Software defined optical networking(SDON)is a critical technology for the next generation network with the advantages of programmable control and etc.As one of the key issues of SDON,the security of control plane has ...Software defined optical networking(SDON)is a critical technology for the next generation network with the advantages of programmable control and etc.As one of the key issues of SDON,the security of control plane has also received extensive attention,especially in certain network scenarios with high security requirement.Due to the existence of vulnerabilities and heavy overhead,the existing firewalls and distributed control technologies cannot solve the control plane security problem well.In this paper,we propose a distributed control architecture for SDON using the blockchain technique(BlockCtrl).The proposed BlockCtrl model introduces the advantages of blockchain into SDON to achieve a high-efficiency fault tolerant control.We have evaluated the performance of our proposed architecture and compared it to the existing models with respect to various metrics including processing rate,recovery latency and etc.The numerical results show that the BlockCtrl is capable of attacks detection and fault tolerant control in SDON with high performance on resource utilization and service correlation.展开更多
The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,securit...The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.展开更多
This paper presented a joint resource allocation(RA) and admission control(AC) mechanism in software defined mobile networks(SDMNs). In this mechanism, the joint RA and AC problem can be formulated as an optimization ...This paper presented a joint resource allocation(RA) and admission control(AC) mechanism in software defined mobile networks(SDMNs). In this mechanism, the joint RA and AC problem can be formulated as an optimization problem with the aim of maximizing the number of admitted users while simultaneously minimizing the number of allocated channels. Since the primal problem is modeled to be a mixed integer nonlinear problem(MINLP), we attain the suboptimal solutions to the primal MINLP by convex relaxation. Additionally, with the global information collected by the SDMNs controller, a centralized joint RA and AC(CJRA)algorithm is proposed by the Lagrange dual decomposition technique to obtain the global optimum. Meanwhile, we propose an OpenFlow rules placement strategy to realize CJRA in an efficient way. Moreover, a distributed algorithm is also developed to find the local optimum, showing a performance benchmark for the centralized one. Finally, simulation results show that the proposed centralized algorithm admits more users compared with the distributed.展开更多
Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN t...Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.展开更多
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
In light of the escalating demand and intricacy of services in contemporary terrestrial,maritime,and aerial combat operations,there is a compelling need for enhanced service quality and efficiency in airborne cluster ...In light of the escalating demand and intricacy of services in contemporary terrestrial,maritime,and aerial combat operations,there is a compelling need for enhanced service quality and efficiency in airborne cluster communication networks.Software-Defined Networking(SDN)proffers a viable solution for the multifaceted task of cooperative communication transmission and management across different operational domains within complex combat contexts,due to its intrinsic ability to flexibly allocate and centrally administer network resources.This study pivots around the optimization of SDN controller deployment within airborne data link clusters.A collaborative multi-controller architecture predicated on airborne data link clusters is thus proposed.Within this architectural framework,the controller deployment issue is reframed as a two-fold problem:subdomain partition-ing and central interaction node selection.We advocate a subdomain segmentation approach grounded in node value ranking(NDVR)and a central interaction node selection methodology predicated on an enhanced Artificial Fish Swarm Algorithm(AFSA).The advanced NDVR-AFSA(Node value ranking-Improved artificial fish swarm algorithm)algorithm makes use of a chaos algorithm for population initialization,boosting population diversity and circumventing premature algorithm convergence.By the integration of adaptive strategies and incorporation of the genetic algorithm’s crossover and mutation operations,the algorithm’s search range adaptability is enhanced,thereby increasing the possibility of obtaining globally optimal solutions,while concurrently augmenting cluster reliability.The simulation results verify the advantages of the NDVR-IAFSA algorithm,achieve a better load balancing effect,improve the reliability of aviation data link cluster,and significantly reduce the average propagation delay and disconnection rate,respectively,by 12.8%and 11.7%.This shows that the optimization scheme has important significance in practical application,and can meet the high requirements of modern sea,land,and air operations to aviation airborne communication networks.展开更多
