Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks

The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.

A Survey: Typical Security Issues of Software-Defined Networking

Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.

Open-Source Software Defined Networking Controllers:State-of-the-Art,Challenges and Solutions for Future Network Providers

Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.

Blockchain-Based Secure Distributed Control for Software Defined Optical Networking

Software defined optical networking(SDON)is a critical technology for the next generation network with the advantages of programmable control and etc.As one of the key issues of SDON,the security of control plane has also received extensive attention,especially in certain network scenarios with high security requirement.Due to the existence of vulnerabilities and heavy overhead,the existing firewalls and distributed control technologies cannot solve the control plane security problem well.In this paper,we propose a distributed control architecture for SDON using the blockchain technique(BlockCtrl).The proposed BlockCtrl model introduces the advantages of blockchain into SDON to achieve a high-efficiency fault tolerant control.We have evaluated the performance of our proposed architecture and compared it to the existing models with respect to various metrics including processing rate,recovery latency and etc.The numerical results show that the BlockCtrl is capable of attacks detection and fault tolerant control in SDON with high performance on resource utilization and service correlation.

A Methodology for Reliability of WSN Based on Software Defined Network in Adaptive Industrial Environment

As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.

Software defined satellite networks:A survey

In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.

EARS: Intelligence-Driven Experiential Network Architecture for Automatic Routing in Software-Defined Networking

Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).

DDoS Attack in Software Defined Networks: A Survey

Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

An MAC Layer Aware Pseudonym (MAP) Scheme for the Software Defined Internet of Vehicles

This paper proposes a cross-layer design to enhance the location privacy under a coordinated medium access control(MAC) protocol for the Internet of Vehicles(Io V). The channel and pseudonym resources are both essential for transmission efficiency and privacy preservation in the Io V. Nevertheless, the MAC protocol and pseudonym scheme are usually studied separately, in which a new MAC layer semantic linking attack could be carried out by analyzing the vehicles' transmission patterns even if they change pseudonyms simultaneously. This paper presents a hierarchical architecture named as the software defined Internet of Vehicles(SDIV). Facilitated by the architecture, a MAC layer aware pseudonym(MAP) scheme is proposed to resist the new attack. In the MAP, RSU clouds coordinate vehicles to change their transmission slots and pseudonyms simultaneously in the mix-zones by measuring the privacy level quantitatively. Security analysis and extensive simulations are conducted to show that the scheme provides reliable safety message broadcasting, improves the location privacy and network throughput in the Io V.

ForSA — A New Software Defined Network Architecture Based on ForCES

In recent years, SDN(Software Defined Network) as a new network architecture has become the hot research point. Meanwhile,the well-known Open Flow-based SDN got a lot of attention. But it can't provide a flexible and effective network resource description method.As an open programmable technology, For CES(Forwarding and Control Element Separation)has also been concerned. However, For CES is confined within a single network node and cannot be applied to the entire network. This paper proposes a new architecture — ForS A(ForC ESbased SDN architecture). The architecture is added a configuration layer based on the traditional SDN architecture, which solves the problem that the northbound interface is not clear between the application layer and the control layer in the SDN architecture. ForS A also implements the compatibility within various forwarding devices in the forwarding layer.

Opportunistic spectrum sharing in software defined wireless network

Over the past few decades, the world has witnessed a rapid growth in mobile and wireless networks（MWNs） which significantly change human life. However, proliferating mobile demands lead to several intractable challenges that MWN has to face. Software-defined network is expected as a promising way for future network and has captured growing attention. Network virtualization is an essential feature in software-defined wireless network（SDWN）, and it brings two new entities, physical networks and virtual networks. Accordingly, efficiently assigning spectrum resource to virtual networks is one of the fundamental problems in SDWN. Directly orienting towards the spectrum resource allocation problem, firstly, the fluctuation features of virtual network requirements in SDWN are researched, and the opportunistic spectrum sharing method is introduced to SDWN. Then, the problem is proved as NP-hardness. After that, a dynamic programming and graph theory based spectrum sharing algorithm is proposed.Simulations demonstrate that the opportunistic spectrum sharing method conspicuously improves the system performance up to around 20%–30% in SDWN, and the proposed algorithm achieves more efficient performance.

A Dynamic Approach to MIB Polling for Software Defined Monitoring

Technology trends such as Software-Defined Networking (SDN) are transforming networking services in terms of flexibility and faster deployment times. SDN separates the control plane from the data plane with its centralised architecture compared with the distributed approach used in other management systems. However, management systems are still required to adapt the new emerging SDN-like technologies to address various security and complex management issues. Simple Network Management Protocol (SNMP) is the most widespread management protocol implemented in a traditional Network Management System (NMS) but has some limitations with the development of SDN-like services. Hence, many studies have been undertaken to merge the SDN-like services with traditional network management systems. Results show that merging SDN with traditional NMS systems not only increases the average Management Information Base (MIB) polling time but also creates additional overheads on the network. Therefore, this paper proposes a dynamic scheme for MIB polling using an additional MIB controller agent within the SDN controller. Our results show that using the proposed scheme, the average polling time can be significantly reduced (i.e., faster polling of the MIB information) and also requires very low overhead because of the small sized OpenFlow messages used during polling.

