Software-defined networking(SDN)is an innovative paradigm that separates the control and data planes,introducing centralized network control.SDN is increasingly being adopted by Carrier Grade networks,offering enhance...Software-defined networking(SDN)is an innovative paradigm that separates the control and data planes,introducing centralized network control.SDN is increasingly being adopted by Carrier Grade networks,offering enhanced networkmanagement capabilities than those of traditional networks.However,because SDN is designed to ensure high-level service availability,it faces additional challenges.One of themost critical challenges is ensuring efficient detection and recovery from link failures in the data plane.Such failures can significantly impact network performance and lead to service outages,making resiliency a key concern for the effective adoption of SDN.Since the recovery process is intrinsically dependent on timely failure detection,this research surveys and analyzes the current literature on both failure detection and recovery approaches in SDN.The survey provides a critical comparison of existing failure detection techniques,highlighting their advantages and disadvantages.Additionally,it examines the current failure recovery methods,categorized as either restoration-based or protection-based,and offers a comprehensive comparison of their strengths and limitations.Lastly,future research challenges and directions are discussed to address the shortcomings of existing failure recovery methods.展开更多
Link failure is a critical issue in large networks and must be effectively addressed.In software-defined networks(SDN),link failure recovery schemes can be categorized into proactive and reactive approaches.Reactive s...Link failure is a critical issue in large networks and must be effectively addressed.In software-defined networks(SDN),link failure recovery schemes can be categorized into proactive and reactive approaches.Reactive schemes have longer recovery times while proactive schemes provide faster recovery but overwhelm the memory of switches by flow entries.As SDN adoption grows,ensuring efficient recovery from link failures in the data plane becomes crucial.In particular,data center networks(DCNs)demand rapid recovery times and efficient resource utilization to meet carrier-grade requirements.This paper proposes an efficient Decentralized Failure Recovery(DFR)model for SDNs,meeting recovery time requirements and optimizing switch memory resource consumption.The DFR model enables switches to autonomously reroute traffic upon link failures without involving the controller,achieving fast recovery times while minimizing memory usage.DFR employs the Fast Failover Group in the OpenFlow standard for local recovery without requiring controller communication and utilizes the k-shortest path algorithm to proactively install backup paths,allowing immediate local recovery without controller intervention and enhancing overall network stability and scalability.DFR employs flow entry aggregation techniques to reduce switch memory usage.Instead of matching flow entries to the destination host’s MAC address,DFR matches packets to the destination switch’s MAC address.This reduces the switches’Ternary Content-Addressable Memory(TCAM)consumption.Additionally,DFR modifies Address Resolution Protocol(ARP)replies to provide source hosts with the destination switch’s MAC address,facilitating flow entry aggregation without affecting normal network operations.The performance of DFR is evaluated through the network emulator Mininet 2.3.1 and Ryu 3.1 as SDN controller.For different number of active flows,number of hosts per edge switch,and different network sizes,the proposed model outperformed various failure recovery models:restoration-based,protection by flow entries,protection by group entries and protection by Vlan-tagging model in terms of recovery time,switch memory consumption and controller overhead which represented the number of flow entry updates to recover from the failure.Experimental results demonstrate that DFR achieves recovery times under 20 milliseconds,satisfying carrier-grade requirements for rapid failure recovery.Additionally,DFR reduces switch memory usage by up to 95%compared to traditional protection methods and minimizes controller load by eliminating the need for controller intervention during failure recovery.Theresults underscore the efficiency and scalability of the DFR model,making it a practical solution for enhancing network resilience in SDN environments.展开更多
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN t...Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.展开更多
