Threshold-Based Software-Defined Networking(SDN)Solution for Healthcare Systems against Intrusion Attacks

The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.

Open-Source Software Defined Networking Controllers:State-of-the-Art,Challenges and Solutions for Future Network Providers

Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.

Software defined satellite networks:A survey

In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.

Security Monitoring and Management for the Network Services in the Orchestration of SDN-NFV Environment Using Machine Learning Techniques

Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.

Deployment Strategy for Multiple Controllers Based on the Aviation On-Board Software-Defined Data Link Network

In light of the escalating demand and intricacy of services in contemporary terrestrial,maritime,and aerial combat operations,there is a compelling need for enhanced service quality and efficiency in airborne cluster communication networks.Software-Defined Networking(SDN)proffers a viable solution for the multifaceted task of cooperative communication transmission and management across different operational domains within complex combat contexts,due to its intrinsic ability to flexibly allocate and centrally administer network resources.This study pivots around the optimization of SDN controller deployment within airborne data link clusters.A collaborative multi-controller architecture predicated on airborne data link clusters is thus proposed.Within this architectural framework,the controller deployment issue is reframed as a two-fold problem:subdomain partition-ing and central interaction node selection.We advocate a subdomain segmentation approach grounded in node value ranking(NDVR)and a central interaction node selection methodology predicated on an enhanced Artificial Fish Swarm Algorithm(AFSA).The advanced NDVR-AFSA(Node value ranking-Improved artificial fish swarm algorithm)algorithm makes use of a chaos algorithm for population initialization,boosting population diversity and circumventing premature algorithm convergence.By the integration of adaptive strategies and incorporation of the genetic algorithm’s crossover and mutation operations,the algorithm’s search range adaptability is enhanced,thereby increasing the possibility of obtaining globally optimal solutions,while concurrently augmenting cluster reliability.The simulation results verify the advantages of the NDVR-IAFSA algorithm,achieve a better load balancing effect,improve the reliability of aviation data link cluster,and significantly reduce the average propagation delay and disconnection rate,respectively,by 12.8%and 11.7%.This shows that the optimization scheme has important significance in practical application,and can meet the high requirements of modern sea,land,and air operations to aviation airborne communication networks.

基于SDN的数据中心网络流量负载均衡研究

目前数据中心网络(data center network,DCN)的负载均衡方法存在对大小流的调度缺乏全局实时检测等不足,部分大流会造成拥塞、负载不均衡和带宽碎片等问题.针对上述问题,提出了一种SDN网络流量负载均衡算法—DSA-D.首先,对流量进行分类,为大流计算所有源至目的主机可达路径的最短跳数路径集;然后,根据LLDP和ECHO测量链路时延以求得时延最优路径集;最后,采用概率拟合算法分配路径,实现数据中心网络流量负载均衡.在相同场景下的实验结果表明,与ECMP、Hedera和DIFF算法相比,DSA-D算法具有更好的吞吐量、链路带宽利用率和平均往返时延.

ADAFT:SDN大规模流表的适应性深度聚合存储架构

为解决软件定义网络(SDN)数据平面中的三态内容可寻址存储器(TCAM)资源紧张问题,提出了一种基于内容表项树的SDN流表深度聚合方法,进而构建一种SDN大规模流表的适应性深度聚合存储架构ADAFT。该架构放宽了聚合表项之间的汉明距离要求,构建内容表项树聚合动作集不同的流表项,显著提高了流表聚合程度。设计了一种TCAM装载率感知的内容表项树动态限高机制,以降低流表查找开销。同时,提出了一种TCAM装载率感知的表项聚合适应性选择策略,以均衡流表聚合程度和查找开销。实验结果表明,ADAFT架构的流表压缩率明显高于现有方法,最高可达65.74%。

基于改进深度强化学习的SDN智能路由

设计了一种基于图神经网络(GNN)和优先经验回放的改进DQN算法(R_DQN)。该算法采用消息传递网络框架进行图结构节点间的信息传播,能够更好地适应网络拓扑这种图结构信息;同时采用优先经验回放机制去学习更有价值的信息,提高样本学习效率,进行算法优化。实验结果表明:该R_DQN算法在网络拓扑和业务模型方面都具有较强的泛化能力,对于训练期间没有见过的网络场景依然有较好的表现,在最大化通信量性能上有较大提升。

