Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks

The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.

Sea Turtle Foraging Optimization-Based Controller Placement with Blockchain-Assisted Intrusion Detection in Software-Defined Networks

Software-defined networking(SDN)algorithms are gaining increas-ing interest and are making networks flexible and agile.The basic idea of SDN is to move the control planes to more than one server’s named controllers and limit the data planes to numerous sending network components,enabling flexible and dynamic network management.A distinctive characteristic of SDN is that it can logically centralize the control plane by utilizing many physical controllers.The deployment of the controller—that is,the controller placement problem(CPP)—becomes a vital model challenge.Through the advancements of blockchain technology,data integrity between nodes can be enhanced with no requirement for a trusted third party.Using the lat-est developments in blockchain technology,this article designs a novel sea turtle foraging optimization algorithm for the controller placement problem(STFOA-CPP)with blockchain-based intrusion detection in an SDN environ-ment.The major intention of the STFOA-CPP technique is the maximization of lifetime,network connectivity,and load balancing with the minimization of latency.In addition,the STFOA-CPP technique is based on the sea turtles’food-searching characteristics of tracking the odour path of dimethyl sulphide(DMS)released from food sources.Moreover,the presented STFOA-CPP technique can adapt with the controller’s count mandated and the shift to controller mapping to variable network traffic.Finally,the blockchain can inspect the data integrity,determine significantly malicious input,and improve the robust nature of developing a trust relationship between sev-eral nodes in the SDN.To demonstrate the improved performance of the STFOA-CPP algorithm,a wide-ranging experimental analysis was carried out.The extensive comparison study highlighted the improved outcomes of the STFOA-CPP technique over other recent approaches.

Toward Secure Software-Defined Networks Using Machine Learning: A Review, Research Challenges, and Future Directions

Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.

Service Function Chain Migration in LEO Satellite Networks

With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.

Performance Evaluation of Topologies for Multi-Domain Software-Defined Networking

Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,the network topology of each control domain of SDN will affect the performance of the multidomain network,so performance evaluation is required before the deployment of the multi-domain SDN.Besides,there is a high cost to build real multi-domain SDN networks with different topologies,so it is necessary to use simulation testing methods to evaluate the topological performance of the multi-domain SDN network.As there is a lack of existing methods to construct a multi-domain SDN simulation network for the tool to evaluate the topological performance automatically,this paper proposes an automated multi-domain SDN topology performance evaluation framework,which supports multiple types of SDN network topologies in cooperating to construct a multi-domain SDN network.The framework integrates existing single-domain SDN simulation tools with network performance testing tools to realize automated performance evaluation of multidomain SDN network topologies.We designed and implemented a Mininet-based simulation tool that can connect multiple controllers and run user-specified topologies in multiple SDN control domains to build and test multi-domain SDN networks faster.Then,we used the tool to perform performance tests on various data center network topologies in single-domain and multi-domain SDN simulation environments.Test results show that Space Shuffle has the most stable performance in a single-domain environment,and Fat-tree has the best performance in a multi-domain environment.Also,this tool has the characteristics of simplicity and stability,which can meet the needs of multi-domain SDN topology performance evaluation.

Multi-Attack Intrusion Detection System for Software-Defined Internet of Things Network

Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.

A 5G Perspective of an SDN-Based Privacy-Preserving Scheme for IoT Networks

The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.

On the use of the genetic programming for balanced load distribution in software-defined networks

As a new networking paradigm,Software-Defined Networking(SDN)enables us to cope with the limitations of traditional networks.SDN uses a controller that has a global view of the network and switch devices which act as packet forwarding hardware,known as“OpenFlow switches”.Since load balancing service is essential to distribute workload across servers in data centers,we propose an effective load balancing scheme in SDN,using a genetic programming approach,called Genetic Programming based Load Balancing(GPLB).We formulate the problem to find a path:1)with the best bottleneck switch which has the lowest capacity within bottleneck switches of each path,2)with the shortest path,and 3)requiring the less possible operations.For the purpose of choosing the real-time least loaded path,GPLB immediately calculates the integrated load of paths based on the information that receives from the SDN controller.Hence,in this design,the controller sends the load information of each path to the load balancing algorithm periodically and then the load balancing algorithm returns a least loaded path to the controller.In this paper,we use the Mininet emulator and the OpenDaylight controller to evaluate the effectiveness of the GPLB.The simulative study of the GPLB shows that there is a big improvement in performance metrics and the latency and the jitter are minimized.The GPLB also has the maximum throughput in comparison with related works and has performed better in the heavy traffic situation.The results show that our model stands smartly while not increasing further overhead.

Orchestrating Network Functions in Software-Defined Networks

Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.

Software-Defined Optical Data Centre Networks

Based on the analysis of data centre(DC) traffic pattern, we introduced a holistic software-defined optical DC solution. Architecture-on-Demand based hybrid optical switched(OPS/OCS) data centre network(DCN) fabric is introduced, which is able to realise different inter-and intra-cluster configurations and dynamically support diverse traffic in the DC. The optical DCN is controlled and managed by a software-defined networking(SDN) enabled control plane to achieve high programmability. Moreover, virtual data centre(VDC) composition is developed as an application of such softwaredefined optical DC to create VDC slices for different tenants.

