Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks

The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.

ADAFT:SDN大规模流表的适应性深度聚合存储架构

为解决软件定义网络(SDN)数据平面中的三态内容可寻址存储器(TCAM)资源紧张问题,提出了一种基于内容表项树的SDN流表深度聚合方法,进而构建一种SDN大规模流表的适应性深度聚合存储架构ADAFT。该架构放宽了聚合表项之间的汉明距离要求,构建内容表项树聚合动作集不同的流表项,显著提高了流表聚合程度。设计了一种TCAM装载率感知的内容表项树动态限高机制,以降低流表查找开销。同时,提出了一种TCAM装载率感知的表项聚合适应性选择策略,以均衡流表聚合程度和查找开销。实验结果表明,ADAFT架构的流表压缩率明显高于现有方法,最高可达65.74%。

基于人工智能的SDN网络中流量优化与拥塞控制方法

文章深入研究基于强化学习的流量优化与拥塞控制方法在软件定义网络(Software Defined Network,SDN)中的应用。首先,详细阐述SDN网络的架构与原理。SDN网络的灵活性和可编程性为网络管理提供了全新的范式。其次,提出了一种基于强化学习的流量优化与拥塞控制方法,通过建模状态、动作、奖励等要素,实现网络流量智能调整。最后,在Mininet仿真环境中进行了实验验证。通过监测吞吐量、延迟、拥塞情况等性能指标,验证所提方法的有效性。实验结果表明,在网络性能方面,所提方法相较于传统方法取得了显著改善,具备更好的适应性和优化能力。

智慧校园网络及安全的SDN架构选择分析

重点研究智慧校园网络与安全的软件定义网络(Software Defined Network,SDN)架构选择,分别讨论SDN架构应用的必要性、实现方法、网络与安全维护建议等内容。从智慧校园的集中部署、意图网络与智慧校园的融合、以零信任为核心构建网络安全架构3个维度出发,提出保护智慧校园网络安全的建议。旨在强调SDN架构对于智慧校园建设的运行安全维护作用,以期为今后智慧校园的深化建设提供技术支持。

SDN网络中STP避环的设计与实现

软件定义网络(Software Defined Network,SDN)架构是使用软件编写代码的方式构建网络,实现控制转发平面分离,并对控制平面实现集中管理.生成树协议(Spanning Tree Protocol,STP)是交换式网络的环路避免协议,通过生成树算法(Spanning Tree Algorithm,STA),将带有环路的物理拓扑中某台设备的接口设置为阻塞状态,构建逻辑无环拓扑.该文通过Python代码编制网络拓扑文件和RYU控制器文件的方式,实施SDN中的网络环路设计,按照STA算法设计和实现STP环路避免,并在仿真实验平台运行,测试结果表明,实现了SDN网络中环路避免.

Performance Evaluation of Topologies for Multi-Domain Software-Defined Networking

Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,the network topology of each control domain of SDN will affect the performance of the multidomain network,so performance evaluation is required before the deployment of the multi-domain SDN.Besides,there is a high cost to build real multi-domain SDN networks with different topologies,so it is necessary to use simulation testing methods to evaluate the topological performance of the multi-domain SDN network.As there is a lack of existing methods to construct a multi-domain SDN simulation network for the tool to evaluate the topological performance automatically,this paper proposes an automated multi-domain SDN topology performance evaluation framework,which supports multiple types of SDN network topologies in cooperating to construct a multi-domain SDN network.The framework integrates existing single-domain SDN simulation tools with network performance testing tools to realize automated performance evaluation of multidomain SDN network topologies.We designed and implemented a Mininet-based simulation tool that can connect multiple controllers and run user-specified topologies in multiple SDN control domains to build and test multi-domain SDN networks faster.Then,we used the tool to perform performance tests on various data center network topologies in single-domain and multi-domain SDN simulation environments.Test results show that Space Shuffle has the most stable performance in a single-domain environment,and Fat-tree has the best performance in a multi-domain environment.Also,this tool has the characteristics of simplicity and stability,which can meet the needs of multi-domain SDN topology performance evaluation.