Software Defined Network(SDN)has been developed rapidly in technology and popularized in application due to its efficiency and flexibility in network management.In multi-controller SDN architecture,the Controller Plac...Software Defined Network(SDN)has been developed rapidly in technology and popularized in application due to its efficiency and flexibility in network management.In multi-controller SDN architecture,the Controller Placement Problem(CPP)must be solved carefully as it directly affects the whole network performance.This paper proposes a Multi-objective Greedy Optimized K-means Algorithm(MGOKA)to solve this problem to optimize worst-case and average delay between switches and controllers as well as synchronization delay and load balance among controllers for Wide Area Networks(WAN).MGOKA combines the process of network partition based on the K-means algorithm with cluster fusion based on the greedy algorithm and designs a normalization strategy to convert a multi-objective into a single-objective optimization problem.The simulation results depict that in different network scales with different numbers of controllers,the relative optimization rate of our proposed algorithm compared with K-means,K-means++,and GOKA can reach up to 101.5%,109.9%,and 79.8%,respectively.Moreover,the error rate between MGOKA and the global optimal solution is always less than 4%.展开更多
Solving the controller placement problem (CPP) in an SDN architecture with multiple controllers has a significant impact on control overhead in the network, especially in multihop wireless networks (MWNs). The generat...Solving the controller placement problem (CPP) in an SDN architecture with multiple controllers has a significant impact on control overhead in the network, especially in multihop wireless networks (MWNs). The generated control overhead consists of controller-device and inter-controller communications to discover the network topology, exchange configurations, and set up and modify flow tables in the control plane. However, due to the high complexity of the proposed optimization model to the CPP, heuristic algorithms have been reported to find near-optimal solutions faster for large-scale wired networks. In this paper, the objective is to extend those existing heuristic algorithms to solve a proposed optimization model to the CPP in software-<span>defined multihop wireless networking</span><span> (SDMWN).</span>Our results demonstrate that using ranking degrees assigned to the possible controller placements, including the average distance to other devices as a degree or the connectivity degree of each placement, the extended heuristic algorithms are able to achieve the optimal solution in small-scale networks in terms of the generated control overhead and the number of controllers selected in the network. As a result, using extended heuristic algorithms, the average number of hops among devices and their assigned controllers as well as among controllers will be reduced. Moreover, these algorithms are able tolower<span "=""> </span>the control overhead in large-scale networks and select fewer controllers compared to an extended algorithm that solves the CPP in SDMWN based on a randomly selected controller placement approach.展开更多
为解决高密度无线局域网中接入拥塞、资源失衡及流量混传导致的性能瓶颈问题,从接入层面、资源层面及流量层面分析无线局域网接入拥塞问题,并从3个层面提出基于软件定义网络(Software Defined Network,SDN)流量调度的应对策略。实践案...为解决高密度无线局域网中接入拥塞、资源失衡及流量混传导致的性能瓶颈问题,从接入层面、资源层面及流量层面分析无线局域网接入拥塞问题,并从3个层面提出基于软件定义网络(Software Defined Network,SDN)流量调度的应对策略。实践案例验证了该策略在提升网络吞吐量、降低传输时延方面具有明显成效。展开更多
In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the grow...In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.展开更多
As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advanta...As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.展开更多
Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing...Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).展开更多
Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible netw...Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.展开更多
目的/意义建设基于软件定义网络(software defined networking,SDN)架构的网络安全平台,以增强医院云计算安全防护。方法/过程基于SDN架构构建网络安全平台,并与入侵检测系统联动形成主动防御系统。对比分析平台应用前后租户横向攻击数...目的/意义建设基于软件定义网络(software defined networking,SDN)架构的网络安全平台,以增强医院云计算安全防护。方法/过程基于SDN架构构建网络安全平台,并与入侵检测系统联动形成主动防御系统。对比分析平台应用前后租户横向攻击数量、攻击成功率、策略无阻断业务数、勒索软件加密数据量和安全团队操作工时等指标,验证平台的有效性。结果/结论基于SDN架构的网络安全平台可有效识别并阻断恶意流量,增强对医院云计算的安全防护。展开更多