Joint Content Placement and Traffic Management for Cloud Mobile Video Distribution over Software-Defined Networks

To cope with the rapid growth of mobile video, video providers have leveraged cloud technologies to deploy their mobile video service system for more cost-effective and scalable performance. The emergence of Software-Defined Networking(SDN) provides a promising solution to manage the underlying network. In this paper, we introduce an SDN-enabled cloud mobile video distribution architecture and propose a joint video placement, request dispatching and traffic management mechanism to improve user experience and reduce the system operational cost. We use a utility function to capture the two aspects of user experience: the level of satisfaction and average latency, and formulate the joint optimization problem as a mixed integer programming problem. We develop an optimal algorithm based on dual decomposition and prove its optimality. We conduct simulations to evaluate the performance of our algorithm and the results show that our strategy can effectively cut down the total cost and guarantee user experience.

Multi-Agent Deep Q-Networks for Efficient Edge Federated Learning Communications in Software-Defined IoT

Federated learning(FL)activates distributed on-device computation techniques to model a better algorithm performance with the interaction of local model updates and global model distributions in aggregation averaging processes.However,in large-scale heterogeneous Internet of Things(IoT)cellular networks,massive multi-dimensional model update iterations and resource-constrained computation are challenging aspects to be tackled significantly.This paper introduces the system model of converging softwaredefined networking(SDN)and network functions virtualization(NFV)to enable device/resource abstractions and provide NFV-enabled edge FL(eFL)aggregation servers for advancing automation and controllability.Multi-agent deep Q-networks(MADQNs)target to enforce a self-learning softwarization,optimize resource allocation policies,and advocate computation offloading decisions.With gathered network conditions and resource states,the proposed agent aims to explore various actions for estimating expected longterm rewards in a particular state observation.In exploration phase,optimal actions for joint resource allocation and offloading decisions in different possible states are obtained by maximum Q-value selections.Action-based virtual network functions(VNF)forwarding graph(VNFFG)is orchestrated to map VNFs towards eFL aggregation server with sufficient communication and computation resources in NFV infrastructure(NFVI).The proposed scheme indicates deficient allocation actions,modifies the VNF backup instances,and reallocates the virtual resource for exploitation phase.Deep neural network(DNN)is used as a value function approximator,and epsilongreedy algorithm balances exploration and exploitation.The scheme primarily considers the criticalities of FL model services and congestion states to optimize long-term policy.Simulation results presented the outperformance of the proposed scheme over reference schemes in terms of Quality of Service(QoS)performance metrics,including packet drop ratio,packet drop counts,packet delivery ratio,delay,and throughput.

A Novel Method for Routing Optimization in Software-Defined Networks

Software-defined network(SDN)is a new form of network architecture that has programmability,ease of use,centralized control,and protocol independence.It has received high attention since its birth.With SDN network architecture,network management becomes more efficient,and programmable interfaces make network operations more flexible and can meet the different needs of various users.The mainstream communication protocol of SDN is OpenFlow,which contains aMatch Field in the flow table structure of the protocol,which matches the content of the packet header of the data received by the switch,and completes the corresponding actions according to the matching results,getting rid of the dependence on the protocol to avoid designing a new protocol.In order to effectively optimize the routing forSDN,this paper proposes a novel algorithm based on reinforcement learning.The proposed technique canmaximize numerous objectives to dynamically update the routing strategy,and it has great generality and is not reliant on any specific network state.The control of routing strategy is more complicated than many Q-learning-based algorithms due to the employment of reinforcement learning.The performance of the method is tested by experiments using the OMNe++simulator.The experimental results reveal that our PPO-based SDN routing control method has superior performance and stability than existing algorithms.

Artificial Intelligence Based Reliable Load Balancing Framework in Software-Defined Networks

Software-defined networking(SDN)plays a critical role in transforming networking from traditional to intelligent networking.The increasing demand for services from cloud users has increased the load on the network.An efficient system must handle various loads and increasing needs representing the relationships and dependence of businesses on automated measurement systems and guarantee the quality of service(QoS).Themultiple paths from source to destination give a scope to select an optimal path by maintaining an equilibrium of load using some best algorithms.Moreover,the requests need to be transferred to reliable network elements.To address SDN’s current and future challenges,there is a need to know how artificial intelligence(AI)optimization techniques can efficiently balance the load.This study aims to explore two artificial intelligence optimization techniques,namely Ant Colony Optimization(ACO)and Particle Swarm Optimization(PSO),used for load balancing in SDN.Further,we identified that a modification to the existing optimization technique could improve the performance by using a reliable link and node to form the path to reach the target node and improve load balancing.Finally,we propose a conceptual framework for SDN futurology by evaluating node and link reliability,which can balance the load efficiently and improve QoS in SDN.

