Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet serv...Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet service providers have begun to deploy software defined network(SDN)technology,the Internet will be in a hybrid SDN network where traditional and SDN devices coexist for a long time.Therefore,this study aims to deploy the LFA scheme in hybrid SDN network architecture to handle all possible single network component failure scenarios.First,the deployment of LFA scheme in a hybrid SDN network is described as a 0-1 integer linear programming(ILP)problem.Then,two greedy algorithms,namely,greedy algorithm for LFA based on hybrid SDN(GALFAHSDN)and improved greedy algorithm for LFA based on hybrid SDN(IGALFAHSDN),are proposed to solve the proposed problem.Finally,both algorithms are tested in the simulation environment and the real platform.Experiment results show that GALFAHSDN and IGALFAHSDN can cope with all single network component failure scenarios when only a small number of nodes are upgraded to SDN nodes.The path stretch of the two algorithms is less than 1.36.展开更多
Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced net...Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.展开更多
目的/意义建设基于软件定义网络(software defined networking,SDN)架构的网络安全平台,以增强医院云计算安全防护。方法/过程基于SDN架构构建网络安全平台,并与入侵检测系统联动形成主动防御系统。对比分析平台应用前后租户横向攻击数...目的/意义建设基于软件定义网络(software defined networking,SDN)架构的网络安全平台,以增强医院云计算安全防护。方法/过程基于SDN架构构建网络安全平台,并与入侵检测系统联动形成主动防御系统。对比分析平台应用前后租户横向攻击数量、攻击成功率、策略无阻断业务数、勒索软件加密数据量和安全团队操作工时等指标,验证平台的有效性。结果/结论基于SDN架构的网络安全平台可有效识别并阻断恶意流量,增强对医院云计算的安全防护。展开更多
With the birth of Software-Defined Networking(SDN),integration of both SDN and traditional architectures becomes the development trend of computer networks.Network intrusion detection faces challenges in dealing with ...With the birth of Software-Defined Networking(SDN),integration of both SDN and traditional architectures becomes the development trend of computer networks.Network intrusion detection faces challenges in dealing with complex attacks in SDN environments,thus to address the network security issues from the viewpoint of Artificial Intelligence(AI),this paper introduces the Crayfish Optimization Algorithm(COA)to the field of intrusion detection for both SDN and traditional network architectures,and based on the characteristics of the original COA,an Improved Crayfish Optimization Algorithm(ICOA)is proposed by integrating strategies of elite reverse learning,Levy flight,crowding factor and parameter modification.The ICOA is then utilized for AI-integrated feature selection of intrusion detection for both SDN and traditional network architectures,to reduce the dimensionality of the data and improve the performance of network intrusion detection.Finally,the performance evaluation is performed by testing not only the NSL-KDD dataset and the UNSW-NB 15 dataset for traditional networks but also the InSDN dataset for SDN-based networks.Experimental results show that ICOA improves the accuracy by 0.532%and 2.928%respectively compared with GWO and COA in traditional networks.In SDN networks,the accuracy of ICOA is 0.25%and 0.3%higher than COA and PSO.These findings collectively indicate that AI-integrated feature selection based on the proposed ICOA can promote network intrusion detection for both SDN and traditional architectures.展开更多
Software-defined networking(SDN) enables the network virtualization through SDN hypervisors to share the underlying physical SDN network among multiple logically isolated virtual SDN networks(v SDNs),each with its own...Software-defined networking(SDN) enables the network virtualization through SDN hypervisors to share the underlying physical SDN network among multiple logically isolated virtual SDN networks(v SDNs),each with its own controller.The v SDN embedding,which refers to mapping a number of v SDNs to the same substrate SDN network,is a key problem in the SDN virtualization environment.However,due to the distinctions of the SDN,such as the logically centralized controller and different virtualization technologies,most of the existing embedding algorithms cannot be applied directly to SDN virtualization.In this paper,we consider controller placement and virtual network embedding as a joint vS DN embedding problem,and formulate it into an integer linear programming with objectives of minimizing