This paper introduces a robust Distributed Denial-of-Service attack detection framework tailored for Software-Defined Networking based Internet of Things environments,built upon a novel,syntheticmulti-vector dataset g...This paper introduces a robust Distributed Denial-of-Service attack detection framework tailored for Software-Defined Networking based Internet of Things environments,built upon a novel,syntheticmulti-vector dataset generated in a Mininet-Ryu testbed using real-time flow-based labeling.The proposed model is based on the XGBoost algorithm,optimized with Principal Component Analysis for dimensionality reduction,utilizing lightweight flowlevel features extracted from Open Flow statistics to classify attacks across critical IoT protocols including TCP,UDP,HTTP,MQTT,and CoAP.The model employs lightweight flow-level features extracted from Open Flow statistics to ensure low computational overhead and fast processing.Performance was rigorously evaluated using key metrics,including Accuracy,Precision,Recall,F1-Score,False Alarm Rate,AUC-ROC,and Detection Time.Experimental results demonstrate the model’s high performance,achieving an accuracy of 98.93%and a low FAR of 0.86%,with a rapid median detection time of 1.02 s.This efficiency validates its superiority in meeting critical Key Performance Indicators,such as Latency and high Throughput,necessary for time-sensitive SDN-IoT systems.Furthermore,the model’s robustness and statistically significant outperformance against baseline models such as Random Forest,k-Nearest Neighbors,and Gradient Boosting Machine,validating through statistical tests using Wilcoxon signed-rank test and confirmed via successful deployment in a real SDN testbed for live traffic detection and mitigation.展开更多
In recent years, SDN(Software Defined Network) as a new network architecture has become the hot research point. Meanwhile,the well-known Open Flow-based SDN got a lot of attention. But it can't provide a flexible ...In recent years, SDN(Software Defined Network) as a new network architecture has become the hot research point. Meanwhile,the well-known Open Flow-based SDN got a lot of attention. But it can't provide a flexible and effective network resource description method.As an open programmable technology, For CES(Forwarding and Control Element Separation)has also been concerned. However, For CES is confined within a single network node and cannot be applied to the entire network. This paper proposes a new architecture — ForS A(ForC ESbased SDN architecture). The architecture is added a configuration layer based on the traditional SDN architecture, which solves the problem that the northbound interface is not clear between the application layer and the control layer in the SDN architecture. ForS A also implements the compatibility within various forwarding devices in the forwarding layer.展开更多
Software Defined Network (SDN) makes network management more flexible by separating control plane and data plane, centralized control and being programmable. Although, network measurement still remains in primary stag...Software Defined Network (SDN) makes network management more flexible by separating control plane and data plane, centralized control and being programmable. Although, network measurement still remains in primary stage in SDN, it has become an essential research field in SDN management. In this context, this paper presents a low-cost high-accuracy measurement framework to support various network measurement tasks, such as throughput, delay and packet loss rate. In this framework, we only measure per-flow edge switches (the first and the last switches). In addition, a new adaptive sampling algorithm is proposed to significantly improve measurement accuracy and decrease network overhead. Meanwhile, we consider a low-cost topology discovery approach into our framework instead of topology discovery currently implemented by SDN controller frameworks. In order to improve the accuracy of delay, we also join a time threshold value to adjust the time delay. Furthermore, we consider and analyze the balance between measurement overhead and accuracy in several aspects. Last, we utilize POX controller to implement the proposed measurement framework. The effectiveness of our solution is demonstrated through simulations in Mininet and Matlab.展开更多
基金supported in part by NSFC project(61871056)Young Elite Scientists Sponsorship Program by CAST(2018QNRC001)+1 种基金Fundamental Research Funds for the Central Universities(2018XKJC06)Open Fund of SKL of IPOC(BUPT)(IPOC2018A001)
文摘Software defined optical networking(SDON)is a critical technology for the next generation network with the advantages of programmable control and etc.As one of the key issues of SDON,the security of control plane has also received extensive attention,especially in certain network scenarios with high security requirement.Due to the existence of vulnerabilities and heavy overhead,the existing firewalls and distributed control technologies cannot solve the control plane security problem well.In this paper,we propose a distributed control architecture for SDON using the blockchain technique(BlockCtrl).The proposed BlockCtrl model introduces the advantages of blockchain into SDON to achieve a high-efficiency fault tolerant control.We have evaluated the performance of our proposed architecture and compared it to the existing models with respect to various metrics including processing rate,recovery latency and etc.The numerical results show that the BlockCtrl is capable of attacks detection and fault tolerant control in SDON with high performance on resource utilization and service correlation.