基于SDN的卫星网络端到端QoS类映射研究

针对在多个卫星网络域环境下域间协作困难,以及如何在各个卫星网络域内选择合适的QoS类实现端到端QoS类映射的问题,基于软件定义卫星网络架构,首先,提出一种SDN卫星网络域间通信方案,以及面向多QoS类的端到端服务交付数据包处理方法。其次,提出一种基于多准则决策的控制模块。模块利用ELECTRE方法,在ELECTRE方法中通过综合权重法计算出各个卫星网络域内QoS指标相应的权重系数,并且利用ELECTRE方法对每个QoS类的净支配指数进行排序,从而为端到端路径的每个卫星网络域选择合适的QoS类。最后,与现有端到端QoS类映射方案进行比较,仿真结果表明,上述方法在多卫星网络域环境下保证端到端的时延、时延抖动、丢包率和代价。

基于人工智能的SDN网络中流量优化与拥塞控制方法

文章深入研究基于强化学习的流量优化与拥塞控制方法在软件定义网络(Software Defined Network,SDN)中的应用。首先,详细阐述SDN网络的架构与原理。SDN网络的灵活性和可编程性为网络管理提供了全新的范式。其次,提出了一种基于强化学习的流量优化与拥塞控制方法,通过建模状态、动作、奖励等要素,实现网络流量智能调整。最后,在Mininet仿真环境中进行了实验验证。通过监测吞吐量、延迟、拥塞情况等性能指标,验证所提方法的有效性。实验结果表明,在网络性能方面,所提方法相较于传统方法取得了显著改善,具备更好的适应性和优化能力。

智慧校园网络及安全的SDN架构选择分析

重点研究智慧校园网络与安全的软件定义网络(Software Defined Network,SDN)架构选择,分别讨论SDN架构应用的必要性、实现方法、网络与安全维护建议等内容。从智慧校园的集中部署、意图网络与智慧校园的融合、以零信任为核心构建网络安全架构3个维度出发,提出保护智慧校园网络安全的建议。旨在强调SDN架构对于智慧校园建设的运行安全维护作用,以期为今后智慧校园的深化建设提供技术支持。

基于SDN的配电网信息-物理协同恢复策略

随着智能电网的快速发展,配电网中信息物理耦合关系日益紧密。这种耦合性使得配电网更容易被多方面极端事件所影响,在通信网络发生故障时会降低系统的态势感知和控制能力,从而制约配电网的灾后负荷恢复能力,因此通信网络恢复对灾后配电网负荷恢复至关重要。该文提出一种通信网络恢复和负荷恢复的协同优化决策方案,该方案将环网通信网络与软件定义网络(software defined networking,SDN)技术相结合,灵活恢复灾后的配电网通信网络,进而控制配电网拓扑重构形成以分布式电源为中心的微电网以恢复负荷电力供应,并进一步使用一种信息物理协同的启发式计算方法实现恢复方案的快速计算。最后,使用IEEE 33节点和IEEE 123节点测试系统验证所提出方法的优点和有效性。

A Methodology for Reliability of WSN Based on Software Defined Network in Adaptive Industrial Environment

As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.

A Novel Load Balancing Strategy of Software-Defined Cloud/Fog Networking in the Internet of Vehicles

The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networking services,the IoV still suffers with high processing latency,less mobility support and location awareness.In this paper,we integrate fog computing and software defined networking(SDN) to address those problems.Fog computing extends computing and storing to the edge of the network,which could decrease latency remarkably in addition to enable mobility support and location awareness.Meanwhile,SDN provides flexible centralized control and global knowledge to the network.In order to apply the software defined cloud/fog networking(SDCFN) architecture in the IoV effectively,we propose a novel SDN-based modified constrained optimization particle swarm optimization(MPSO-CO) algorithm which uses the reverse of the flight of mutation particles and linear decrease inertia weight to enhance the performance of constrained optimization particle swarm optimization(PSO-CO).The simulation results indicate that the SDN-based MPSO-CO algorithm could effectively decrease the latency and improve the quality of service(QoS) in the SDCFN architecture.

Blockchain-Based Secure Distributed Control for Software Defined Optical Networking

Software defined optical networking(SDON)is a critical technology for the next generation network with the advantages of programmable control and etc.As one of the key issues of SDON,the security of control plane has also received extensive attention,especially in certain network scenarios with high security requirement.Due to the existence of vulnerabilities and heavy overhead,the existing firewalls and distributed control technologies cannot solve the control plane security problem well.In this paper,we propose a distributed control architecture for SDON using the blockchain technique(BlockCtrl).The proposed BlockCtrl model introduces the advantages of blockchain into SDON to achieve a high-efficiency fault tolerant control.We have evaluated the performance of our proposed architecture and compared it to the existing models with respect to various metrics including processing rate,recovery latency and etc.The numerical results show that the BlockCtrl is capable of attacks detection and fault tolerant control in SDON with high performance on resource utilization and service correlation.