基于SDN和集成学习的工业控制网络安全防护系统

针对工业控制网络通信信息安全与稳定问题,设计一种基于SDN和集成学习的工业控制网络安全防护系统。该系统采用SDN技术,分为物理层、现场层、转发层、控制层和应用层等5个层次。物理层包含现场终端设备;现场层通过控制模块与操作员站实现对现场终端的控制;转发层使用SDN交换机进行通信数据传输,并将数据镜像传输至应用层进行安全分析;控制层中的SDN控制器管理和控制SDN交换机,并执行应用层下发的安全防护策略;应用层利用集成学习算法对工业控制网络进行入侵行为检测,通过安全响应模块分析入侵信息并选择相应的防御机制。实验结果表明,所设计系统满足工业控制网络通信的实时性要求,能准确地实施入侵检测,从而保障工业控制网络的安全性和正常通信。

Sea Turtle Foraging Optimization-Based Controller Placement with Blockchain-Assisted Intrusion Detection in Software-Defined Networks

Software-defined networking(SDN)algorithms are gaining increas-ing interest and are making networks flexible and agile.The basic idea of SDN is to move the control planes to more than one server’s named controllers and limit the data planes to numerous sending network components,enabling flexible and dynamic network management.A distinctive characteristic of SDN is that it can logically centralize the control plane by utilizing many physical controllers.The deployment of the controller—that is,the controller placement problem(CPP)—becomes a vital model challenge.Through the advancements of blockchain technology,data integrity between nodes can be enhanced with no requirement for a trusted third party.Using the lat-est developments in blockchain technology,this article designs a novel sea turtle foraging optimization algorithm for the controller placement problem(STFOA-CPP)with blockchain-based intrusion detection in an SDN environ-ment.The major intention of the STFOA-CPP technique is the maximization of lifetime,network connectivity,and load balancing with the minimization of latency.In addition,the STFOA-CPP technique is based on the sea turtles’food-searching characteristics of tracking the odour path of dimethyl sulphide(DMS)released from food sources.Moreover,the presented STFOA-CPP technique can adapt with the controller’s count mandated and the shift to controller mapping to variable network traffic.Finally,the blockchain can inspect the data integrity,determine significantly malicious input,and improve the robust nature of developing a trust relationship between sev-eral nodes in the SDN.To demonstrate the improved performance of the STFOA-CPP algorithm,a wide-ranging experimental analysis was carried out.The extensive comparison study highlighted the improved outcomes of the STFOA-CPP technique over other recent approaches.

Managing Smart Technologies with Software-Defined Networks for Routing and Security Challenges: A Survey

Smart environments offer various services,including smart cities,ehealthcare,transportation,and wearable devices,generating multiple traffic flows with different Quality of Service(QoS)demands.Achieving the desired QoS with security in this heterogeneous environment can be challenging due to traffic flows and device management,unoptimized routing with resource awareness,and security threats.Software Defined Networks(SDN)can help manage these devices through centralized SDN controllers and address these challenges.Various schemes have been proposed to integrate SDN with emerging technologies for better resource utilization and security.Software Defined Wireless Body Area Networks(SDWBAN)and Software Defined Internet of Things(SDIoT)are the recently introduced frameworks to overcome these challenges.This study surveys the existing SDWBAN and SDIoT routing and security challenges.The paper discusses each solution in detail and analyses its weaknesses.It covers SDWBAN frameworks for efficient management of WBAN networks,management of IoT devices,and proposed security mechanisms for IoT and data security in WBAN.The survey provides insights into the state-of-the-art in SDWBAN and SDIoT routing with resource awareness and security threats.Finally,this study highlights potential areas for future research.

Multi-Attack Intrusion Detection System for Software-Defined Internet of Things Network

Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.

Toward Secure Software-Defined Networks Using Machine Learning: A Review, Research Challenges, and Future Directions

Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.

一种基于SDN的改进路由算法的研究

针对传统互联网调度无法满足工业业务QoS(Quality of Service)需求的问题,文中在基于SDN的新型网络架构上提出了一种改进的路由算法,并对其中使用的Floodlight控制器模块进行扩展与修改。根据信息收集单元模块提供的带宽信息与链路发现模块提供的网络拓扑信息,路由计算模块对进入的数据流计算出更优化的最短路径。仿真实验结果表明,改进后的路由算法有效降低了数据的传输时延,增强了网络的稳定性。

适配融媒体云平台的SDN技术应用探讨

国家广播电视总局在关于《广播电视融媒体云平台的建设技术实施指南》中提出,为了降低复杂度,宜使用软件定义网络(SDN),通过集中的控制器集群实现VXLAN的控制平面,使得网络部署维护更简单,运行更稳定。本文重点对SDN技术特点和应用进行剖析,并提出设计实施参考建议。

一种面向SDN的传统网络功能集成方法设计与实现

软件定义网络(SDN)通过将控制平面与数据平面分离并使网络可编程来改变网络的管理方式。控制器是SDN网络的关键组成部分。对于诸如DHCP中继功能、动态路由功能等传统网络功能,目前已存在成熟的第三方网络组件。基于能够更便捷地开发面向SDN的传统网络应用,设计与实现一种通用的传统网络功能集成方法,该方法通过将底层网络流量同步给第三方网络组件,由第三方网络组件完成核心的网络功能。文中基于ONOS控制器利用该集成方法开发了一款通用的传统网络应用,并通过集成DHCP Relay功能的实验完成了对该集成方法的功能性验证。

