Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing...Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).展开更多
Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. ...Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. It has found center, and enterprise networks. applications in mobile, data The SDN architecture has a centralized, programmable control plane that is separate from the data plane. SDN also provides the ability to control and manage virtualized resources and networks without requiring new hardware technologies. This is a major shift in networking technologies.展开更多
Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,t...Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,the network topology of each control domain of SDN will affect the performance of the multidomain network,so performance evaluation is required before the deployment of the multi-domain SDN.Besides,there is a high cost to build real multi-domain SDN networks with different topologies,so it is necessary to use simulation testing methods to evaluate the topological performance of the multi-domain SDN network.As there is a lack of existing methods to construct a multi-domain SDN simulation network for the tool to evaluate the topological performance automatically,this paper proposes an automated multi-domain SDN topology performance evaluation framework,which supports multiple types of SDN network topologies in cooperating to construct a multi-domain SDN network.The framework integrates existing single-domain SDN simulation tools with network performance testing tools to realize automated performance evaluation of multidomain SDN network topologies.We designed and implemented a Mininet-based simulation tool that can connect multiple controllers and run user-specified topologies in multiple SDN control domains to build and test multi-domain SDN networks faster.Then,we used the tool to perform performance tests on various data center network topologies in single-domain and multi-domain SDN simulation environments.Test results show that Space Shuffle has the most stable performance in a single-domain environment,and Fat-tree has the best performance in a multi-domain environment.Also,this tool has the characteristics of simplicity and stability,which can meet the needs of multi-domain SDN topology performance evaluation.展开更多
New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
Based on the analysis of data centre(DC) traffic pattern, we introduced a holistic software-defined optical DC solution. Architecture-on-Demand based hybrid optical switched(OPS/OCS) data centre network(DCN) fabric is...Based on the analysis of data centre(DC) traffic pattern, we introduced a holistic software-defined optical DC solution. Architecture-on-Demand based hybrid optical switched(OPS/OCS) data centre network(DCN) fabric is introduced, which is able to realise different inter-and intra-cluster configurations and dynamically support diverse traffic in the DC. The optical DCN is controlled and managed by a software-defined networking(SDN) enabled control plane to achieve high programmability. Moreover, virtual data centre(VDC) composition is developed as an application of such softwaredefined optical DC to create VDC slices for different tenants.展开更多
With the rapid growth of mobile data traffic and vast traffic offloaded from cellular network, Wi-Fi has been considered as an essential component to cope with the tremendous growth of mobile data traffic. Although op...With the rapid growth of mobile data traffic and vast traffic offloaded from cellular network, Wi-Fi has been considered as an essential component to cope with the tremendous growth of mobile data traffic. Although operators have deployed a lot of carrier grade Wi-Fi networks, but there are still a multitude of arrears for nowadays Wi-Fi networks, such as supporting seamless handover between APs, automatic network access and unified authentication, etc. In this paper, we propose an SDN based carrier grade Wi-Fi network framework, namely SWN. The key conceptual contribution of SWN is a principled refactoring of Wi-Fi networks into control and data planes. The control plane has a centralized global view of the whole network, can perceive the underlying network state by network situation awareness(NAS) technique, and bundles the perceived information and network management operations into northbound Application Programming Interface(API) for upper applications. In the data plane, we construct software access point(SAP) to abstract the connection between user equipment(UE) and access point(AP). Network operators can design network applications by utilizing these APIs and the SAP abstraction to configure and manage the whole network, which makes carrier grade Wi-Fi networks more flexible, user-friendly, and scalable.展开更多
The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communi...The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communication protocols.This brings forth new methods and models to fuse the information yielded by the various industrial plant elements and generates emerging security challenges that we have to face,providing ad-hoc functions for scheduling and guaranteeing the network operations.Recently,the large development of SoftwareDefined Networking(SDN)and Artificial Intelligence(AI)technologies have made feasible the design and control of scalable and secure IIoT networks.This paper studies how AI and SDN technologies combined can be leveraged towards improving the security and functionality of these IIoT networks.After surveying the state-of-the-art research efforts in the subject,the paper introduces a candidate architecture for AI-enabled Software-Defined IIoT Network(AI-SDIN)that divides the traditional industrial networks into three functional layers.And with this aim in mind,key technologies(Blockchain-based Data Sharing,Intelligent Wireless Data Sensing,Edge Intelligence,Time-Sensitive Networks,Integrating SDN&TSN,Distributed AI)and improve applications based on AISDIN are also discussed.Further,the paper also highlights new opportunities and potential research challenges in control and automation of IIoT networks.展开更多
Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks...Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.展开更多
针对当前无线网络中一些节点超载而另外一些节点处于轻载的问题,引入了SDN(software defined networking,软件定义网络).并根据物理学中连通器水压的原理提出了一种改进后的动态负载感知扩散算法,该算法很好地利用了节点所处负载环境这...针对当前无线网络中一些节点超载而另外一些节点处于轻载的问题,引入了SDN(software defined networking,软件定义网络).并根据物理学中连通器水压的原理提出了一种改进后的动态负载感知扩散算法,该算法很好地利用了节点所处负载环境这个信息,在负载迁移过程中进行了有效地收敛.通过Linux下的mininet-wifi平台搭建了系统模型,对其进行了仿真实验分析.仿真试验结果证明该扩散算法有效地减小了往返时延,提高了网络吞吐量,降低了能耗,解决了网络拥塞问题.展开更多
Nowadays, cyberspace has become a vital part of social infrastructure. With the rapid development of the scale of networks, applications and services have become enriched, and the bearing function of the underlying ne...Nowadays, cyberspace has become a vital part of social infrastructure. With the rapid development of the scale of networks, applications and services have become enriched, and the bearing function of the underlying network devices(such as switches and routers) has also been extended. To promote the dynamics architecture, high-level security, and high quality of service of the network, control network architecture forward separation is a development trend of the networking technology. Currently, software-defined networking(SDN) is one of the most popular and promising technologies. In SDN, high-level strategies are deployed by the proprietary equipment, which is used to guide the data forwarding of the network equipment. This can reduce many complicated functions of the network equipment and improve the flexibility and operability of the implementation and deployment of new network technologies and protocols. However, this novel networking technology faces novel challenges in term of architecture and security. The aim of this study is to offer a comprehensive review of the state-of-the-art research on novel advances of programmable SDN, and to highlight what has been investigated and what remains to be addressed, particularly, in terms of architecture and security.展开更多
In software-defined networking(SDN),controllers are sinks of information such as network topology collected from switches.Organizations often like to protect their internal network topology and keep their network poli...In software-defined networking(SDN),controllers are sinks of information such as network topology collected from switches.Organizations often like to protect their internal network topology and keep their network policies private.We borrow techniques from secure multi-party computation(SMC)to preserve the privacy of policies of SDN controllers about status of routers.On the other hand,the number of controllers is one of the most important concerns in scalability of SMC application in SDNs.To address this issue,we formulate an optimization problem to minimize the number of SDN controllers while considering their reliability in SMC operations.We use Non-Dominated Sorting Genetic Algorithm II(NSGA-II)to determine the optimal number of controllers,and simulate SMC for typical SDNs with this number of controllers.Simulation results show that applying the SMC technique to preserve the privacy of organization policies causes only a little delay in SDNs,which is completely justifiable by the privacy obtained.展开更多
Software-defined networking is one of the progressive and prominent innovations in Information and Communications Technology.It mitigates the issues that our conventional network was experiencing.However,traffic data ...Software-defined networking is one of the progressive and prominent innovations in Information and Communications Technology.It mitigates the issues that our conventional network was experiencing.However,traffic data generated by various applications is increasing day by day.In addition,as an organization’s digital transformation is accelerated,the amount of information to be processed inside the organization has increased explosively.It might be possible that a Software-Defined Network becomes a bottleneck and unavailable.Various models have been proposed in the literature to balance the load.However,most of the works consider only limited parameters and do not consider controller and transmission media loads.These loads also contribute to decreasing the performance of Software-Defined Networks.This work illustrates how a software-defined network can tackle the load at its software layer and give excellent results to distribute the load.We proposed a deep learning-dependent convolutional neural networkbased load balancing technique to handle a software-defined network load.The simulation results show that the proposed model requires fewer resources as compared to existing machine learning-based load balancing techniques.展开更多