the embedding cost and the controller-to-switch delay for each v SDN.Moreover,we propose a novel online vS DN embedding algorithm called CO-v SDNE,which consists of a node mapping stage and a link mapping stage.In the node mapping stage,CO-vS DNE maps the controller and the virtual nodes to the substrate nodes on the basis of the controller-to-switch delay and takes into account the subsequent link mapping at the same time.In the link mapping stage,CO-v SDNE adopts the k-shortest path algorithm to map the virtual links.The evaluation results with simulation and Mininet emulation show that the proposed CO-v SDNE not only significantly increases the long-term revenue to the cost ratio and acceptance ratio while guaranteeing low average and maximum controller-to-switch delay,but also achieves good v SDN performance in terms of end-to-end delay and throughput.展开更多
空天地一体化网络作为6G技术的关键组成,在整合天基、空基和地基网络时,面临节点异构性、业务多样性等挑战,进而引发资源分配、竞争及故障风险等问题。基于此,聚焦基于软件定义网络(software defined network,SDN)与网络功能虚拟化(netw...空天地一体化网络作为6G技术的关键组成,在整合天基、空基和地基网络时,面临节点异构性、业务多样性等挑战,进而引发资源分配、竞争及故障风险等问题。基于此,聚焦基于软件定义网络(software defined network,SDN)与网络功能虚拟化(network functions virtualization,NFV)的空天地一体化网络任务部署与恢复,首先阐述了空天地一体化网络系统架构,介绍了各层网络构成、SDN和NFV原理及其相关应用,然后,针对上述挑战,以服务功能链技术为抓手,提出了面向任务的服务功能链优化部署、利用智能算法实现动态调度、通过匹配博弈算法完成失效恢复等策略,最后,构建了一个用例,设定节点部署、服务功能链建模等,验证了所提策略在提升服务功能链完成效率以及应对资源故障方面的有效性,旨在为空天地一体化网络资源管理提供理论基础。展开更多
Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. ...Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.展开更多
New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
Along with the completion of the development of 4G technologies, the global mobile community starts the study of the next generation technologies, i.e. 5G technologies. This paper proposes a new flexible architecture ...Along with the completion of the development of 4G technologies, the global mobile community starts the study of the next generation technologies, i.e. 5G technologies. This paper proposes a new flexible architecture for 5G mobile networks based on Network Function Virtualization(NFV) and Software Defined Network(SDN) technologies, which is adaptable to use cases and scenarios. Then implementation reference architecture and some typical 5G network deployment cases are discussed. Besides, some key issues for further study are also indicated at the end.展开更多
In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by ...In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.展开更多
Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.A...Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.展开更多
Virtualization is the key technology of cloud computing. Network virtualization plays an important role in this field. Its performance is very relevant to network virtualizing. Nowadays its implementations are mainly ...Virtualization is the key technology of cloud computing. Network virtualization plays an important role in this field. Its performance is very relevant to network virtualizing. Nowadays its implementations are mainly based on the idea of Software Define Network (SDN). Open vSwitch is a sort of software virtual switch, which conforms to the OpenFlow protocol standard. It is basically deployed in the Linux kernel hypervisor. This leads to its performance relatively poor because of the limited system resource. In turn, the packet process throughput is very low.In this paper, we present a Cavium-based Open vSwitch implementation. The Cavium platform features with multi cores and couples of hard ac-celerators. It supports zero-copy of packets and handles packet more quickly. We also carry some experiments on the platform. It indicates that we can use it in the enterprise network or campus network as convergence layer and core layer device.展开更多
The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as techno...The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.展开更多
基金This work is supported by the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(No.QCXM201910)the National Natural Science Foundation of China(No.61702315,No.61802092)+2 种基金the Scientific Research Setup Fund of Hainan University(No.KYQD(ZR)1837)the Key R&D program(international science and technology cooperation project)of Shanxi Province China(No.201903D421003)Scientific and Technological Innovation Programs of Higher Education Institutions in Shanxi(No.201802013).