A Dormant Multi-Controller Model for Software Defined Networking

In order to improve the scalability and reliability of Software Defined Networking(SDN),many studies use multiple controllers to constitute logically centralized control plane to provide load balancing and fail over.In this paper,we develop a flexible dormant multi-controller model based on the centralized multi-controller architecture.The dormant multi-controller model allows part of controllers to enter the dormant state under light traffic condition for saving system cost.Meanwhile,through queueing analysis,various performance measures of the system can be obtained.Moreover,we analyze the real traffic of China Education Network and use the results as the parameters of computer simulation and verify the effects of parameters on the system characteristics.Finally,a total expected cost function is established,and genetic algorithm is employed to find the optimal values of various parameters to minimize system cost for the deployment decision making.

The Impact of Delay in Software-Defined Integrated Terrestrial-Satellite Networks

Satellite communication networks have been evolving from standalone networks with ad-hoc infrastructures to possibly interconnected portions of a wider Future Internet architecture. Experts belonging to the fifth-generation(5 G) standardization committees are considering satellites as a technology to integrate in the 5 G environment. Software Defined Networking(SDN) is one of the paradigms of the next generation of mobile and fixed communications. It can be employed to perform different control functionalities, such as routing, because it allows traffic flow identification based on different parameters and traffic flow management in a centralized way. A centralized set of controllers makes the decisions and sends the corresponding forwarding rules for each traffic flow to the involved intermediate nodes that practically forward data up to the destination. The time to perform this process in integrated terrestrial-satellite networks could be not negligible due to satellite link delays. The aim of this paper is to introduce an SDN-based terrestrial satellite network architecture and to estimate the mean time to deliver the data of a new traffic flow from the source to the destination including the time required to transfer SDN control actions. The practical effect is to identify the maximum performance than can be expected.

基于SDN的物联网边缘节点间数据流零信任管理

针对物联网缺少对数据流传输链路中恶意交换节点检测与定位的有效手段,提出了一种基于软件定义网络(SDN)的物联网边缘节点间数据流零信任管理方法。该方法将SDN架构应用到边缘节点间数据流的传输过程,使用固定长度的报头开销对数据流、节点和路径进行零信任管理,实现轻量级的数据包转发验证和恶意交换节点定位功能。在转发路径中,交换节点对数据包进行安全验证并统计验证信息,保证数据流传输的安全性和路径的一致性。根据异常数据包类型,控制器采用二分法标记执行验证操作的交换节点,逐步缩小恶意交换节点的范围,实现对多类型恶意交换节点的定位。最后,对所提方法进行了仿真与评估。实验结果表明,所提方法引入小于10%的转发时延和低于8%的吞吐量损失。

面向战术通信的SDN南向接口轻量化方法

随着无人装备和智能技术在现代战争中的广泛应用,对战场通信网络的带宽、服务质量、实时性等方面的要求也越来越高。将软件定义网络的技术思想引入战术通信网络,能够给战术网络的运维管理、资源调度等方面的能力带来显著提升。但由于战术通信环境在带宽、时延、机动性等方面与民用通信环境存在较大差异,最初面向民用场景设计的软件定义网络无法直接应用到战术通信场景中,需要解决南向接口控制开销大等问题。因此,在标准OpenFlow规范的基础上,提出了从可靠UDP承载、消息聚合机制、南向交互模式优化等方面,对南向接口进行轻量化设计,有效降低南向接口控制开销,并通过仿真验证了所提方案的可行性,满足战术场景下的通信需求。

Data Analysis of Network Parameters for Secure Implementations of SDN-Based Firewall

Software-Defined Networking(SDN)is a new network technology that uses programming to complement the data plane with a control plane.To enable safe connection,however,numerous security challenges must be addressed.Flooding attacks have been one of the most prominent risks on the internet for decades,and they are now becoming challenging difficulties in SDN networks.To solve these challenges,we proposed a unique firewall application built on multiple levels of packet filtering to provide a flooding attack prevention system and a layer-based packet detection system.This study offers a systematic strategy for wrapping up the examination of SDN operations.The Mininet simulator examines the effectiveness of SDN-based firewalls at various network tiers.The fundamental network characteristics that specify how SDN should operate.The three main analytical measures of the network are jitter,response time,and throughput.During regular operations,their behavior evaluates in the standard SDN conditions of Transmission Control Protocol(TCP)flooding and User Datagram Protocol(UDP)flooding with no SDN occurrences.Low Orbit Ion Cannon(LOIC)is applied to launch attacks on the transmission by the allocated server.Wireshark and MATLAB are used for the behavioral study to determine how sensitive the parameters are used in the SDN network and monitor the fluctuations of those parameters for different simulated scenarios.