPC算法平均卸载成功率提升了28%,平均负载方差降低了73%。

智慧校园网络及安全的SDN架构选择分析

重点研究智慧校园网络与安全的软件定义网络(Software Defined Network,SDN)架构选择,分别讨论SDN架构应用的必要性、实现方法、网络与安全维护建议等内容。从智慧校园的集中部署、意图网络与智慧校园的融合、以零信任为核心构建网络安全架构3个维度出发,提出保护智慧校园网络安全的建议。旨在强调SDN架构对于智慧校园建设的运行安全维护作用,以期为今后智慧校园的深化建设提供技术支持。

Application-aware routing with QoS support in SDN networks

Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.

Virtualized Wireless SDNs:Modelling Delay Through the Use of Stochastic Network Calculus

Software-defined networks （SDN） have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.

An MAC Layer Aware Pseudonym (MAP) Scheme for the Software Defined Internet of Vehicles

This paper proposes a cross-layer design to enhance the location privacy under a coordinated medium access control(MAC) protocol for the Internet of Vehicles(Io V). The channel and pseudonym resources are both essential for transmission efficiency and privacy preservation in the Io V. Nevertheless, the MAC protocol and pseudonym scheme are usually studied separately, in which a new MAC layer semantic linking attack could be carried out by analyzing the vehicles' transmission patterns even if they change pseudonyms simultaneously. This paper presents a hierarchical architecture named as the software defined Internet of Vehicles(SDIV). Facilitated by the architecture, a MAC layer aware pseudonym(MAP) scheme is proposed to resist the new attack. In the MAP, RSU clouds coordinate vehicles to change their transmission slots and pseudonyms simultaneously in the mix-zones by measuring the privacy level quantitatively. Security analysis and extensive simulations are conducted to show that the scheme provides reliable safety message broadcasting, improves the location privacy and network throughput in the Io V.

Edge-Computing with Graph Computation:A Novel Mechanism to Handle Network Intrusion and Address Spoofing in SDN

Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.

A Survivability Routing Mechanism in SDN Enabled Wireless Mesh Networks:Design and Evaluation

In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.

基于分布式SDN的机动通信系统拓扑发现方法

针对目前传统机动通信系统、主流软件定义网络(software defined network,SDN)的拓扑发现方法不适合基于分布式SDN的机动通信系统这一问题,遵循OpenFlow拓扑发现算法(OpenFlow discovery protocol,OFDP)移植传输控制协议/网际协议(transmission control protocol/Internet protocol,TCP/IP)相关协议到SDN网络的研究思路,对开放最短路径优先(open shortest path first,OSPF)协议进行优化,精简协议状态机、优化协议报文、增加协议功能并设计拓扑发现算法,提出一种适合基于分布式SDN的机动通信系统的拓扑发现方法,并搭建仿真实验平台进行验证。实验结果表明,优化后OSPF协议适应于分布式SDN网络,网络拓扑建链时间降低80%且重新收敛时间显著降低,建链开销平均每秒接收字节数、发送字节数分别下降了31.7%和21.5%,维持开销平均每秒收发字节数降低了45%,增加了收集信道种类等网络信息的新功能。

A Dynamic Approach to MIB Polling for Software Defined Monitoring

Technology trends such as Software-Defined Networking (SDN) are transforming networking services in terms of flexibility and faster deployment times. SDN separates the control plane from the data plane with its centralised architecture compared with the distributed approach used in other management systems. However, management systems are still required to adapt the new emerging SDN-like technologies to address various security and complex management issues. Simple Network Management Protocol (SNMP) is the most widespread management protocol implemented in a traditional Network Management System (NMS) but has some limitations with the development of SDN-like services. Hence, many studies have been undertaken to merge the SDN-like services with traditional network management systems. Results show that merging SDN with traditional NMS systems not only increases the average Management Information Base (MIB) polling time but also creates additional overheads on the network. Therefore, this paper proposes a dynamic scheme for MIB polling using an additional MIB controller agent within the SDN controller. Our results show that using the proposed scheme, the average polling time can be significantly reduced (i.e., faster polling of the MIB information) and also requires very low overhead because of the small sized OpenFlow messages used during polling.

Service Function Chain Migration in LEO Satellite Networks

With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.