文摘Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet service providers have begun to deploy software defined network(SDN)technology,the Internet will be in a hybrid SDN network where traditional and SDN devices coexist for a long time.Therefore,this study aims to deploy the LFA scheme in hybrid SDN network architecture to handle all possible single network component failure scenarios.First,the deployment of LFA scheme in a hybrid SDN network is described as a 0-1 integer linear programming(ILP)problem.Then,two greedy algorithms,namely,greedy algorithm for LFA based on hybrid SDN(GALFAHSDN)and improved greedy algorithm for LFA based on hybrid SDN(IGALFAHSDN),are proposed to solve the proposed problem.Finally,both algorithms are tested in the simulation environment and the real platform.Experiment results show that GALFAHSDN and IGALFAHSDN can cope with all single network component failure scenarios when only a small number of nodes are upgraded to SDN nodes.The path stretch of the two algorithms is less than 1.36.
基金Supported by the National Basic Research Program of China(No.2012CB315803)the Around Five Top Priorities of One-Three-Five Strategic Planning,CNIC(No.CNIC PY 1401)Chinese Academy of Sciences,and the Knowledge Innovation Program of the Chinese Academy of Sciences(No.CNIC_QN_1508)
文摘Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.
文摘目的/意义建设基于软件定义网络(software defined networking,SDN)架构的网络安全平台,以增强医院云计算安全防护。方法/过程基于SDN架构构建网络安全平台,并与入侵检测系统联动形成主动防御系统。对比分析平台应用前后租户横向攻击数量、攻击成功率、策略无阻断业务数、勒索软件加密数据量和安全团队操作工时等指标,验证平台的有效性。结果/结论基于SDN架构的网络安全平台可有效识别并阻断恶意流量,增强对医院云计算的安全防护。
基金supported by the National Natural Science Foundation of China under Grant 61602162the Hubei Provincial Science and Technology Plan Project under Grant 2023BCB041.
文摘With the birth of Software-Defined Networking(SDN),integration of both SDN and traditional architectures becomes the development trend of computer networks.Network intrusion detection faces challenges in dealing with complex attacks in SDN environments,thus to address the network security issues from the viewpoint of Artificial Intelligence(AI),this paper introduces the Crayfish Optimization Algorithm(COA)to the field of intrusion detection for both SDN and traditional network architectures,and based on the characteristics of the original COA,an Improved Crayfish Optimization Algorithm(ICOA)is proposed by integrating strategies of elite reverse learning,Levy flight,crowding factor and parameter modification.The ICOA is then utilized for AI-integrated feature selection of intrusion detection for both SDN and traditional network architectures,to reduce the dimensionality of the data and improve the performance of network intrusion detection.Finally,the performance evaluation is performed by testing not only the NSL-KDD dataset and the UNSW-NB 15 dataset for traditional networks but also the InSDN dataset for SDN-based networks.Experimental results show that ICOA improves the accuracy by 0.532%and 2.928%respectively compared with GWO and COA in traditional networks.In SDN networks,the accuracy of ICOA is 0.25%and 0.3%higher than COA and PSO.These findings collectively indicate that AI-integrated feature selection based on the proposed ICOA can promote network intrusion detection for both SDN and traditional architectures.
