The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks...Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.展开更多
Over-the-top services and cloud services have created great challenges for telecom operators. To better meet the requirements of cloud services, we propose a decoupled network architecture. Software-defined networkin...Over-the-top services and cloud services have created great challenges for telecom operators. To better meet the requirements of cloud services, we propose a decoupled network architecture. Software-defined networking/network function virtualization (SDN/ NFV) will be vital in the construction of cloud-oriented broadband infrastructure, especially within data centers and for intercon nection between data centers. We also propose introducing SDN/NFV in the broadband access network in order to realize a virtu- alized residential gateway (VRG). We discuss the deployment modes of VRG.展开更多
Software-Defined Network(SDN)empowers the evolution of Internet with the OpenFlow,Network Virtualization and Service Slicing strategies.With the fast increasing requirements of Mobile Internet services,the Internet an...Software-Defined Network(SDN)empowers the evolution of Internet with the OpenFlow,Network Virtualization and Service Slicing strategies.With the fast increasing requirements of Mobile Internet services,the Internet and Mobile Networks go to the convergence.Mobile Networks can also get benefits from the SDN evolution to fulfill the Sth Generation(5G) capacity booming.The article implements SDN into Frameless Network Architecture(FNA) for5G Mobile Network evolution with proposed Mobile-oriented OpenFlow Protocol(MOFP).The Control Plane/User Plane(CP/UP)separation and adaptation strategy is proposed to support the User-Centric scenario in FNA.The traditional Base Station is separated with Central Processing Entity(CPE) and Antenna Element(AE) to perform the OpenFlow and Network Virtualization.The AEs are released as new resources for serving users.The mobile-oriented Service Slicing with different Quality of Service(QoS) classification is proposed and Resource Pooling based Virtualized Radio Resource Management(VRRM) is optimized for the Service Slicing strategy with resource-limited feature in Mobile Networks.The capacity gains are provided to show the merits of SDN based FNA.And the MiniNet based Trial Network with Service Slicing is implemented with experimental results.展开更多
Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced net...Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.展开更多
The traffic explosion and the rising of diverse requirements lead to many challenges for traditional mobile network architecture on flexibility, scalability, and deployability. To meet new requirements in the 5 G era,...The traffic explosion and the rising of diverse requirements lead to many challenges for traditional mobile network architecture on flexibility, scalability, and deployability. To meet new requirements in the 5 G era, service based architecture is introduced into mobile networks. The monolithic network elements(e.g., MME, PGW, etc.) are split into smaller network functions to provide customized services. However, the management and deployment of network functions in service based 5 G core network are still big challenges. In this paper, we propose a novel management architecture for 5 G service based core network based on NFV and SDN. Combined with SDN, NFV and edge computing, the proposed framework can provide distributed and on-demand deployment of network functions, service guaranteed network slicing, flexible orchestration of network functions and optimal workload allocation. Simulations are conducted to show that the proposed framework and algorithm are effective in terms of reducing network operating cost.展开更多
With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages i...With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.展开更多
