Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet serv...Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet service providers have begun to deploy software defined network(SDN)technology,the Internet will be in a hybrid SDN network where traditional and SDN devices coexist for a long time.Therefore,this study aims to deploy the LFA scheme in hybrid SDN network architecture to handle all possible single network component failure scenarios.First,the deployment of LFA scheme in a hybrid SDN network is described as a 0-1 integer linear programming(ILP)problem.Then,two greedy algorithms,namely,greedy algorithm for LFA based on hybrid SDN(GALFAHSDN)and improved greedy algorithm for LFA based on hybrid SDN(IGALFAHSDN),are proposed to solve the proposed problem.Finally,both algorithms are tested in the simulation environment and the real platform.Experiment results show that GALFAHSDN and IGALFAHSDN can cope with all single network component failure scenarios when only a small number of nodes are upgraded to SDN nodes.The path stretch of the two algorithms is less than 1.36.展开更多
Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced net...Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.展开更多
With the birth of Software-Defined Networking(SDN),integration of both SDN and traditional architectures becomes the development trend of computer networks.Network intrusion detection faces challenges in dealing with ...With the birth of Software-Defined Networking(SDN),integration of both SDN and traditional architectures becomes the development trend of computer networks.Network intrusion detection faces challenges in dealing with complex attacks in SDN environments,thus to address the network security issues from the viewpoint of Artificial Intelligence(AI),this paper introduces the Crayfish Optimization Algorithm(COA)to the field of intrusion detection for both SDN and traditional network architectures,and based on the characteristics of the original COA,an Improved Crayfish Optimization Algorithm(ICOA)is proposed by integrating strategies of elite reverse learning,Levy flight,crowding factor and parameter modification.The ICOA is then utilized for AI-integrated feature selection of intrusion detection for both SDN and traditional network architectures,to reduce the dimensionality of the data and improve the performance of network intrusion detection.Finally,the performance evaluation is performed by testing not only the NSL-KDD dataset and the UNSW-NB 15 dataset for traditional networks but also the InSDN dataset for SDN-based networks.Experimental results show that ICOA improves the accuracy by 0.532%and 2.928%respectively compared with GWO and COA in traditional networks.In SDN networks,the accuracy of ICOA is 0.25%and 0.3%higher than COA and PSO.These findings collectively indicate that AI-integrated feature selection based on the proposed ICOA can promote network intrusion detection for both SDN and traditional architectures.展开更多
Software-defined networking(SDN) enables the network virtualization through SDN hypervisors to share the underlying physical SDN network among multiple logically isolated virtual SDN networks(v SDNs),each with its own...Software-defined networking(SDN) enables the network virtualization through SDN hypervisors to share the underlying physical SDN network among multiple logically isolated virtual SDN networks(v SDNs),each with its own controller.The v SDN embedding,which refers to mapping a number of v SDNs to the same substrate SDN network,is a key problem in the SDN virtualization environment.However,due to the distinctions of the SDN,such as the logically centralized controller and different virtualization technologies,most of the existing embedding algorithms cannot be applied directly to SDN virtualization.In this paper,we consider controller placement and virtual network embedding as a joint vS DN embedding problem,and formulate it into an integer linear programming with objectives of minimizing the embedding cost and the controller-to-switch delay for each v SDN.Moreover,we propose a novel online vS DN embedding algorithm called CO-v SDNE,which consists of a node mapping stage and a link mapping stage.In the node mapping stage,CO-vS DNE maps the controller and the virtual nodes to the substrate nodes on the basis of the controller-to-switch delay and takes into account the subsequent link mapping at the same time.In the link mapping stage,CO-v SDNE adopts the k-shortest path algorithm to map the virtual links.The evaluation results with simulation and Mininet emulation show that the proposed CO-v SDNE not only significantly increases the long-term revenue to the cost ratio and acceptance ratio while guaranteeing low average and maximum controller-to-switch delay,but also achieves good v SDN performance in terms of end-to-end delay and throughput.展开更多
空天地一体化网络作为6G技术的关键组成,在整合天基、空基和地基网络时,面临节点异构性、业务多样性等挑战,进而引发资源分配、竞争及故障风险等问题。基于此,聚焦基于软件定义网络(software defined network,SDN)与网络功能虚拟化(netw...空天地一体化网络作为6G技术的关键组成,在整合天基、空基和地基网络时,面临节点异构性、业务多样性等挑战,进而引发资源分配、竞争及故障风险等问题。基于此,聚焦基于软件定义网络(software defined network,SDN)与网络功能虚拟化(network functions virtualization,NFV)的空天地一体化网络任务部署与恢复,首先阐述了空天地一体化网络系统架构,介绍了各层网络构成、SDN和NFV原理及其相关应用,然后,针对上述挑战,以服务功能链技术为抓手,提出了面向任务的服务功能链优化部署、利用智能算法实现动态调度、通过匹配博弈算法完成失效恢复等策略,最后,构建了一个用例,设定节点部署、服务功能链建模等,验证了所提策略在提升服务功能链完成效率以及应对资源故障方面的有效性,旨在为空天地一体化网络资源管理提供理论基础。展开更多
Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. ...Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.展开更多
New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
Along with the completion of the development of 4G technologies, the global mobile community starts the study of the next generation technologies, i.e. 5G technologies. This paper proposes a new flexible architecture ...Along with the completion of the development of 4G technologies, the global mobile community starts the study of the next generation technologies, i.e. 5G technologies. This paper proposes a new flexible architecture for 5G mobile networks based on Network Function Virtualization(NFV) and Software Defined Network(SDN) technologies, which is adaptable to use cases and scenarios. Then implementation reference architecture and some typical 5G network deployment cases are discussed. Besides, some key issues for further study are also indicated at the end.展开更多
In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by ...In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.展开更多
Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.A...Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.展开更多
Virtualization is the key technology of cloud computing. Network virtualization plays an important role in this field. Its performance is very relevant to network virtualizing. Nowadays its implementations are mainly ...Virtualization is the key technology of cloud computing. Network virtualization plays an important role in this field. Its performance is very relevant to network virtualizing. Nowadays its implementations are mainly based on the idea of Software Define Network (SDN). Open vSwitch is a sort of software virtual switch, which conforms to the OpenFlow protocol standard. It is basically deployed in the Linux kernel hypervisor. This leads to its performance relatively poor because of the limited system resource. In turn, the packet process throughput is very low.In this paper, we present a Cavium-based Open vSwitch implementation. The Cavium platform features with multi cores and couples of hard ac-celerators. It supports zero-copy of packets and handles packet more quickly. We also carry some experiments on the platform. It indicates that we can use it in the enterprise network or campus network as convergence layer and core layer device.展开更多
The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as techno...The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.展开更多
针对SDN流量工程中流量预测基于静态时空依赖的问题,提出了一种基于注意力机制的图卷积神经网络(GCN)与门控递归单元(GRU)集成的动态网络流量预测方法——AGCNGRU(attention mechanism for GCNGRU model)。借助GCN捕获网络中节点之间的...针对SDN流量工程中流量预测基于静态时空依赖的问题,提出了一种基于注意力机制的图卷积神经网络(GCN)与门控递归单元(GRU)集成的动态网络流量预测方法——AGCNGRU(attention mechanism for GCNGRU model)。借助GCN捕获网络中节点之间的流量空间依赖性和GRU捕获流量经过网络中各节点的时间依赖性,通过时间注意力机制设计每个隐藏状态的权重,以调整时间点流量信息的重要性,同时通过数据驱动空间注意力机制动态自适应调整Laplace矩阵,实现动态提取网络信息数据时空相关性,最终完成动态流量精准预测。在GEANT的数据集上的实验表明,所提出的方法在均方误差方面比GCNGRU减少24.8%,比GRU减少66.4%,并通过与传统路由算法OSPF、DDPG算法比较,在90%的流量负载强度下,网络性能比OSPF提升了24%,比DDPG提升了8.1%,进一步说明了AGCNGRU算法网络流量准确预测带来的时效性和有效性。展开更多
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communi...The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communication protocols.This brings forth new methods and models to fuse the information yielded by the various industrial plant elements and generates emerging security challenges that we have to face,providing ad-hoc functions for scheduling and guaranteeing the network operations.Recently,the large development of SoftwareDefined Networking(SDN)and Artificial Intelligence(AI)technologies have made feasible the design and control of scalable and secure IIoT networks.This paper studies how AI and SDN technologies combined can be leveraged towards improving the security and functionality of these IIoT networks.After surveying the state-of-the-art research efforts in the subject,the paper introduces a candidate architecture for AI-enabled Software-Defined IIoT Network(AI-SDIN)that divides the traditional industrial networks into three functional layers.And with this aim in mind,key technologies(Blockchain-based Data Sharing,Intelligent Wireless Data Sensing,Edge Intelligence,Time-Sensitive Networks,Integrating SDN&TSN,Distributed AI)and improve applications based on AISDIN are also discussed.Further,the paper also highlights new opportunities and potential research challenges in control and automation of IIoT networks.展开更多
Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks...Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.展开更多
基金This work is supported by the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(No.QCXM201910)the National Natural Science Foundation of China(No.61702315,No.61802092)+2 种基金the Scientific Research Setup Fund of Hainan University(No.KYQD(ZR)1837)the Key R&D program(international science and technology cooperation project)of Shanxi Province China(No.201903D421003)Scientific and Technological Innovation Programs of Higher Education Institutions in Shanxi(No.201802013).