The rapid advancement of wireless communication is forming a hyper-connected 5G network in which billions of linked devices generate massive amounts of data.The traffic control and data forwarding functions are decoup...The rapid advancement of wireless communication is forming a hyper-connected 5G network in which billions of linked devices generate massive amounts of data.The traffic control and data forwarding functions are decoupled in software-defined networking(SDN)and allow the network to be programmable.Each switch in SDN keeps track of forwarding information in a flow table.The SDN switches must search the flow table for the flow rules that match the packets to handle the incoming packets.Due to the obvious vast quantity of data in data centres,the capacity of the flow table restricts the data plane’s forwarding capabilities.So,the SDN must handle traffic from across the whole network.The flow table depends on Ternary Content Addressable Memorable Memory(TCAM)for storing and a quick search of regulations;it is restricted in capacity owing to its elevated cost and energy consumption.Whenever the flow table is abused and overflowing,the usual regulations cannot be executed quickly.In this case,we consider lowrate flow table overflowing that causes collision flow rules to be installed and consumes excessive existing flow table capacity by delivering packets that don’t fit the flow table at a low rate.This study introduces machine learning techniques for detecting and categorizing low-rate collision flows table in SDN,using Feed ForwardNeuralNetwork(FFNN),K-Means,and Decision Tree(DT).We generate two network topologies,Fat Tree and Simple Tree Topologies,with the Mininet simulator and coupled to the OpenDayLight(ODL)controller.The efficiency and efficacy of the suggested algorithms are assessed using several assessment indicators such as success rate query,propagation delay,overall dropped packets,energy consumption,bandwidth usage,latency rate,and throughput.The findings showed that the suggested technique to tackle the flow table congestion problem minimizes the number of flows while retaining the statistical consistency of the 5G network.By putting the proposed flow method and checking whether a packet may move from point A to point B without breaking certain regulations,the evaluation tool examines every flow against a set of criteria.The FFNN with DT and K-means algorithms obtain accuracies of 96.29%and 97.51%,respectively,in the identification of collision flows,according to the experimental outcome when associated with existing methods from the literature.展开更多
Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,t...Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose Route Guardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, Route Guardian supports dynamic routing reconfiguration according to the latest network status. We prototyped Route Guardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.展开更多
To provide ubiquitous Internet access under the explosive increase of applications and data traffic,the current network architecture has become highly heterogeneous and complex,making network management a challenging ...To provide ubiquitous Internet access under the explosive increase of applications and data traffic,the current network architecture has become highly heterogeneous and complex,making network management a challenging task.To this end,software-defined networking(SDN) has been proposed as a promising solution.In the SDN architecture,the control plane and the data plane are decoupled,and the network infrastructures are abstracted and managed by a centralized controller.With SDN,efficient and flexible network control can be achieved,which potentially enhances network performance.To harvest the benefits of SDN in wireless networks,the software-defined wireless network(SDWN) architecture has been recently considered.In this paper,we first analyze the applications of SDN to different types of wireless networks.We then discuss several important technical aspects of performance enhancement in SDN-based wireless networks.Finally,we present possible future research directions of SDWN.展开更多
Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by fl...Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by flooded flow requests.In addition,due to the complicated interactions between applications and controllers,the flow setup latency is relatively large.To address the above security and performance issues of current SDN controllers,we propose distributed rule store(DRS),a new multi-controller architecture for SDNs.In DRS,the controller caches the flow rules calculated by applications,and distributes these rules to multiple controller instances.Each controller instance holds only a subset of all rules,and periodically checks the consistency of flow rules with each other.Requests from switches are distributed among multiple controllers,in order to mitigate controller capacity saturation attack.At the same time,when rules at one controller are maliciously modified,they can be detected and recovered in time.We implement DRS based on Floodlight and evaluate it with extensive emulation.The results show that DRS can effectively maintain a consistently distributed rule store,and at the same time can achieve a shorter flow setup time and a higher processing throughput,compared with ONOS and Floodlight.展开更多
Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane satur...Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane saturation attacks. The existing methods, using centralized mitigation policies and ignoring the buffered attack flows, involve extra network entities and make benign traffic suffer from long network recovery delays. For these purposes, we propose LFSDM, a saturation attack detection and mitigation system, which solves these challenges by leveraging three new techniques: 1) using linear discriminant analysis (LDA) and extracting a novel feature called control channel occupation rate (CCOR) to detect the attacks, 2) adopting the distributed mitigation agents to reduce the number of involved network entities and, 3) cleaning up the buffered attack flows to enable fast recovery. Experiments show that our system can detect the attacks timely and accurately. More importantly, compared with the previous work, we save 81% of the network recovery delay under attacks ranging from 1,000 to 4,000 packets per second (PPS) on average, and 87% of the network recovery delay under higher attack rates with PPS ranging from 5,000 to 30,000.展开更多