基金supported by the National Natural Science Foundation of China(Nos.61201209 and 61401499)the Natural Science Foundation of Shaanxi Province,China(No.2015JM6340)the Industrial Science and Technology Project of Shaanxi Province,China(No.2016GY-087)
文摘Software-defined networking(SDN) enables the network virtualization through SDN hypervisors to share the underlying physical SDN network among multiple logically isolated virtual SDN networks(v SDNs),each with its own controller.The v SDN embedding,which refers to mapping a number of v SDNs to the same substrate SDN network,is a key problem in the SDN virtualization environment.However,due to the distinctions of the SDN,such as the logically centralized controller and different virtualization technologies,most of the existing embedding algorithms cannot be applied directly to SDN virtualization.In this paper,we consider controller placement and virtual network embedding as a joint vS DN embedding problem,and formulate it into an integer linear programming with objectives of minimizing the embedding cost and the controller-to-switch delay for each v SDN.Moreover,we propose a novel online vS DN embedding algorithm called CO-v SDNE,which consists of a node mapping stage and a link mapping stage.In the node mapping stage,CO-vS DNE maps the controller and the virtual nodes to the substrate nodes on the basis of the controller-to-switch delay and takes into account the subsequent link mapping at the same time.In the link mapping stage,CO-v SDNE adopts the k-shortest path algorithm to map the virtual links.The evaluation results with simulation and Mininet emulation show that the proposed CO-v SDNE not only significantly increases the long-term revenue to the cost ratio and acceptance ratio while guaranteeing low average and maximum controller-to-switch delay,but also achieves good v SDN performance in terms of end-to-end delay and throughput.
文摘空天地一体化网络作为6G技术的关键组成,在整合天基、空基和地基网络时,面临节点异构性、业务多样性等挑战,进而引发资源分配、竞争及故障风险等问题。基于此,聚焦基于软件定义网络(software defined network,SDN)与网络功能虚拟化(network functions virtualization,NFV)的空天地一体化网络任务部署与恢复,首先阐述了空天地一体化网络系统架构,介绍了各层网络构成、SDN和NFV原理及其相关应用,然后,针对上述挑战,以服务功能链技术为抓手,提出了面向任务的服务功能链优化部署、利用智能算法实现动态调度、通过匹配博弈算法完成失效恢复等策略,最后,构建了一个用例,设定节点部署、服务功能链建模等,验证了所提策略在提升服务功能链完成效率以及应对资源故障方面的有效性,旨在为空天地一体化网络资源管理提供理论基础。
基金supported in part by the grant from the National Natural Science Foundation of China (60973129)
文摘Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
基金supported by the National Science and Technology Major Project No.2015ZX03002004
文摘Along with the completion of the development of 4G technologies, the global mobile community starts the study of the next generation technologies, i.e. 5G technologies. This paper proposes a new flexible architecture for 5G mobile networks based on Network Function Virtualization(NFV) and Software Defined Network(SDN) technologies, which is adaptable to use cases and scenarios. Then implementation reference architecture and some typical 5G network deployment cases are discussed. Besides, some key issues for further study are also indicated at the end.
基金supported by the Key Laboratory of Universal Wireless Communications(Beijing University of Posts and Telecommunications)Ministry of Education,P.R.China(KFKT-2013104)+6 种基金the National Natural Science Foundation of China(61501105,61471109,61302071)the China Postdoctoral Science Foundation(2013M541243)the Doctoral Scientific Research Foundation of Liaoning Province(20141014)the Fundamental Research Funds for the Central Universities(N150404018,N130304001,N150401002,N150404015)the National 973 Advance Research Program(2014CB360509)the Postdoctoral Science Foundation of Northeast University(20140319)Ministry of Education-China Mobile Research Foundation(MCM20130131)
文摘In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.
文摘Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.
文摘Virtualization is the key technology of cloud computing. Network virtualization plays an important role in this field. Its performance is very relevant to network virtualizing. Nowadays its implementations are mainly based on the idea of Software Define Network (SDN). Open vSwitch is a sort of software virtual switch, which conforms to the OpenFlow protocol standard. It is basically deployed in the Linux kernel hypervisor. This leads to its performance relatively poor because of the limited system resource. In turn, the packet process throughput is very low.In this paper, we present a Cavium-based Open vSwitch implementation. The Cavium platform features with multi cores and couples of hard ac-celerators. It supports zero-copy of packets and handles packet more quickly. We also carry some experiments on the platform. It indicates that we can use it in the enterprise network or campus network as convergence layer and core layer device.
文摘The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.