分布式拒绝服务攻击(distributed denial of service,DDoS)是网络安全领域的一大威胁.作为新型网络架构,软件定义网络(software defined networking,SDN)的逻辑集中和可编程性为抵御DDoS攻击提供了新的思路.本文设计并实现了一个轻量级...分布式拒绝服务攻击(distributed denial of service,DDoS)是网络安全领域的一大威胁.作为新型网络架构,软件定义网络(software defined networking,SDN)的逻辑集中和可编程性为抵御DDoS攻击提供了新的思路.本文设计并实现了一个轻量级的SDN环境下的DDoS攻击检测和缓解系统.该系统使用熵值检测方法,并通过动态阈值进行异常判断.若异常,系统将使用更精确的决策树模型进行检测.最后,控制器通过计算流的包对称率确定攻击源,并下发阻塞流表项.实验结果表明,该系统能够及时响应DDoS攻击,具有较高的检测成功率,并能够有效遏制攻击.展开更多
With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)sat...With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.展开更多
SDN(Software Defined Networking,软件定义网络)是一种新型的网络架构,是网络实现自动化部署灵活管理的一个重要方式。SDN技术将网络的数据平面和控制平面相分离,从而实现了网络流量的灵活控制。因此,基于SDN技术提出了一种基于SDN网...SDN(Software Defined Networking,软件定义网络)是一种新型的网络架构,是网络实现自动化部署灵活管理的一个重要方式。SDN技术将网络的数据平面和控制平面相分离,从而实现了网络流量的灵活控制。因此,基于SDN技术提出了一种基于SDN网络的安全设备路由模型,该模型结合改进的内嵌式安全设备最短路由算法和旁路式最短路由算法及神经网络最短路由算法,得到一种高效的安全设备路由策略,并且在此基础上构建了一个网络安全服务调度系统,能够在安全设备混合部署的复杂网络环境中,按用户需求提供个性化的安全服务;同时,通过计算较低网络成本的最短安全路径,提高了网络的路由效率和资源利用率。展开更多
当前,航空作战平台的发展已逐步由传统“机群”向智能“集群”过渡,因此,依托航空平台信息网络体系,实现用户信息需求与通信资源的有效匹配,成为航空集群通信交互的主要模式。基于航空信息网络在集群作战背景下的应用需求,介绍了航空集...当前,航空作战平台的发展已逐步由传统“机群”向智能“集群”过渡,因此,依托航空平台信息网络体系,实现用户信息需求与通信资源的有效匹配,成为航空集群通信交互的主要模式。基于航空信息网络在集群作战背景下的应用需求,介绍了航空集群及航空信息网络的研究进展,总结了现有航空信息网络在集群作战应用中存在的问题,阐述了软件定义网络(Software Defined Networking,SDN)技术为其带来的性能优势,并结合集群空战中通信服务调度实现场景分析了亟待解决的关键科学问题。展开更多
电力通信业务在可靠性的基础上,对网络的灵活性和敏捷性提出了更高的要求。传统电力通信网络适应性弱,已经无法满足新兴业务接入需求。从电力通信网络的现状及缺点入手,分析了软件定义网络(Software Defined Network,SDN)技术应用于电...电力通信业务在可靠性的基础上,对网络的灵活性和敏捷性提出了更高的要求。传统电力通信网络适应性弱,已经无法满足新兴业务接入需求。从电力通信网络的现状及缺点入手,分析了软件定义网络(Software Defined Network,SDN)技术应用于电力通信网的价值和优势,阐述了具体可行的SDN技术应用方案。引入SRv6技术,通过应用采集、分析、控制于一体的智能闭环运维架构,基于iMaster NCE管理平台实现业务快速部署、网络流量智能调度和预测、故障仿真等功能,保障承载业务安全、稳定、可视化运行,有效解决电力通信网存在的问题。展开更多
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
文摘Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.
文摘Over-the-top services and cloud services have created great challenges for telecom operators. To better meet the requirements of cloud services, we propose a decoupled network architecture. Software-defined networking/network function virtualization (SDN/ NFV) will be vital in the construction of cloud-oriented broadband infrastructure, especially within data centers and for intercon nection between data centers. We also propose introducing SDN/NFV in the broadband access network in order to realize a virtu- alized residential gateway (VRG). We discuss the deployment modes of VRG.
基金This material is supported by the National Natural Science Foundation of China under Grant No.61001116 and 61121001,Beijing Nova Programme No.Z131101000413030,the National Major Project No.2013ZX03003002 and Program for Changjiang Scholars and Innovative Research Team in University No.IRT1049
文摘Software-Defined Network(SDN)empowers the evolution of Internet with the OpenFlow,Network Virtualization and Service Slicing strategies.With the fast increasing requirements of Mobile Internet services,the Internet and Mobile Networks go to the convergence.Mobile Networks can also get benefits from the SDN evolution to fulfill the Sth Generation(5G) capacity booming.The article implements SDN into Frameless Network Architecture(FNA) for5G Mobile Network evolution with proposed Mobile-oriented OpenFlow Protocol(MOFP).The Control Plane/User Plane(CP/UP)separation and adaptation strategy is proposed to support the User-Centric scenario in FNA.The traditional Base Station is separated with Central Processing Entity(CPE) and Antenna Element(AE) to perform the OpenFlow and Network Virtualization.The AEs are released as new resources for serving users.The mobile-oriented Service Slicing with different Quality of Service(QoS) classification is proposed and Resource Pooling based Virtualized Radio Resource Management(VRRM) is optimized for the Service Slicing strategy with resource-limited feature in Mobile Networks.The capacity gains are provided to show the merits of SDN based FNA.And the MiniNet based Trial Network with Service Slicing is implemented with experimental results.
基金Supported by the National Basic Research Program of China(No.2012CB315803)the Around Five Top Priorities of One-Three-Five Strategic Planning,CNIC(No.CNIC PY 1401)Chinese Academy of Sciences,and the Knowledge Innovation Program of the Chinese Academy of Sciences(No.CNIC_QN_1508)
文摘Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.