Handover Mechanism Based on Underwater Hybrid Software-Defined Modem in Advanced Diver Networks

For the past few decades,the internet of underwater things(IoUT)otained a lot of attention in mobile aquatic applications such as oceanography,diver network monitoring,unmanned underwater exploration,underwater surveillance,location tracking system,etc.Most of the IoUT applications rely on acoustic medium.The current IoUT applications face difficulty in delivering a reliable communication system due to the various technical limitations of IoUT environment such as low data rate,attenuation,limited bandwidth,limited battery,limited memory,connectivity problem,etc.One of the significant applications of IoUT include monitoring underwater diver networks.In order to perform a reliable and energy-efficient communication system in the underwater diver networks,a smart underwater hybrid softwaredefined modem(UHSDM)for the mobile ad-hoc network was developed that is used for selecting the best channel/medium among acoustic,visible light communication(VLC),and infrared(IR)based on the criteria established within the system.However,due to the mobility of underwater divers,the developed UHSDMmeets the challenges such as connectivity errors,frequent link failure,transmission delay caused by re-routing,etc.During emergency,the divers are most at the risk of survival.To deal with diver mobility,connectivity,energy efficiency,and reducing the latency in ADN,a handover mechanism based on pre-built UHSDM is proposed in this paper.This paper focuses on(1)design of UHSDM for ADN(2)propose the channel selection mechanism in UHSDM for selecting the best medium for handover and(3)propose handover protocol inADN.The implementation result shows that the proposed mechanism can be used to find the new route for divers in advance and the latency can be reduced significantly.Additionally,this paper shows the real field experiment of air tests and underwater tests with various distances.This research will contribute much to the profit of researchers in underwater diver networks and underwater networks,for improving the quality of services(QoS)of underwater applications.

ADAFT:SDN大规模流表的适应性深度聚合存储架构

为解决软件定义网络(SDN)数据平面中的三态内容可寻址存储器(TCAM)资源紧张问题,提出了一种基于内容表项树的SDN流表深度聚合方法,进而构建一种SDN大规模流表的适应性深度聚合存储架构ADAFT。该架构放宽了聚合表项之间的汉明距离要求,构建内容表项树聚合动作集不同的流表项,显著提高了流表聚合程度。设计了一种TCAM装载率感知的内容表项树动态限高机制,以降低流表查找开销。同时,提出了一种TCAM装载率感知的表项聚合适应性选择策略,以均衡流表聚合程度和查找开销。实验结果表明,ADAFT架构的流表压缩率明显高于现有方法,最高可达65.74%。

基于人工智能的SDN网络中流量优化与拥塞控制方法

文章深入研究基于强化学习的流量优化与拥塞控制方法在软件定义网络(Software Defined Network,SDN)中的应用。首先,详细阐述SDN网络的架构与原理。SDN网络的灵活性和可编程性为网络管理提供了全新的范式。其次,提出了一种基于强化学习的流量优化与拥塞控制方法,通过建模状态、动作、奖励等要素,实现网络流量智能调整。最后,在Mininet仿真环境中进行了实验验证。通过监测吞吐量、延迟、拥塞情况等性能指标,验证所提方法的有效性。实验结果表明,在网络性能方面,所提方法相较于传统方法取得了显著改善,具备更好的适应性和优化能力。

智慧校园网络及安全的SDN架构选择分析

重点研究智慧校园网络与安全的软件定义网络(Software Defined Network,SDN)架构选择,分别讨论SDN架构应用的必要性、实现方法、网络与安全维护建议等内容。从智慧校园的集中部署、意图网络与智慧校园的融合、以零信任为核心构建网络安全架构3个维度出发,提出保护智慧校园网络安全的建议。旨在强调SDN架构对于智慧校园建设的运行安全维护作用,以期为今后智慧校园的深化建设提供技术支持。

Software defined intelligent satellite-terrestrial integrated networks:Insights and challenges

Satellite-Terrestrial integrated Networks(STNs)have been advocated by both academia and industry as a promising network paradigm to achieve service continuity and ubiquity.However,STNs suffer from problems including poor flexibility of network architecture,low adaptability to dynamic environments,the lack of network intelligence,and low resource utilization.To handle these challenges,a Software defined Intelligent STN(SISTN)architecture is introduced.Specifically,the hierarchical architecture of the proposal is described and a distributed deployment scheme for SISTNs controllers is proposed to realize agile and effective network management and control.Moreover,three use cases in SISTNs are discussed.Meanwhile,key techniques and their corresponding solutions are presented,followed by the identification of several open issues in SISTNs including compatibility with existing networks,the tradeoff between network flexibility and performance,and so on.

Extreme Networks:SDN加速云计算发展

随着云计算的快速发展，移动应用需求不断增加，网络数据和流量管理变得复杂，尤其是数据中心，需要更加灵活敏捷的、面向工作负载的端到端网络资源调度响应，传统的分布式网络架构已经无法面对这些挑战。而SDN（软件定义网络）允许网络工程师控制和管理自有的网络，以便最好地服务他们各自的需求，从而增加网络功能和降低运营网络的成本。