基金This work was supported by Universiti Sains Malaysia under external grant(Grant Number 304/PNAV/650958/U154).
文摘The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.
基金supported by the National Natural Science Foundation of China under Grant No.61701284,61472229,31671588 and 61801270the China Postdoctoral Science Foundation Funded Project under Grant No2017M622233+2 种基金the Application Research Project for Postdoctoral Researchers of Qingdao,the Scientific Research Foundation of Shandong University of Science and Technology for Recruited Talents under Grant No.2016RCJJ010the Sci.&Tech.DevelopmentFund of Shandong Province of China underGrant No.2016ZDJS02A11,ZR2017BF015and ZR2017MF027the Taishan Scholar Climbing Program of Shandong Province,and SDUST Research Fund under Grant No.2015TDJH102
文摘This paper presented a joint resource allocation(RA) and admission control(AC) mechanism in software defined mobile networks(SDMNs). In this mechanism, the joint RA and AC problem can be formulated as an optimization problem with the aim of maximizing the number of admitted users while simultaneously minimizing the number of allocated channels. Since the primal problem is modeled to be a mixed integer nonlinear problem(MINLP), we attain the suboptimal solutions to the primal MINLP by convex relaxation. Additionally, with the global information collected by the SDMNs controller, a centralized joint RA and AC(CJRA)algorithm is proposed by the Lagrange dual decomposition technique to obtain the global optimum. Meanwhile, we propose an OpenFlow rules placement strategy to realize CJRA in an efficient way. Moreover, a distributed algorithm is also developed to find the local optimum, showing a performance benchmark for the centralized one. Finally, simulation results show that the proposed centralized algorithm admits more users compared with the distributed.
基金supported by UniversitiKebangsaan Malaysia,under Dana Impak Perdana 2.0.(Ref:DIP–2022–020).
文摘Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
基金supported by the following funds:Defense Industrial Technology Development Program Grant:G20210513Shaanxi Provincal Department of Science and Technology Grant:2021KW-07Shaanxi Provincal Department of Science and Technology Grant:2022 QFY01-14.
文摘In light of the escalating demand and intricacy of services in contemporary terrestrial,maritime,and aerial combat operations,there is a compelling need for enhanced service quality and efficiency in airborne cluster communication networks.Software-Defined Networking(SDN)proffers a viable solution for the multifaceted task of cooperative communication transmission and management across different operational domains within complex combat contexts,due to its intrinsic ability to flexibly allocate and centrally administer network resources.This study pivots around the optimization of SDN controller deployment within airborne data link clusters.A collaborative multi-controller architecture predicated on airborne data link clusters is thus proposed.Within this architectural framework,the controller deployment issue is reframed as a two-fold problem:subdomain partition-ing and central interaction node selection.We advocate a subdomain segmentation approach grounded in node value ranking(NDVR)and a central interaction node selection methodology predicated on an enhanced Artificial Fish Swarm Algorithm(AFSA).The advanced NDVR-AFSA(Node value ranking-Improved artificial fish swarm algorithm)algorithm makes use of a chaos algorithm for population initialization,boosting population diversity and circumventing premature algorithm convergence.By the integration of adaptive strategies and incorporation of the genetic algorithm’s crossover and mutation operations,the algorithm’s search range adaptability is enhanced,thereby increasing the possibility of obtaining globally optimal solutions,while concurrently augmenting cluster reliability.The simulation results verify the advantages of the NDVR-IAFSA algorithm,achieve a better load balancing effect,improve the reliability of aviation data link cluster,and significantly reduce the average propagation delay and disconnection rate,respectively,by 12.8%and 11.7%.This shows that the optimization scheme has important significance in practical application,and can meet the high requirements of modern sea,land,and air operations to aviation airborne communication networks.
