The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,t...Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.展开更多
Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet serv...Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet service providers have begun to deploy software defined network(SDN)technology,the Internet will be in a hybrid SDN network where traditional and SDN devices coexist for a long time.Therefore,this study aims to deploy the LFA scheme in hybrid SDN network architecture to handle all possible single network component failure scenarios.First,the deployment of LFA scheme in a hybrid SDN network is described as a 0-1 integer linear programming(ILP)problem.Then,two greedy algorithms,namely,greedy algorithm for LFA based on hybrid SDN(GALFAHSDN)and improved greedy algorithm for LFA based on hybrid SDN(IGALFAHSDN),are proposed to solve the proposed problem.Finally,both algorithms are tested in the simulation environment and the real platform.Experiment results show that GALFAHSDN and IGALFAHSDN can cope with all single network component failure scenarios when only a small number of nodes are upgraded to SDN nodes.The path stretch of the two algorithms is less than 1.36.展开更多
Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing...Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).展开更多
Large-scale and diverse businesses based on the cloud computing platform bring the heavy network traffic to cloud data centers.However,the unbalanced workload of cloud data center network easily leads to the network c...Large-scale and diverse businesses based on the cloud computing platform bring the heavy network traffic to cloud data centers.However,the unbalanced workload of cloud data center network easily leads to the network congestion,the low resource utilization rate,the long delay,the low reliability,and the low throughput.In order to improve the utilization efficiency and the quality of services(QoS)of cloud system,especially to solve the problem of network congestion,we propose MTSS,a multi-path traffic scheduling mechanism based on software defined networking(SDN).MTSS utilizes the data flow scheduling flexibility of SDN and the multi-path feature of the fat-tree structure to improve the traffic balance of the cloud data center network.A heuristic traffic balancing algorithm is presented for MTSS,which periodically monitors the network link and dynamically adjusts the traffic on the heavy link to achieve programmable data forwarding and load balancing.The experimental results show that MTSS outperforms equal-cost multi-path protocol(ECMP),by effectively reducing the packet loss rate and delay.In addition,MTSS improves the utilization efficiency,the reliability and the throughput rate of the cloud data center network.展开更多
Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced net...Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.展开更多
Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.A...Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.展开更多
In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by ...In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.展开更多
The rapid advancement of wireless communication is forming a hyper-connected 5G network in which billions of linked devices generate massive amounts of data.The traffic control and data forwarding functions are decoup...The rapid advancement of wireless communication is forming a hyper-connected 5G network in which billions of linked devices generate massive amounts of data.The traffic control and data forwarding functions are decoupled in software-defined networking(SDN)and allow the network to be programmable.Each switch in SDN keeps track of forwarding information in a flow table.The SDN switches must search the flow table for the flow rules that match the packets to handle the incoming packets.Due to the obvious vast quantity of data in data centres,the capacity of the flow table restricts the data plane’s forwarding capabilities.So,the SDN must handle traffic from across the whole network.The flow table depends on Ternary Content Addressable Memorable Memory(TCAM)for storing and a quick search of regulations;it is restricted in capacity owing to its elevated cost and energy consumption.Whenever the flow table is abused and overflowing,the usual regulations cannot be executed quickly.In this case,we consider lowrate flow table overflowing that causes collision flow rules to be installed and consumes excessive existing flow table capacity by delivering packets that don’t fit the flow table at a low rate.This study introduces machine learning techniques for detecting and categorizing low-rate collision flows table in SDN,using Feed ForwardNeuralNetwork(FFNN),K-Means,and Decision Tree(DT).We generate two network topologies,Fat Tree and Simple Tree Topologies,with the Mininet simulator and coupled to the OpenDayLight(ODL)controller.The efficiency and efficacy of the suggested algorithms are assessed using several assessment indicators such as success rate query,propagation delay,overall dropped packets,energy consumption,bandwidth usage,latency rate,and throughput.The findings showed that the suggested technique to tackle the flow table congestion problem minimizes the number of flows while retaining the statistical consistency of the 5G network.By putting the proposed flow method and checking whether a packet may move from point A to point B without breaking certain regulations,the evaluation tool examines every flow against a set of criteria.The FFNN with DT and K-means algorithms obtain accuracies of 96.29%and 97.51%,respectively,in the identification of collision flows,according to the experimental outcome when associated with existing methods from the literature.展开更多
Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. ...Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.展开更多
The fast technology development of 5G mobile broadband (5G), Internet of Things (IoT), Big Data Analytics (Big Data), Cloud Computing (Cloud) and Software Defined Networks (SDN) has made those technologies one after a...The fast technology development of 5G mobile broadband (5G), Internet of Things (IoT), Big Data Analytics (Big Data), Cloud Computing (Cloud) and Software Defined Networks (SDN) has made those technologies one after another and created strong interdependence among one another. For example, IoT applications that generate small data with large volume and fast velocity will need 5G with characteristics of high data rate and low latency to transmit such data faster and cheaper. On the other hand, those data also need Cloud to process and to store and furthermore, SDN to provide scalable network infrastructure to transport this large volume of data in an optimal way. This article explores the technical relationships among the development of IoT, Big Data, Cloud, and SDN in the coming 5G era and illustrates several ongoing programs and applications at National Chiao Tung University that are based on the converging of those technologies.展开更多
The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communi...The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communication protocols.This brings forth new methods and models to fuse the information yielded by the various industrial plant elements and generates emerging security challenges that we have to face,providing ad-hoc functions for scheduling and guaranteeing the network operations.Recently,the large development of SoftwareDefined Networking(SDN)and Artificial Intelligence(AI)technologies have made feasible the design and control of scalable and secure IIoT networks.This paper studies how AI and SDN technologies combined can be leveraged towards improving the security and functionality of these IIoT networks.After surveying the state-of-the-art research efforts in the subject,the paper introduces a candidate architecture for AI-enabled Software-Defined IIoT Network(AI-SDIN)that divides the traditional industrial networks into three functional layers.And with this aim in mind,key technologies(Blockchain-based Data Sharing,Intelligent Wireless Data Sensing,Edge Intelligence,Time-Sensitive Networks,Integrating SDN&TSN,Distributed AI)and improve applications based on AISDIN are also discussed.Further,the paper also highlights new opportunities and potential research challenges in control and automation of IIoT networks.展开更多
Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks...Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.展开更多
Software-defined networking (SDN) is a generic term and one of the major interests of the telecoms industry (and beyond) over the past two years. However, defining SDN is a somewhat controversial exercise. The cla...Software-defined networking (SDN) is a generic term and one of the major interests of the telecoms industry (and beyond) over the past two years. However, defining SDN is a somewhat controversial exercise. The claimed flexibility, as well as other presumed assets of SDN, should be carefully investigated. In particular, the use of SDN to dynamically provision network services suggests the introduction of a certain level of automation in the overall network service delivery process, from service parameter negotiation to delivery and operation. This paper aims to clarify the SDN landscape and focuses on two main aspects of the SDN framework: net- work abstraction, and dynamic parameter exposure and negotiation.展开更多
With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)sat...With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.展开更多
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
基金supported in part by the National Key R&D Program of China under Grant 2018YFA0701601in part by the National Natural Science Foundation of China(Grant No.62201605,62341110,U22A2002)in part by Tsinghua University-China Mobile Communications Group Co.,Ltd.Joint Institute。
文摘Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.
基金This work is supported by the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(No.QCXM201910)the National Natural Science Foundation of China(No.61702315,No.61802092)+2 种基金the Scientific Research Setup Fund of Hainan University(No.KYQD(ZR)1837)the Key R&D program(international science and technology cooperation project)of Shanxi Province China(No.201903D421003)Scientific and Technological Innovation Programs of Higher Education Institutions in Shanxi(No.201802013).