基金supported by China Ministry of Education-CMCC Research Fund Project No.MCM20160104National Science and Technology Major Project No.No.2018ZX03001016+1 种基金Beijing Municipal Science and technology Commission Research Fund Project No.Z171100005217001Fundamental Research Funds for Central Universities NO.2018RC06
文摘The traffic explosion and the rising of diverse requirements lead to many challenges for traditional mobile network architecture on flexibility, scalability, and deployability. To meet new requirements in the 5 G era, service based architecture is introduced into mobile networks. The monolithic network elements(e.g., MME, PGW, etc.) are split into smaller network functions to provide customized services. However, the management and deployment of network functions in service based 5 G core network are still big challenges. In this paper, we propose a novel management architecture for 5 G service based core network based on NFV and SDN. Combined with SDN, NFV and edge computing, the proposed framework can provide distributed and on-demand deployment of network functions, service guaranteed network slicing, flexible orchestration of network functions and optimal workload allocation. Simulations are conducted to show that the proposed framework and algorithm are effective in terms of reducing network operating cost.
文摘With the development and revolution of network in recent years,the scale and complexity of network have become big issues.Traditional hardware based network security solution has shown some significant disadvantages in cloud computing based Internet data centers(IDC),such as high cost and lack of flexibility.With the implementation of software defined networking(SDN),network security solution could be more flexible and efficient,such as SDN based firewall service and SDN based DDoS-attack mitigation service.Moreover,combined with cloud computing and SDN technology,network security services could be lighter-weighted,more flexible,and on-demanded.This paper analyzes some typical SDN based network security services,and provide a research on SDN based cloud security service(network security service pool)and its implementation in IDCs.
文摘分布式拒绝服务攻击(distributed denial of service,DDoS)是网络安全领域的一大威胁.作为新型网络架构,软件定义网络(software defined networking,SDN)的逻辑集中和可编程性为抵御DDoS攻击提供了新的思路.本文设计并实现了一个轻量级的SDN环境下的DDoS攻击检测和缓解系统.该系统使用熵值检测方法,并通过动态阈值进行异常判断.若异常,系统将使用更精确的决策树模型进行检测.最后,控制器通过计算流的包对称率确定攻击源,并下发阻塞流表项.实验结果表明,该系统能够及时响应DDoS攻击,具有较高的检测成功率,并能够有效遏制攻击.
基金supported in part by the National Natural Science Foundation of China(NSFC)under grant numbers U22A2007 and 62171010the Open project of Satellite Internet Key Laboratory in 2022(Project 3:Research on Spaceborne Lightweight Core Network and Intelligent Collaboration)the Beijing Natural Science Foundation under grant number L212003.
文摘With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.
文摘SDN(Software Defined Networking,软件定义网络)是一种新型的网络架构,是网络实现自动化部署灵活管理的一个重要方式。SDN技术将网络的数据平面和控制平面相分离,从而实现了网络流量的灵活控制。因此,基于SDN技术提出了一种基于SDN网络的安全设备路由模型,该模型结合改进的内嵌式安全设备最短路由算法和旁路式最短路由算法及神经网络最短路由算法,得到一种高效的安全设备路由策略,并且在此基础上构建了一个网络安全服务调度系统,能够在安全设备混合部署的复杂网络环境中,按用户需求提供个性化的安全服务;同时,通过计算较低网络成本的最短安全路径,提高了网络的路由效率和资源利用率。
文摘当前,航空作战平台的发展已逐步由传统“机群”向智能“集群”过渡,因此,依托航空平台信息网络体系,实现用户信息需求与通信资源的有效匹配,成为航空集群通信交互的主要模式。基于航空信息网络在集群作战背景下的应用需求,介绍了航空集群及航空信息网络的研究进展,总结了现有航空信息网络在集群作战应用中存在的问题,阐述了软件定义网络(Software Defined Networking,SDN)技术为其带来的性能优势,并结合集群空战中通信服务调度实现场景分析了亟待解决的关键科学问题。
文摘电力通信业务在可靠性的基础上,对网络的灵活性和敏捷性提出了更高的要求。传统电力通信网络适应性弱,已经无法满足新兴业务接入需求。从电力通信网络的现状及缺点入手,分析了软件定义网络(Software Defined Network,SDN)技术应用于电力通信网的价值和优势,阐述了具体可行的SDN技术应用方案。引入SRv6技术,通过应用采集、分析、控制于一体的智能闭环运维架构,基于iMaster NCE管理平台实现业务快速部署、网络流量智能调度和预测、故障仿真等功能,保障承载业务安全、稳定、可视化运行,有效解决电力通信网存在的问题。