基金Supported by the National Natural Science Foundation of China(62102241)。
文摘Software Defined Network(SDN)has been developed rapidly in technology and popularized in application due to its efficiency and flexibility in network management.In multi-controller SDN architecture,the Controller Placement Problem(CPP)must be solved carefully as it directly affects the whole network performance.This paper proposes a Multi-objective Greedy Optimized K-means Algorithm(MGOKA)to solve this problem to optimize worst-case and average delay between switches and controllers as well as synchronization delay and load balance among controllers for Wide Area Networks(WAN).MGOKA combines the process of network partition based on the K-means algorithm with cluster fusion based on the greedy algorithm and designs a normalization strategy to convert a multi-objective into a single-objective optimization problem.The simulation results depict that in different network scales with different numbers of controllers,the relative optimization rate of our proposed algorithm compared with K-means,K-means++,and GOKA can reach up to 101.5%,109.9%,and 79.8%,respectively.Moreover,the error rate between MGOKA and the global optimal solution is always less than 4%.
文摘Solving the controller placement problem (CPP) in an SDN architecture with multiple controllers has a significant impact on control overhead in the network, especially in multihop wireless networks (MWNs). The generated control overhead consists of controller-device and inter-controller communications to discover the network topology, exchange configurations, and set up and modify flow tables in the control plane. However, due to the high complexity of the proposed optimization model to the CPP, heuristic algorithms have been reported to find near-optimal solutions faster for large-scale wired networks. In this paper, the objective is to extend those existing heuristic algorithms to solve a proposed optimization model to the CPP in software-<span>defined multihop wireless networking</span><span> (SDMWN).</span>Our results demonstrate that using ranking degrees assigned to the possible controller placements, including the average distance to other devices as a degree or the connectivity degree of each placement, the extended heuristic algorithms are able to achieve the optimal solution in small-scale networks in terms of the generated control overhead and the number of controllers selected in the network. As a result, using extended heuristic algorithms, the average number of hops among devices and their assigned controllers as well as among controllers will be reduced. Moreover, these algorithms are able tolower<span "=""> </span>the control overhead in large-scale networks and select fewer controllers compared to an extended algorithm that solves the CPP in SDMWN based on a randomly selected controller placement approach.
文摘为解决高密度无线局域网中接入拥塞、资源失衡及流量混传导致的性能瓶颈问题,从接入层面、资源层面及流量层面分析无线局域网接入拥塞问题,并从3个层面提出基于软件定义网络(Software Defined Network,SDN)流量调度的应对策略。实践案例验证了该策略在提升网络吞吐量、降低传输时延方面具有明显成效。
基金This work is supported by the Fundamental Research Funds for the Central Universities.
文摘In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.
基金supported by the National Natural Science Foundation of China(61571336)the Science and Technology Project of Henan Province in China(172102210081)the Independent Innovation Research Foundation of Wuhan University of Technology(2016-JL-036)
文摘As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.
基金supported by the National Natural Science Foundation of China for Innovative Research Groups (61521003)the National Natural Science Foundation of China (61872382)+1 种基金the National Key Research and Development Program of China (2017YFB0803204)the Research and Development Program in Key Areas of Guangdong Province (No.2018B010113001)
文摘Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).
基金supported in part by the“973”Program of China under Grant No.2013CB329103the National Natural Science Foundation of China under Grant No.61271171 and No.61401070+1 种基金National Key Research and Development Program of China No.2016YFB0800105the“863”Program of China under Grant No.2015AA015702 and No.2015AA016102
文摘Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.