文摘Loop free alternate(LFA)is a routing protection scheme that is currently deployed in commercial routers.However,LFA cannot handle all single network component failure scenarios in traditional networks.As Internet service providers have begun to deploy software defined network(SDN)technology,the Internet will be in a hybrid SDN network where traditional and SDN devices coexist for a long time.Therefore,this study aims to deploy the LFA scheme in hybrid SDN network architecture to handle all possible single network component failure scenarios.First,the deployment of LFA scheme in a hybrid SDN network is described as a 0-1 integer linear programming(ILP)problem.Then,two greedy algorithms,namely,greedy algorithm for LFA based on hybrid SDN(GALFAHSDN)and improved greedy algorithm for LFA based on hybrid SDN(IGALFAHSDN),are proposed to solve the proposed problem.Finally,both algorithms are tested in the simulation environment and the real platform.Experiment results show that GALFAHSDN and IGALFAHSDN can cope with all single network component failure scenarios when only a small number of nodes are upgraded to SDN nodes.The path stretch of the two algorithms is less than 1.36.
基金Supported by the National Basic Research Program of China(No.2012CB315803)the Around Five Top Priorities of One-Three-Five Strategic Planning,CNIC(No.CNIC PY 1401)Chinese Academy of Sciences,and the Knowledge Innovation Program of the Chinese Academy of Sciences(No.CNIC_QN_1508)
文摘Software defined networking( SDN) offers programmable interface to effectively control their networks by decoupling control and data plane. The network operators utilize a centralized controller to deploy advanced network management strategies. An architecture for application-aware routing which can support dynamic quality of service( Qo S) in SDN networks is proposed. The applicationaware routing as a multi-constrained optimal path( MCOP) problem is proposed,where applications are treated as Qo S flow and best-effort flows. With the SDN controller applications,it is able to dynamically lead routing decisions based on application characteristics and requirements,leading to a better overall user experience and higher utilization of network resources. The simulation results show that the improvement of application-aware routing framework on discovering appropriate routes,which can provide Qo S guarantees for a specific application in SDN networks.
基金supported by the National Natural Science Foundation of China under Grant 61602162the Hubei Provincial Science and Technology Plan Project under Grant 2023BCB041.
文摘With the birth of Software-Defined Networking(SDN),integration of both SDN and traditional architectures becomes the development trend of computer networks.Network intrusion detection faces challenges in dealing with complex attacks in SDN environments,thus to address the network security issues from the viewpoint of Artificial Intelligence(AI),this paper introduces the Crayfish Optimization Algorithm(COA)to the field of intrusion detection for both SDN and traditional network architectures,and based on the characteristics of the original COA,an Improved Crayfish Optimization Algorithm(ICOA)is proposed by integrating strategies of elite reverse learning,Levy flight,crowding factor and parameter modification.The ICOA is then utilized for AI-integrated feature selection of intrusion detection for both SDN and traditional network architectures,to reduce the dimensionality of the data and improve the performance of network intrusion detection.Finally,the performance evaluation is performed by testing not only the NSL-KDD dataset and the UNSW-NB 15 dataset for traditional networks but also the InSDN dataset for SDN-based networks.Experimental results show that ICOA improves the accuracy by 0.532%and 2.928%respectively compared with GWO and COA in traditional networks.In SDN networks,the accuracy of ICOA is 0.25%and 0.3%higher than COA and PSO.These findings collectively indicate that AI-integrated feature selection based on the proposed ICOA can promote network intrusion detection for both SDN and traditional architectures.