Over the past few decades, the world has witnessed a rapid growth in mobile and wireless networks(MWNs) which significantly change human life. However, proliferating mobile demands lead to several intractable challe...Over the past few decades, the world has witnessed a rapid growth in mobile and wireless networks(MWNs) which significantly change human life. However, proliferating mobile demands lead to several intractable challenges that MWN has to face. Software-defined network is expected as a promising way for future network and has captured growing attention. Network virtualization is an essential feature in software-defined wireless network(SDWN), and it brings two new entities, physical networks and virtual networks. Accordingly, efficiently assigning spectrum resource to virtual networks is one of the fundamental problems in SDWN. Directly orienting towards the spectrum resource allocation problem, firstly, the fluctuation features of virtual network requirements in SDWN are researched, and the opportunistic spectrum sharing method is introduced to SDWN. Then, the problem is proved as NP-hardness. After that, a dynamic programming and graph theory based spectrum sharing algorithm is proposed.Simulations demonstrate that the opportunistic spectrum sharing method conspicuously improves the system performance up to around 20%–30% in SDWN, and the proposed algorithm achieves more efficient performance.展开更多
基金supported by the National Natural Science Foundation of China for Innovative Research Groups (61521003)the National Natural Science Foundation of China (61872382)+1 种基金the National Key Research and Development Program of China (2017YFB0803204)the Research and Development Program in Key Areas of Guangdong Province (No.2018B010113001)
文摘Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).
文摘Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. It has found center, and enterprise networks. applications in mobile, data The SDN architecture has a centralized, programmable control plane that is separate from the data plane. SDN also provides the ability to control and manage virtualized resources and networks without requiring new hardware technologies. This is a major shift in networking technologies.
基金This work was supported by the Fundamental Research Funds for the Central Universities(2021RC239)the Postdoctoral Science Foundation of China(2021 M690338)+3 种基金the Hainan Provincial Natural Science Foundation of China(620RC562,2019RC096,620RC560)the Scientific Research Setup Fund of Hainan University(KYQD(ZR)1877)the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(QCXM201910)the National Natural Science Foundation of China(61802092,62162021).
文摘Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,the network topology of each control domain of SDN will affect the performance of the multidomain network,so performance evaluation is required before the deployment of the multi-domain SDN.Besides,there is a high cost to build real multi-domain SDN networks with different topologies,so it is necessary to use simulation testing methods to evaluate the topological performance of the multi-domain SDN network.As there is a lack of existing methods to construct a multi-domain SDN simulation network for the tool to evaluate the topological performance automatically,this paper proposes an automated multi-domain SDN topology performance evaluation framework,which supports multiple types of SDN network topologies in cooperating to construct a multi-domain SDN network.The framework integrates existing single-domain SDN simulation tools with network performance testing tools to realize automated performance evaluation of multidomain SDN network topologies.We designed and implemented a Mininet-based simulation tool that can connect multiple controllers and run user-specified topologies in multiple SDN control domains to build and test multi-domain SDN networks faster.Then,we used the tool to perform performance tests on various data center network topologies in single-domain and multi-domain SDN simulation environments.Test results show that Space Shuffle has the most stable performance in a single-domain environment,and Fat-tree has the best performance in a multi-domain environment.Also,this tool has the characteristics of simplicity and stability,which can meet the needs of multi-domain SDN topology performance evaluation.
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
基金performed in the Projects " LIGHTNESS : Low latency and high throughput dynamic network infrastructures for high performance datacentre interconnects" (No. 318606) "COSIGN: Combining Optics and SDN In next Generation data centre Networks" (No. 619572) supported by European Commission FP7
文摘Based on the analysis of data centre(DC) traffic pattern, we introduced a holistic software-defined optical DC solution. Architecture-on-Demand based hybrid optical switched(OPS/OCS) data centre network(DCN) fabric is introduced, which is able to realise different inter-and intra-cluster configurations and dynamically support diverse traffic in the DC. The optical DCN is controlled and managed by a software-defined networking(SDN) enabled control plane to achieve high programmability. Moreover, virtual data centre(VDC) composition is developed as an application of such softwaredefined optical DC to create VDC slices for different tenants.