文摘目的/意义建设基于软件定义网络(software defined networking,SDN)架构的网络安全平台,以增强医院云计算安全防护。方法/过程基于SDN架构构建网络安全平台,并与入侵检测系统联动形成主动防御系统。对比分析平台应用前后租户横向攻击数量、攻击成功率、策略无阻断业务数、勒索软件加密数据量和安全团队操作工时等指标,验证平台的有效性。结果/结论基于SDN架构的网络安全平台可有效识别并阻断恶意流量,增强对医院云计算的安全防护。
文摘This paper introduces a robust Distributed Denial-of-Service attack detection framework tailored for Software-Defined Networking based Internet of Things environments,built upon a novel,syntheticmulti-vector dataset generated in a Mininet-Ryu testbed using real-time flow-based labeling.The proposed model is based on the XGBoost algorithm,optimized with Principal Component Analysis for dimensionality reduction,utilizing lightweight flowlevel features extracted from Open Flow statistics to classify attacks across critical IoT protocols including TCP,UDP,HTTP,MQTT,and CoAP.The model employs lightweight flow-level features extracted from Open Flow statistics to ensure low computational overhead and fast processing.Performance was rigorously evaluated using key metrics,including Accuracy,Precision,Recall,F1-Score,False Alarm Rate,AUC-ROC,and Detection Time.Experimental results demonstrate the model’s high performance,achieving an accuracy of 98.93%and a low FAR of 0.86%,with a rapid median detection time of 1.02 s.This efficiency validates its superiority in meeting critical Key Performance Indicators,such as Latency and high Throughput,necessary for time-sensitive SDN-IoT systems.Furthermore,the model’s robustness and statistically significant outperformance against baseline models such as Random Forest,k-Nearest Neighbors,and Gradient Boosting Machine,validating through statistical tests using Wilcoxon signed-rank test and confirmed via successful deployment in a real SDN testbed for live traffic detection and mitigation.
基金supported in part by a grant from the National Basic Research Program of China(973 Program)(No.2012CB315902)the National High Technology Research and Development Program(863 Program) (No.2015AA011901)+1 种基金the National Natural Science Foundation of China(No.61402408, 61379120)Zhejiang Leading Team of Science and Technology Innovation(No.2011R50010-04, 2011R50010-03,2011R50010-2)
文摘In recent years, SDN(Software Defined Network) as a new network architecture has become the hot research point. Meanwhile,the well-known Open Flow-based SDN got a lot of attention. But it can't provide a flexible and effective network resource description method.As an open programmable technology, For CES(Forwarding and Control Element Separation)has also been concerned. However, For CES is confined within a single network node and cannot be applied to the entire network. This paper proposes a new architecture — ForS A(ForC ESbased SDN architecture). The architecture is added a configuration layer based on the traditional SDN architecture, which solves the problem that the northbound interface is not clear between the application layer and the control layer in the SDN architecture. ForS A also implements the compatibility within various forwarding devices in the forwarding layer.
文摘Software Defined Network (SDN) makes network management more flexible by separating control plane and data plane, centralized control and being programmable. Although, network measurement still remains in primary stage in SDN, it has become an essential research field in SDN management. In this context, this paper presents a low-cost high-accuracy measurement framework to support various network measurement tasks, such as throughput, delay and packet loss rate. In this framework, we only measure per-flow edge switches (the first and the last switches). In addition, a new adaptive sampling algorithm is proposed to significantly improve measurement accuracy and decrease network overhead. Meanwhile, we consider a low-cost topology discovery approach into our framework instead of topology discovery currently implemented by SDN controller frameworks. In order to improve the accuracy of delay, we also join a time threshold value to adjust the time delay. Furthermore, we consider and analyze the balance between measurement overhead and accuracy in several aspects. Last, we utilize POX controller to implement the proposed measurement framework. The effectiveness of our solution is demonstrated through simulations in Mininet and Matlab.