基金supported by the National Natural Science Foundation of China(Nos.61201209 and 61401499)the Natural Science Foundation of Shaanxi Province,China(No.2015JM6340)the Industrial Science and Technology Project of Shaanxi Province,China(No.2016GY-087)
文摘Software-defined networking(SDN) enables the network virtualization through SDN hypervisors to share the underlying physical SDN network among multiple logically isolated virtual SDN networks(v SDNs),each with its own controller.The v SDN embedding,which refers to mapping a number of v SDNs to the same substrate SDN network,is a key problem in the SDN virtualization environment.However,due to the distinctions of the SDN,such as the logically centralized controller and different virtualization technologies,most of the existing embedding algorithms cannot be applied directly to SDN virtualization.In this paper,we consider controller placement and virtual network embedding as a joint vS DN embedding problem,and formulate it into an integer linear programming with objectives of minimizing the embedding cost and the controller-to-switch delay for each v SDN.Moreover,we propose a novel online vS DN embedding algorithm called CO-v SDNE,which consists of a node mapping stage and a link mapping stage.In the node mapping stage,CO-vS DNE maps the controller and the virtual nodes to the substrate nodes on the basis of the controller-to-switch delay and takes into account the subsequent link mapping at the same time.In the link mapping stage,CO-v SDNE adopts the k-shortest path algorithm to map the virtual links.The evaluation results with simulation and Mininet emulation show that the proposed CO-v SDNE not only significantly increases the long-term revenue to the cost ratio and acceptance ratio while guaranteeing low average and maximum controller-to-switch delay,but also achieves good v SDN performance in terms of end-to-end delay and throughput.
文摘空天地一体化网络作为6G技术的关键组成,在整合天基、空基和地基网络时,面临节点异构性、业务多样性等挑战,进而引发资源分配、竞争及故障风险等问题。基于此,聚焦基于软件定义网络(software defined network,SDN)与网络功能虚拟化(network functions virtualization,NFV)的空天地一体化网络任务部署与恢复,首先阐述了空天地一体化网络系统架构,介绍了各层网络构成、SDN和NFV原理及其相关应用,然后,针对上述挑战,以服务功能链技术为抓手,提出了面向任务的服务功能链优化部署、利用智能算法实现动态调度、通过匹配博弈算法完成失效恢复等策略,最后,构建了一个用例,设定节点部署、服务功能链建模等,验证了所提策略在提升服务功能链完成效率以及应对资源故障方面的有效性,旨在为空天地一体化网络资源管理提供理论基础。
基金supported in part by the grant from the National Natural Science Foundation of China (60973129)
文摘Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
基金supported by the National Science and Technology Major Project No.2015ZX03002004
文摘Along with the completion of the development of 4G technologies, the global mobile community starts the study of the next generation technologies, i.e. 5G technologies. This paper proposes a new flexible architecture for 5G mobile networks based on Network Function Virtualization(NFV) and Software Defined Network(SDN) technologies, which is adaptable to use cases and scenarios. Then implementation reference architecture and some typical 5G network deployment cases are discussed. Besides, some key issues for further study are also indicated at the end.
基金supported by the Key Laboratory of Universal Wireless Communications(Beijing University of Posts and Telecommunications)Ministry of Education,P.R.China(KFKT-2013104)+6 种基金the National Natural Science Foundation of China(61501105,61471109,61302071)the China Postdoctoral Science Foundation(2013M541243)the Doctoral Scientific Research Foundation of Liaoning Province(20141014)the Fundamental Research Funds for the Central Universities(N150404018,N130304001,N150401002,N150404015)the National 973 Advance Research Program(2014CB360509)the Postdoctoral Science Foundation of Northeast University(20140319)Ministry of Education-China Mobile Research Foundation(MCM20130131)
文摘In software-defined networking,the separation of control plane from forwarding plane introduces new challenges to network reliability.This paper proposes a fault-tolerant routing mechanism to improve survivability by converting the survivability problem into two sub-problems:constructing an elastic-aware routing tree and controller selection.Based on the shortest path tree,this scheme continuously attempts to prune the routing tree to enhance network survivability.After a certain number of iterations,elastic-aware routing continues to improve network resiliency by increasing the number of edges in this tree.Simulation results demonstrate this fault-tolerant mechanism performs better than the traditional method in terms of the number of protected nodes and network fragility indicator.
文摘Software Defined Networking(SDN)being an emerging network control model is widely recognized as a control and management platform.This model provides efficient techniques to control and manage the enterprise network.Another emerging paradigm is edge computing in which data processing is performed at the edges of the network instead of a central controller.This data processing at the edge nodes reduces the latency and bandwidth requirements.In SDN,the controller is a single point of failure.Several security issues related to the traditional network can be solved by using SDN central management and control.Address Spoofing and Network Intrusion are the most common attacks.These attacks severely degrade performance and security.We propose an edge computing-based mechanism that automatically detects and mitigates those attacks.In this mechanism,an edge system gets the network topology from the controller and the Address Resolution Protocol(ARP)traffic is directed to it for further analysis.As such,the controller is saved from unnecessary processing related to addressing translation.We propose a graph computation based method to identify the location of an attacker or intruder by implementing a graph difference method.By using the correct location information,the exact attacker or intruder is blocked,while the legitimate users get access to the network resources.The proposed mechanism is evaluated in a Mininet simulator and a POX controller.The results show that it improves system performance in terms of attack mitigation time,attack detection time,and bandwidth requirements.