文摘Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet service providers have begun to deploy software defined network(SDN)technology,the Internet will be in a hybrid SDN network where traditional and SDN devices coexist for a long time.Therefore,this study aims to deploy the LFA scheme in hybrid SDN network architecture to handle all possible single network component failure scenarios.First,the deployment of LFA scheme in a hybrid SDN network is described as a 0-1 integer linear programming(ILP)problem.Then,two greedy algorithms,namely,greedy algorithm for LFA based on hybrid SDN(GALFAHSDN)and improved greedy algorithm for LFA based on hybrid SDN(IGALFAHSDN),are proposed to solve the proposed problem.Finally,both algorithms are tested in the simulation environment and the real platform.Experiment results show that GALFAHSDN and IGALFAHSDN can cope with all single network component failure scenarios when only a small number of nodes are upgraded to SDN nodes.The path stretch of the two algorithms is less than 1.36.
基金supported by the National Natural Science Foundation of China for Innovative Research Groups (61521003)the National Natural Science Foundation of China (61872382)+1 种基金the National Key Research and Development Program of China (2017YFB0803204)the Research and Development Program in Key Areas of Guangdong Province (No.2018B010113001)
文摘Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).
基金supported by the National Key Research and Development Program of China(2018YFB1003702)the National Natural Science Foundation of China(61472192)the Scientific and Technological Support Project(Society)of Jiangsu Province(BE2016776)
文摘Large-scale and diverse businesses based on the cloud computing platform bring the heavy network traffic to cloud data centers.However,the unbalanced workload of cloud data center network easily leads to the network congestion,the low resource utilization rate,the long delay,the low reliability,and the low throughput.In order to improve the utilization efficiency and the quality of services(QoS)of cloud system,especially to solve the problem of network congestion,we propose MTSS,a multi-path traffic scheduling mechanism based on software defined networking(SDN).MTSS utilizes the data flow scheduling flexibility of SDN and the multi-path feature of the fat-tree structure to improve the traffic balance of the cloud data center network.A heuristic traffic balancing algorithm is presented for MTSS,which periodically monitors the network link and dynamically adjusts the traffic on the heavy link to achieve programmable data forwarding and load balancing.The experimental results show that MTSS outperforms equal-cost multi-path protocol(ECMP),by effectively reducing the packet loss rate and delay.In addition,MTSS improves the utilization efficiency,the reliability and the throughput rate of the cloud data center network.
基金Supported by the National Basic Research Program of China(No.2012CB315803)the Around Five Top Priorities of One-Three-Five Strategic Planning,CNIC(No.CNIC PY 1401)Chinese Academy of Sciences,and the Knowledge Innovation Program of the Chinese Academy of Sciences(No.CNIC_QN_1508)
文摘Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.
文摘Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.
基金supported by the Key Laboratory of Universal Wireless Communications(Beijing University of Posts and Telecommunications)Ministry of Education,P.R.China(KFKT-2013104)+6 种基金the National Natural Science Foundation of China(61501105,61471109,61302071)the China Postdoctoral Science Foundation(2013M541243)the Doctoral Scientific Research Foundation of Liaoning Province(20141014)the Fundamental Research Funds for the Central Universities(N150404018,N130304001,N150401002,N150404015)the National 973 Advance Research Program(2014CB360509)the Postdoctoral Science Foundation of Northeast University(20140319)Ministry of Education-China Mobile Research Foundation(MCM20130131)
文摘In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.
基金Taif University Researchers supporting Project number(TURSP-2020/215),Taif University,Taif,Saudi Arabia.