SDN网络系统管理平台的设计与实现

文章主要设计一种软件定义网络(Software Defined Network,SDN)管理系统平台,首先分析系统的用户需求,其次提出其整体框架、模块设计以及数据库设计,并进行系统测试。文章所设计的平台能够优化网络维护的流程,提升网络管理员开展日常网络维护工作的效率。

An SDN-Based Algorithm for Caching,Routing,and Load Balancing in ICN

One of the challenges of Informationcentric Networking(ICN)is finding the optimal location for caching content and processing users’requests.In this paper,we address this challenge by leveraging Software-defined Networking(SDN)for efficient ICN management.To achieve this,we formulate the problem as a mixed-integer nonlinear programming(MINLP)model,incorporating caching,routing,and load balancing decisions.We explore two distinct scenarios to tackle the problem.Firstly,we solve the problem in an offline mode using the GAMS environment,assuming a stable network state to demonstrate the superior performance of the cacheenabled network compared to non-cache networks.Subsequently,we investigate the problem in an online mode where the network state dynamically changes over time.Given the computational complexity associated with MINLP,we propose the software-defined caching,routing,and load balancing(SDCRL)algorithm as an efficient and scalable solution.Our evaluation demonstrates that the SDCRL algorithm significantly reduces computational time while maintaining results that closely resemble those achieved by GAMS.

基于电力通信网的高可靠性SDN架构及数据保护策略

针对变电站中传统电力通信网在各类故障、攻击或突发事件下容易出现网络延时增长、数据质量下降、数据丢失等问题,文中设计了一种以SDN架构为核心技术方案的高可靠性电力通信网数据保护策略。该策略在电力通信控制环路中引入SDN技术,并设计了SDN集中控制架构,以提高在故障发生时的数据保护能力,从而避免了数据资源的浪费、缺失以及耗时过长等问题。同时,还在SDN控制架构的基础上设计了一套ODL控制方案,通过采用该控制方案使得控制环路得到再次优化,由此有效提高了数据质量。最后,对所设计SDN架构下的电力通信控制系统保护策略进行了数据仿真测试验证,通过模拟SDN架构方案的仿真工况,验证了所设计控制保护策略的正确性与可行性。

云资源池异构SDN架构演进研究

云资源池通过SDN技术实现网络编排自动化、规模化和智能化,不同SDN在技术架构、产品适配和性能基线等方面差异较大且难以兼容。在多SDN场景下,部分SDN架构在可扩展性、OU架构解耦和版本迭代效率等方面存在问题。随着云业务发展,不同SDN间业务互联互通需求逐步凸显。本文通过分析云资源池的几种SDN技术,以及异构SDN环境下要解决的关键问题,提出基于不同SDN的异构AZ建设方案,包括架构方案、业务方案和跨AZ迁移方案,并最终实现SDN架构融合统一。

基于SDN的应急融合通信网络设计与实现

铁路应急通信网络由于涉及业务多、技术种类多,在实现快速搭建的问题上面临比较大的挑战。如何实现应急通信网络的快速搭建,同时满足多种业务、多场景下的不同需求,保证通信网络的稳定性与有效性成为一个值得关注的研究话题。软件定义网络(Software Defined Networking,SDN)提出的控制层与数据层分离的新思想为研究提供新的方向。提出在应急通信中引入SDN技术,构建基于SDN的融合应急通信网络,实现网络的集中控制、状态感知、按需路由等相关功能,提高网络的稳定性与效率。

SDN网络中的故障检测与修复技术研究

【目的】虽然软件定义网络(SDN)是一种开放的架构,但也存在着各类网络错误。为实现SDN的高可用性,对故障检测与修复机制进行研究是至关重要的。【方法】首先,对SDN架构与OpenFlow协议进行分析,总结出SDN网络中可能出现的错误,并设计出数据平面错误检测方法。其次,基于主动修复与被动修复机制,并考虑数据流量服务的质量(QoS)需求,从而提出主动与被动相结合的故障修复机制。在此基础上,本研究设计出基于开源代码的故障检测与修复方法,其使用的是非同步报警机制监测网络,根据故障数量和影响程度选择3种修复模式。【结果】试验结果表明,本研究设计的方法能有效检测出SDN数据平面中常见的错误,在保障QoS的前提下,能最大限度恢复网络功能。【结论】该方法在处理多类故障和考虑QoS需求方面超过现有机制,为SDN高可用性和应用提供理论与实践基础,而进一步提高对复杂故障的处理能力和增强自修复智能性是后续的研究方向。