文摘Virtualization is the key technology of cloud computing. Network virtualization plays an important role in this field. Its performance is very relevant to network virtualizing. Nowadays its implementations are mainly based on the idea of Software Define Network (SDN). Open vSwitch is a sort of software virtual switch, which conforms to the OpenFlow protocol standard. It is basically deployed in the Linux kernel hypervisor. This leads to its performance relatively poor because of the limited system resource. In turn, the packet process throughput is very low.In this paper, we present a Cavium-based Open vSwitch implementation. The Cavium platform features with multi cores and couples of hard ac-celerators. It supports zero-copy of packets and handles packet more quickly. We also carry some experiments on the platform. It indicates that we can use it in the enterprise network or campus network as convergence layer and core layer device.
文摘The ever-increasing needs of Internet of Things networks (IoTn) present considerable issues in computing complexity, security, trust, and authentication, among others. This gets increasingly more challenging as technology advances, and its use expands. As a consequence, boosting the capacity of these networks has garnered widespread attention. As a result, 5G, the next phase of cellular networks, is expected to be a game-changer, bringing with it faster data transmission rates, more capacity, improved service quality, and reduced latency. However, 5G networks continue to confront difficulties in establishing pervasive and dependable connections amongst high-speed IoT devices. Thus, to address the shortcomings in current recommendations, we present a unified architecture based on software-defined networks (SDNs) that provides 5G-enabled devices that must have complete secrecy. Through SDN, the architecture streamlines network administration while optimizing network communications. A mutual authentication protocol using elliptic curve cryptography is introduced for mutual authentication across certificate authorities and clustered heads in IoT network deployments based on IoT. Again, a dimensionality reduction intrusion detection mechanism is introduced to decrease computational cost and identify possible network breaches. However, to leverage the method’s potential, the initial module's security is reviewed. The second module is evaluated and compared to modern models.
文摘针对SDN流量工程中流量预测基于静态时空依赖的问题,提出了一种基于注意力机制的图卷积神经网络(GCN)与门控递归单元(GRU)集成的动态网络流量预测方法——AGCNGRU(attention mechanism for GCNGRU model)。借助GCN捕获网络中节点之间的流量空间依赖性和GRU捕获流量经过网络中各节点的时间依赖性,通过时间注意力机制设计每个隐藏状态的权重,以调整时间点流量信息的重要性,同时通过数据驱动空间注意力机制动态自适应调整Laplace矩阵,实现动态提取网络信息数据时空相关性,最终完成动态流量精准预测。在GEANT的数据集上的实验表明,所提出的方法在均方误差方面比GCNGRU减少24.8%,比GRU减少66.4%,并通过与传统路由算法OSPF、DDPG算法比较,在90%的流量负载强度下,网络性能比OSPF提升了24%,比DDPG提升了8.1%,进一步说明了AGCNGRU算法网络流量准确预测带来的时效性和有效性。
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
基金This work was supported by the six talent peaks project in Jiangsu Province(No.XYDXX-012)Natural Science Foundation of China(No.62002045),China Postdoctoral Science Foundation(No.2021M690565)Fundamental Research Funds for the Cornell University(No.N2117002).
文摘The ongoing expansion of the Industrial Internet of Things(IIoT)is enabling the possibility of effective Industry 4.0,where massive sensing devices in heterogeneous environments are connected through dedicated communication protocols.This brings forth new methods and models to fuse the information yielded by the various industrial plant elements and generates emerging security challenges that we have to face,providing ad-hoc functions for scheduling and guaranteeing the network operations.Recently,the large development of SoftwareDefined Networking(SDN)and Artificial Intelligence(AI)technologies have made feasible the design and control of scalable and secure IIoT networks.This paper studies how AI and SDN technologies combined can be leveraged towards improving the security and functionality of these IIoT networks.After surveying the state-of-the-art research efforts in the subject,the paper introduces a candidate architecture for AI-enabled Software-Defined IIoT Network(AI-SDIN)that divides the traditional industrial networks into three functional layers.And with this aim in mind,key technologies(Blockchain-based Data Sharing,Intelligent Wireless Data Sensing,Edge Intelligence,Time-Sensitive Networks,Integrating SDN&TSN,Distributed AI)and improve applications based on AISDIN are also discussed.Further,the paper also highlights new opportunities and potential research challenges in control and automation of IIoT networks.
文摘Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.
