Software-Defined Networking(SDN)is a new network technology that uses programming to complement the data plane with a control plane.To enable safe connection,however,numerous security challenges must be addressed.Floo...Software-Defined Networking(SDN)is a new network technology that uses programming to complement the data plane with a control plane.To enable safe connection,however,numerous security challenges must be addressed.Flooding attacks have been one of the most prominent risks on the internet for decades,and they are now becoming challenging difficulties in SDN networks.To solve these challenges,we proposed a unique firewall application built on multiple levels of packet filtering to provide a flooding attack prevention system and a layer-based packet detection system.This study offers a systematic strategy for wrapping up the examination of SDN operations.The Mininet simulator examines the effectiveness of SDN-based firewalls at various network tiers.The fundamental network characteristics that specify how SDN should operate.The three main analytical measures of the network are jitter,response time,and throughput.During regular operations,their behavior evaluates in the standard SDN conditions of Transmission Control Protocol(TCP)flooding and User Datagram Protocol(UDP)flooding with no SDN occurrences.Low Orbit Ion Cannon(LOIC)is applied to launch attacks on the transmission by the allocated server.Wireshark and MATLAB are used for the behavioral study to determine how sensitive the parameters are used in the SDN network and monitor the fluctuations of those parameters for different simulated scenarios.展开更多
The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash...The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are low, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases. Moreover, the interactions between IDS & vulnerability scan and firewall & IDS are discussed in detail.展开更多
Based on a ripped-up and rerouted methodology,a multilayer area detailed router is presented by using simulated evolution technique.A modified maze algorithm is also performed for the single net.
A Single-Buffered (SB) router is a router where only one stage of shared buffering is sandwiched between two interconnects in comparison of a Combined Input and Output Queued (CIOQ) router where a central switch f...A Single-Buffered (SB) router is a router where only one stage of shared buffering is sandwiched between two interconnects in comparison of a Combined Input and Output Queued (CIOQ) router where a central switch fabric is sandwiched between two stages of buffering. The notion of SB routers was firstly proposed by the High-Performance Networking Group (HPNG) of Stanford University, along with two promising designs of SB routers: one of which was Parallel Shared Memory (PSM) router and the other was Distributed Shared Memory (DSM) router. Admittedly, the work of HPNG deserved full credit, but all results presented by them appeared to relay on a Centralized Memory Management Algorithm (CMMA) which was essentially impractical because of the high processing and communication complexity. This paper attempts to make a scalable high-speed SB router completely practical by introducing a fully distributed architecture for managing the shared memory of SB routers. The resulting SB router is called as a Virtual Output and Input Queued (VOIQ) router. Furthermore, the scheme of VOIQ routers can not only eliminate the need for the CMMA scheduler, thus allowing a fully distributed implementation with low processing and commu- nication complexity, but also provide QoS guarantees and efficiently support variable-length packets in this paper. In particular, the results of performance testing and the hardware implementation of our VOIQ-based router (NDSC~ SR1880-TTM series) are illustrated at the end of this paper. The proposal of this paper is the first distributed scheme of how to design and implement SB routers publicized till now.展开更多
基金supported in part by the Research Committee of Hamdard University Karachi Pakistan(www.hamdard.edu.pk)the Office of Research Innovation&Commercialization(ORIC)of Dawood University of Engineering&Technology Karachi Pakistan(www.duet.edu.pk).
文摘Software-Defined Networking(SDN)is a new network technology that uses programming to complement the data plane with a control plane.To enable safe connection,however,numerous security challenges must be addressed.Flooding attacks have been one of the most prominent risks on the internet for decades,and they are now becoming challenging difficulties in SDN networks.To solve these challenges,we proposed a unique firewall application built on multiple levels of packet filtering to provide a flooding attack prevention system and a layer-based packet detection system.This study offers a systematic strategy for wrapping up the examination of SDN operations.The Mininet simulator examines the effectiveness of SDN-based firewalls at various network tiers.The fundamental network characteristics that specify how SDN should operate.The three main analytical measures of the network are jitter,response time,and throughput.During regular operations,their behavior evaluates in the standard SDN conditions of Transmission Control Protocol(TCP)flooding and User Datagram Protocol(UDP)flooding with no SDN occurrences.Low Orbit Ion Cannon(LOIC)is applied to launch attacks on the transmission by the allocated server.Wireshark and MATLAB are used for the behavioral study to determine how sensitive the parameters are used in the SDN network and monitor the fluctuations of those parameters for different simulated scenarios.
基金The National Natural Science Foundation of China(No.71071033)the Innovation Project of Jiangsu Postgraduate Education(No.CX10B_058Z)
文摘The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are low, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases. Moreover, the interactions between IDS & vulnerability scan and firewall & IDS are discussed in detail.
文摘Based on a ripped-up and rerouted methodology,a multilayer area detailed router is presented by using simulated evolution technique.A modified maze algorithm is also performed for the single net.
基金the National High-Tech Research and De-velopment Program of China (863 Program) (2003AA103510, 2004AA103130, 2005AA121210).
文摘A Single-Buffered (SB) router is a router where only one stage of shared buffering is sandwiched between two interconnects in comparison of a Combined Input and Output Queued (CIOQ) router where a central switch fabric is sandwiched between two stages of buffering. The notion of SB routers was firstly proposed by the High-Performance Networking Group (HPNG) of Stanford University, along with two promising designs of SB routers: one of which was Parallel Shared Memory (PSM) router and the other was Distributed Shared Memory (DSM) router. Admittedly, the work of HPNG deserved full credit, but all results presented by them appeared to relay on a Centralized Memory Management Algorithm (CMMA) which was essentially impractical because of the high processing and communication complexity. This paper attempts to make a scalable high-speed SB router completely practical by introducing a fully distributed architecture for managing the shared memory of SB routers. The resulting SB router is called as a Virtual Output and Input Queued (VOIQ) router. Furthermore, the scheme of VOIQ routers can not only eliminate the need for the CMMA scheduler, thus allowing a fully distributed implementation with low processing and commu- nication complexity, but also provide QoS guarantees and efficiently support variable-length packets in this paper. In particular, the results of performance testing and the hardware implementation of our VOIQ-based router (NDSC~ SR1880-TTM series) are illustrated at the end of this paper. The proposal of this paper is the first distributed scheme of how to design and implement SB routers publicized till now.