基金supported by the WLAN achievement transformation based on SDN project of Beijing Municipal Commission of Education,the grant number is 201501001
文摘With the rapid growth of mobile data traffic and vast traffic offloaded from cellular network, Wi-Fi has been considered as an essential component to cope with the tremendous growth of mobile data traffic. Although operators have deployed a lot of carrier grade Wi-Fi networks, but there are still a multitude of arrears for nowadays Wi-Fi networks, such as supporting seamless handover between APs, automatic network access and unified authentication, etc. In this paper, we propose an SDN based carrier grade Wi-Fi network framework, namely SWN. The key conceptual contribution of SWN is a principled refactoring of Wi-Fi networks into control and data planes. The control plane has a centralized global view of the whole network, can perceive the underlying network state by network situation awareness(NAS) technique, and bundles the perceived information and network management operations into northbound Application Programming Interface(API) for upper applications. In the data plane, we construct software access point(SAP) to abstract the connection between user equipment(UE) and access point(AP). Network operators can design network applications by utilizing these APIs and the SAP abstraction to configure and manage the whole network, which makes carrier grade Wi-Fi networks more flexible, user-friendly, and scalable.
基金This work was supported by the six talent peaks project in Jiangsu Province(No.XYDXX-012)Natural Science Foundation of China(No.62002045),China Postdoctoral Science Foundation(No.2021M690565)Fundamental Research Funds for the Cornell University(No.N2117002).
文摘The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communication protocols.This brings forth new methods and models to fuse the information yielded by the various industrial plant elements and generates emerging security challenges that we have to face,providing ad-hoc functions for scheduling and guaranteeing the network operations.Recently,the large development of SoftwareDefined Networking(SDN)and Artificial Intelligence(AI)technologies have made feasible the design and control of scalable and secure IIoT networks.This paper studies how AI and SDN technologies combined can be leveraged towards improving the security and functionality of these IIoT networks.After surveying the state-of-the-art research efforts in the subject,the paper introduces a candidate architecture for AI-enabled Software-Defined IIoT Network(AI-SDIN)that divides the traditional industrial networks into three functional layers.And with this aim in mind,key technologies(Blockchain-based Data Sharing,Intelligent Wireless Data Sensing,Edge Intelligence,Time-Sensitive Networks,Integrating SDN&TSN,Distributed AI)and improve applications based on AISDIN are also discussed.Further,the paper also highlights new opportunities and potential research challenges in control and automation of IIoT networks.
文摘Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.
文摘针对当前无线网络中一些节点超载而另外一些节点处于轻载的问题,引入了SDN(software defined networking,软件定义网络).并根据物理学中连通器水压的原理提出了一种改进后的动态负载感知扩散算法,该算法很好地利用了节点所处负载环境这个信息,在负载迁移过程中进行了有效地收敛.通过Linux下的mininet-wifi平台搭建了系统模型,对其进行了仿真实验分析.仿真试验结果证明该扩散算法有效地减小了往返时延,提高了网络吞吐量,降低了能耗,解决了网络拥塞问题.
基金Project supported by the National Natural Science Foundation of China(No.61831007)
文摘Nowadays, cyberspace has become a vital part of social infrastructure. With the rapid development of the scale of networks, applications and services have become enriched, and the bearing function of the underlying network devices(such as switches and routers) has also been extended. To promote the dynamics architecture, high-level security, and high quality of service of the network, control network architecture forward separation is a development trend of the networking technology. Currently, software-defined networking(SDN) is one of the most popular and promising technologies. In SDN, high-level strategies are deployed by the proprietary equipment, which is used to guide the data forwarding of the network equipment. This can reduce many complicated functions of the network equipment and improve the flexibility and operability of the implementation and deployment of new network technologies and protocols. However, this novel networking technology faces novel challenges in term of architecture and security. The aim of this study is to offer a comprehensive review of the state-of-the-art research on novel advances of programmable SDN, and to highlight what has been investigated and what remains to be addressed, particularly, in terms of architecture and security.