ADAFT:SDN大规模流表的适应性深度聚合存储架构

为解决软件定义网络(SDN)数据平面中的三态内容可寻址存储器(TCAM)资源紧张问题,提出了一种基于内容表项树的SDN流表深度聚合方法,进而构建一种SDN大规模流表的适应性深度聚合存储架构ADAFT。该架构放宽了聚合表项之间的汉明距离要求,构建内容表项树聚合动作集不同的流表项,显著提高了流表聚合程度。设计了一种TCAM装载率感知的内容表项树动态限高机制,以降低流表查找开销。同时,提出了一种TCAM装载率感知的表项聚合适应性选择策略,以均衡流表聚合程度和查找开销。实验结果表明,ADAFT架构的流表压缩率明显高于现有方法,最高可达65.74%。

基于人工智能的SDN网络中流量优化与拥塞控制方法

文章深入研究基于强化学习的流量优化与拥塞控制方法在软件定义网络(Software Defined Network,SDN)中的应用。首先,详细阐述SDN网络的架构与原理。SDN网络的灵活性和可编程性为网络管理提供了全新的范式。其次,提出了一种基于强化学习的流量优化与拥塞控制方法,通过建模状态、动作、奖励等要素,实现网络流量智能调整。最后,在Mininet仿真环境中进行了实验验证。通过监测吞吐量、延迟、拥塞情况等性能指标,验证所提方法的有效性。实验结果表明,在网络性能方面,所提方法相较于传统方法取得了显著改善,具备更好的适应性和优化能力。

基于SDN的车联网多MEC动态负载均衡算法

车载自组织网络(VANET)承载的数据规模呈现爆炸性增长趋势。针对车联网中在线卸载场景下,多边缘服务器(MEC)负载不均衡导致车辆卸载成功率严重下降问题,提出一种基于软件定义网络(SDN)的车联网多MEC动态负载均衡算法DFPC。该算法结合排队论中先到先服务和有优先权的服务两种方式,SDN控制器通过一定的等待时延定时收集当前批任务,利用改进的K-means聚类算法快速对多维任务分类,优先入队紧急度相对高的任务;再利用SDN控制器定时收集的MEC上下文信息,实现卸载任务在多个MEC之间分配的动态反馈调节,解决了多MEC之间动态负载不均衡问题,充分利用MEC的计算资源,最终提升了整体车辆卸载成功率。为了验证DFPC算法在真实动态场景下的有效性,设计一种多MEC接入的在线卸载框架MOLF,通过低成本硬件部署模式完成在线卸载场景下负载均衡性能测试。实验结果表明,相比基准方案,DFPC算法平均卸载成功率提升了28%,平均负载方差降低了73%。

智慧校园网络及安全的SDN架构选择分析

重点研究智慧校园网络与安全的软件定义网络(Software Defined Network,SDN)架构选择,分别讨论SDN架构应用的必要性、实现方法、网络与安全维护建议等内容。从智慧校园的集中部署、意图网络与智慧校园的融合、以零信任为核心构建网络安全架构3个维度出发,提出保护智慧校园网络安全的建议。旨在强调SDN架构对于智慧校园建设的运行安全维护作用,以期为今后智慧校园的深化建设提供技术支持。

Novel architectures and security solutions of programmable software-defined networking:a comprehensive survey

Nowadays, cyberspace has become a vital part of social infrastructure. With the rapid development of the scale of networks, applications and services have become enriched, and the bearing function of the underlying network devices(such as switches and routers) has also been extended. To promote the dynamics architecture, high-level security, and high quality of service of the network, control network architecture forward separation is a development trend of the networking technology. Currently, software-defined networking(SDN) is one of the most popular and promising technologies. In SDN, high-level strategies are deployed by the proprietary equipment, which is used to guide the data forwarding of the network equipment. This can reduce many complicated functions of the network equipment and improve the flexibility and operability of the implementation and deployment of new network technologies and protocols. However, this novel networking technology faces novel challenges in term of architecture and security. The aim of this study is to offer a comprehensive review of the state-of-the-art research on novel advances of programmable SDN, and to highlight what has been investigated and what remains to be addressed, particularly, in terms of architecture and security.

Programmable Adaptive Security Scanning for Networked Microgrids

Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.

基于分布式SDN的机动通信系统拓扑发现方法

针对目前传统机动通信系统、主流软件定义网络(software defined network,SDN)的拓扑发现方法不适合基于分布式SDN的机动通信系统这一问题,遵循OpenFlow拓扑发现算法(OpenFlow discovery protocol,OFDP)移植传输控制协议/网际协议(transmission control protocol/Internet protocol,TCP/IP)相关协议到SDN网络的研究思路,对开放最短路径优先(open shortest path first,OSPF)协议进行优化,精简协议状态机、优化协议报文、增加协议功能并设计拓扑发现算法,提出一种适合基于分布式SDN的机动通信系统的拓扑发现方法,并搭建仿真实验平台进行验证。实验结果表明,优化后OSPF协议适应于分布式SDN网络,网络拓扑建链时间降低80%且重新收敛时间显著降低,建链开销平均每秒接收字节数、发送字节数分别下降了31.7%和21.5%,维持开销平均每秒收发字节数降低了45%,增加了收集信道种类等网络信息的新功能。

SDN边缘交换机发起的数据窃取攻击及检测方法研究

软件定义网络(Soft Defined Network,SDN)交换机作为数据转发与策略执行的设备,恶意攻击者通过侵蚀SDN交换机对网络进行隐秘而致命的攻击,严重影响用户的端到端通信质量。首先提出了一种边缘交换机被攻击者劫持后的数据窃取攻击过程,可以逃避网络范围内的异常检测,并证明了这种攻击的隐蔽性。为了抵御此种攻击,提出了一种流信息一致性检测方法,将主机信息纳入一致性检测中,并基于Ryu控制器在mininet平台上进行实验。实验结果表明,防御方法在抵御边缘交换机攻击的同时不会带来过多的负载增加。