文摘The rapid advancement of wireless communication is forming a hyper-connected 5G network in which billions of linked devices generate massive amounts of data.The traffic control and data forwarding functions are decoupled in software-defined networking(SDN)and allow the network to be programmable.Each switch in SDN keeps track of forwarding information in a flow table.The SDN switches must search the flow table for the flow rules that match the packets to handle the incoming packets.Due to the obvious vast quantity of data in data centres,the capacity of the flow table restricts the data plane’s forwarding capabilities.So,the SDN must handle traffic from across the whole network.The flow table depends on Ternary Content Addressable Memorable Memory(TCAM)for storing and a quick search of regulations;it is restricted in capacity owing to its elevated cost and energy consumption.Whenever the flow table is abused and overflowing,the usual regulations cannot be executed quickly.In this case,we consider lowrate flow table overflowing that causes collision flow rules to be installed and consumes excessive existing flow table capacity by delivering packets that don’t fit the flow table at a low rate.This study introduces machine learning techniques for detecting and categorizing low-rate collision flows table in SDN,using Feed ForwardNeuralNetwork(FFNN),K-Means,and Decision Tree(DT).We generate two network topologies,Fat Tree and Simple Tree Topologies,with the Mininet simulator and coupled to the OpenDayLight(ODL)controller.The efficiency and efficacy of the suggested algorithms are assessed using several assessment indicators such as success rate query,propagation delay,overall dropped packets,energy consumption,bandwidth usage,latency rate,and throughput.The findings showed that the suggested technique to tackle the flow table congestion problem minimizes the number of flows while retaining the statistical consistency of the 5G network.By putting the proposed flow method and checking whether a packet may move from point A to point B without breaking certain regulations,the evaluation tool examines every flow against a set of criteria.The FFNN with DT and K-means algorithms obtain accuracies of 96.29%and 97.51%,respectively,in the identification of collision flows,according to the experimental outcome when associated with existing methods from the literature.
基金supported in part by the grant from the National Natural Science Foundation of China (60973129)
文摘Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.
文摘The fast technology development of 5G mobile broadband (5G), Internet of Things (IoT), Big Data Analytics (Big Data), Cloud Computing (Cloud) and Software Defined Networks (SDN) has made those technologies one after another and created strong interdependence among one another. For example, IoT applications that generate small data with large volume and fast velocity will need 5G with characteristics of high data rate and low latency to transmit such data faster and cheaper. On the other hand, those data also need Cloud to process and to store and furthermore, SDN to provide scalable network infrastructure to transport this large volume of data in an optimal way. This article explores the technical relationships among the development of IoT, Big Data, Cloud, and SDN in the coming 5G era and illustrates several ongoing programs and applications at National Chiao Tung University that are based on the converging of those technologies.
基金This work was supported by the six talent peaks project in Jiangsu Province(No.XYDXX-012)Natural Science Foundation of China(No.62002045),China Postdoctoral Science Foundation(No.2021M690565)Fundamental Research Funds for the Cornell University(No.N2117002).
文摘The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communication protocols.This brings forth new methods and models to fuse the information yielded by the various industrial plant elements and generates emerging security challenges that we have to face,providing ad-hoc functions for scheduling and guaranteeing the network operations.Recently,the large development of SoftwareDefined Networking(SDN)and Artificial Intelligence(AI)technologies have made feasible the design and control of scalable and secure IIoT networks.This paper studies how AI and SDN technologies combined can be leveraged towards improving the security and functionality of these IIoT networks.After surveying the state-of-the-art research efforts in the subject,the paper introduces a candidate architecture for AI-enabled Software-Defined IIoT Network(AI-SDIN)that divides the traditional industrial networks into three functional layers.And with this aim in mind,key technologies(Blockchain-based Data Sharing,Intelligent Wireless Data Sensing,Edge Intelligence,Time-Sensitive Networks,Integrating SDN&TSN,Distributed AI)and improve applications based on AISDIN are also discussed.Further,the paper also highlights new opportunities and potential research challenges in control and automation of IIoT networks.
文摘Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.
文摘Software-defined networking (SDN) is a generic term and one of the major interests of the telecoms industry (and beyond) over the past two years. However, defining SDN is a somewhat controversial exercise. The claimed flexibility, as well as other presumed assets of SDN, should be carefully investigated. In particular, the use of SDN to dynamically provision network services suggests the introduction of a certain level of automation in the overall network service delivery process, from service parameter negotiation to delivery and operation. This paper aims to clarify the SDN landscape and focuses on two main aspects of the SDN framework: net- work abstraction, and dynamic parameter exposure and negotiation.
基金supported in part by the National Natural Science Foundation of China(NSFC)under grant numbers U22A2007 and 62171010the Open project of Satellite Internet Key Laboratory in 2022(Project 3:Research on Spaceborne Lightweight Core Network and Intelligent Collaboration)the Beijing Natural Science Foundation under grant number L212003.
文摘With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.