文摘In software-defined networking(SDN),controllers are sinks of information such as network topology collected from switches.Organizations often like to protect their internal network topology and keep their network policies private.We borrow techniques from secure multi-party computation(SMC)to preserve the privacy of policies of SDN controllers about status of routers.On the other hand,the number of controllers is one of the most important concerns in scalability of SMC application in SDNs.To address this issue,we formulate an optimization problem to minimize the number of SDN controllers while considering their reliability in SMC operations.We use Non-Dominated Sorting Genetic Algorithm II(NSGA-II)to determine the optimal number of controllers,and simulate SMC for typical SDNs with this number of controllers.Simulation results show that applying the SMC technique to preserve the privacy of organization policies causes only a little delay in SDNs,which is completely justifiable by the privacy obtained.
基金supported by Ulsan Metropolitan City-ETRI joint cooperation Project[21AS1600]Development of intelligent technology for key industries and autonomous human-mobile-space autonomous collaboration intelligence technology].
文摘Software-defined networking is one of the progressive and prominent innovations in Information and Communications Technology.It mitigates the issues that our conventional network was experiencing.However,traffic data generated by various applications is increasing day by day.In addition,as an organization’s digital transformation is accelerated,the amount of information to be processed inside the organization has increased explosively.It might be possible that a Software-Defined Network becomes a bottleneck and unavailable.Various models have been proposed in the literature to balance the load.However,most of the works consider only limited parameters and do not consider controller and transmission media loads.These loads also contribute to decreasing the performance of Software-Defined Networks.This work illustrates how a software-defined network can tackle the load at its software layer and give excellent results to distribute the load.We proposed a deep learning-dependent convolutional neural networkbased load balancing technique to handle a software-defined network load.The simulation results show that the proposed model requires fewer resources as compared to existing machine learning-based load balancing techniques.
基金Taif University Researchers supporting Project number(TURSP-2020/215),Taif University,Taif,Saudi Arabia.
文摘The rapid advancement of wireless communication is forming a hyper-connected 5G network in which billions of linked devices generate massive amounts of data.The traffic control and data forwarding functions are decoupled in software-defined networking(SDN)and allow the network to be programmable.Each switch in SDN keeps track of forwarding information in a flow table.The SDN switches must search the flow table for the flow rules that match the packets to handle the incoming packets.Due to the obvious vast quantity of data in data centres,the capacity of the flow table restricts the data plane’s forwarding capabilities.So,the SDN must handle traffic from across the whole network.The flow table depends on Ternary Content Addressable Memorable Memory(TCAM)for storing and a quick search of regulations;it is restricted in capacity owing to its elevated cost and energy consumption.Whenever the flow table is abused and overflowing,the usual regulations cannot be executed quickly.In this case,we consider lowrate flow table overflowing that causes collision flow rules to be installed and consumes excessive existing flow table capacity by delivering packets that don’t fit the flow table at a low rate.This study introduces machine learning techniques for detecting and categorizing low-rate collision flows table in SDN,using Feed ForwardNeuralNetwork(FFNN),K-Means,and Decision Tree(DT).We generate two network topologies,Fat Tree and Simple Tree Topologies,with the Mininet simulator and coupled to the OpenDayLight(ODL)controller.The efficiency and efficacy of the suggested algorithms are assessed using several assessment indicators such as success rate query,propagation delay,overall dropped packets,energy consumption,bandwidth usage,latency rate,and throughput.The findings showed that the suggested technique to tackle the flow table congestion problem minimizes the number of flows while retaining the statistical consistency of the 5G network.By putting the proposed flow method and checking whether a packet may move from point A to point B without breaking certain regulations,the evaluation tool examines every flow against a set of criteria.The FFNN with DT and K-means algorithms obtain accuracies of 96.29%and 97.51%,respectively,in the identification of collision flows,according to the experimental outcome when associated with existing methods from the literature.
基金supported in part by the National Natural Science Foundation of China (Nos. 61402029, 61370190, and 61379002)the National Key Basic Research Program (973) of China (No. 2012CB315905)
文摘Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose Route Guardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, Route Guardian supports dynamic routing reconfiguration according to the latest network status. We prototyped Route Guardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.
基金supported by the US National Science Foundation(Nos.CNS-1247955 and CNS-1320664)the Wireless Engineering Research and Education Center(WEREC)at Auburn University,Auburn,USA
文摘To provide ubiquitous Internet access under the explosive increase of applications and data traffic,the current network architecture has become highly heterogeneous and complex,making network management a challenging task.To this end,software-defined networking(SDN) has been proposed as a promising solution.In the SDN architecture,the control plane and the data plane are decoupled,and the network infrastructures are abstracted and managed by a centralized controller.With SDN,efficient and flexible network control can be achieved,which potentially enhances network performance.To harvest the benefits of SDN in wireless networks,the software-defined wireless network(SDWN) architecture has been recently considered.In this paper,we first analyze the applications of SDN to different types of wireless networks.We then discuss several important technical aspects of performance enhancement in SDN-based wireless networks.Finally,we present possible future research directions of SDWN.
基金supported by the National Natural Science Foundation of China(Nos.61402357,61272459,and 61402357)the China Postdoctoral Science Foundation(No.2015M570835)+2 种基金the Fundamental Research Funds for the Central Universities,Chinathe Program for New Century Excellent Talents in Universitythe CETC 54 Project(No.ITD-U14001/KX142600008)
文摘Controllers play a critical role in software-defined networking(SDN).However,existing singlecontroller SDN architectures are vulnerable to single-point failures,where a controller's capacity can be saturated by flooded flow requests.In addition,due to the complicated interactions between applications and controllers,the flow setup latency is relatively large.To address the above security and performance issues of current SDN controllers,we propose distributed rule store(DRS),a new multi-controller architecture for SDNs.In DRS,the controller caches the flow rules calculated by applications,and distributes these rules to multiple controller instances.Each controller instance holds only a subset of all rules,and periodically checks the consistency of flow rules with each other.Requests from switches are distributed among multiple controllers,in order to mitigate controller capacity saturation attack.At the same time,when rules at one controller are maliciously modified,they can be detected and recovered in time.We implement DRS based on Floodlight and evaluate it with extensive emulation.The results show that DRS can effectively maintain a consistently distributed rule store,and at the same time can achieve a shorter flow setup time and a higher processing throughput,compared with ONOS and Floodlight.
基金The work was supported in part by the National Natural Science Foundation of China under Grant Nos.61972371,U19B2023 and U19B2044the Youth Innovation Promotion Association of the Chinese Academy of Sciences under Grant No.Y202093.
文摘Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane saturation attacks. The existing methods, using centralized mitigation policies and ignoring the buffered attack flows, involve extra network entities and make benign traffic suffer from long network recovery delays. For these purposes, we propose LFSDM, a saturation attack detection and mitigation system, which solves these challenges by leveraging three new techniques: 1) using linear discriminant analysis (LDA) and extracting a novel feature called control channel occupation rate (CCOR) to detect the attacks, 2) adopting the distributed mitigation agents to reduce the number of involved network entities and, 3) cleaning up the buffered attack flows to enable fast recovery. Experiments show that our system can detect the attacks timely and accurately. More importantly, compared with the previous work, we save 81% of the network recovery delay under attacks ranging from 1,000 to 4,000 packets per second (PPS) on average, and 87% of the network recovery delay under higher attack rates with PPS ranging from 5,000 to 30,000.
基金supported by the National Natural Science Foundation of China(6102100161133015+4 种基金61171065)the National Natural Science Foundation of China(973 Program)(2013CB329001)the National High Technology ResearchDevelopment Program(863 Program)(2013AA0106052013AA013500)
文摘Over the past few decades, the world has witnessed a rapid growth in mobile and wireless networks(MWNs) which significantly change human life. However, proliferating mobile demands lead to several intractable challenges that MWN has to face. Software-defined network is expected as a promising way for future network and has captured growing attention. Network virtualization is an essential feature in software-defined wireless network(SDWN), and it brings two new entities, physical networks and virtual networks. Accordingly, efficiently assigning spectrum resource to virtual networks is one of the fundamental problems in SDWN. Directly orienting towards the spectrum resource allocation problem, firstly, the fluctuation features of virtual network requirements in SDWN are researched, and the opportunistic spectrum sharing method is introduced to SDWN. Then, the problem is proved as NP-hardness. After that, a dynamic programming and graph theory based spectrum sharing algorithm is proposed.Simulations demonstrate that the opportunistic spectrum sharing method conspicuously improves the system performance up to around 20%–30% in SDWN, and the proposed algorithm achieves more efficient performance.