Software-Defined Networking(SDN),with segregated data and control planes,provides faster data routing,stability,and enhanced quality metrics,such as throughput(Th),maximum available bandwidth(Bd(max)),data transfer(DT...Software-Defined Networking(SDN),with segregated data and control planes,provides faster data routing,stability,and enhanced quality metrics,such as throughput(Th),maximum available bandwidth(Bd(max)),data transfer(DTransfer),and reduction in end-to-end delay(D(E-E)).This paper explores the critical work of deploying SDN in large-scale Data Center Networks(DCNs)to enhance its Quality of Service(QoS)parameters,using logically distributed control configurations.There is a noticeable increase in Delay(E-E)when adopting SDN with a unified(single)control structure in big DCNs to handle Hypertext Transfer Protocol(HTTP)requests causing a reduction in network quality parameters(Bd(max),Th,DTransfer,D(E-E),etc.).This article examines the network performance in terms of quality matrices(bandwidth,throughput,data transfer,etc.),by establishing a large-scale SDN-based virtual network in the Mininet environment.The SDN network is simulated in three stages:(1)An SDN network with unitary controller-POX to manage the data traffic flow of the network without the server load management algorithm.(2)An SDN network with only one controller to manage the data traffic flow of the network with a server load management algorithm.(3)Deployment of SDN in proposed control arrangement(logically distributed controlled framework)with multiple controllers managing data traffic flow under the proposed Intelligent Sensing Server Load Management(ISSLM)algorithm.As a result of this approach,the network quality parameters in large-scale networks are enhanced.展开更多
Software Defined Network(SDN)has been developed rapidly in technology and popularized in application due to its efficiency and flexibility in network management.In multi-controller SDN architecture,the Controller Plac...Software Defined Network(SDN)has been developed rapidly in technology and popularized in application due to its efficiency and flexibility in network management.In multi-controller SDN architecture,the Controller Placement Problem(CPP)must be solved carefully as it directly affects the whole network performance.This paper proposes a Multi-objective Greedy Optimized K-means Algorithm(MGOKA)to solve this problem to optimize worst-case and average delay between switches and controllers as well as synchronization delay and load balance among controllers for Wide Area Networks(WAN).MGOKA combines the process of network partition based on the K-means algorithm with cluster fusion based on the greedy algorithm and designs a normalization strategy to convert a multi-objective into a single-objective optimization problem.The simulation results depict that in different network scales with different numbers of controllers,the relative optimization rate of our proposed algorithm compared with K-means,K-means++,and GOKA can reach up to 101.5%,109.9%,and 79.8%,respectively.Moreover,the error rate between MGOKA and the global optimal solution is always less than 4%.展开更多
针对传统的IP欺骗攻击缓解方法存在运算开销大、缺乏灵活性等问题,提出了一种基于动态限制策略的软件定义网络(software defined network,SDN)中IP欺骗攻击缓解方法。首先,利用Packet-In消息中三元组信息回溯攻击路径,定位IP欺骗攻击源...针对传统的IP欺骗攻击缓解方法存在运算开销大、缺乏灵活性等问题,提出了一种基于动态限制策略的软件定义网络(software defined network,SDN)中IP欺骗攻击缓解方法。首先,利用Packet-In消息中三元组信息回溯攻击路径,定位IP欺骗攻击源头主机;然后,由控制器制定动态限制策略对连接攻击源头主机的交换机端口的新流转发功能进行限制,待限制期满再恢复其转发新流的功能,限制期的大小随着被检测为攻击源的次数而增长。研究结果表明:这种动态的限制策略可阻隔攻击流进入SDN网络,从而有效避免SDN交换机、控制器以及链路过载;由于在限制期间无需再对这些限制的交换机端口进行实时监测,该方法在应对长时攻击时较传统方法具有更高的缓解效率和更少的资源消耗。展开更多
针对工业物联网中业务需求多样性和服务质量(Quality of Service,QoS)要求差异性导致的网络资源利用低问题,提出一种基于深度强化学习的网络切片资源分配策略。该策略运用深度强化学习优化网络切片资源分配的准入控制,通过智能体在特定...针对工业物联网中业务需求多样性和服务质量(Quality of Service,QoS)要求差异性导致的网络资源利用低问题,提出一种基于深度强化学习的网络切片资源分配策略。该策略运用深度强化学习优化网络切片资源分配的准入控制,通过智能体在特定时间窗口内处理资源请求,并根据不同网络切片的QoS要求及请求准入结果进行资源的动态分配。实验结果表明,所提策略相比基准算法在提高网络收益、资源利用率和接收率方面分别提升了8.33%、9.84%和8.57%。该策略能够在保证服务质量的同时提高整个网络的效率和性能。展开更多
Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified ne...Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.展开更多
As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advanta...As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.展开更多
The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networ...The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networking services,the IoV still suffers with high processing latency,less mobility support and location awareness.In this paper,we integrate fog computing and software defined networking(SDN) to address those problems.Fog computing extends computing and storing to the edge of the network,which could decrease latency remarkably in addition to enable mobility support and location awareness.Meanwhile,SDN provides flexible centralized control and global knowledge to the network.In order to apply the software defined cloud/fog networking(SDCFN) architecture in the IoV effectively,we propose a novel SDN-based modified constrained optimization particle swarm optimization(MPSO-CO) algorithm which uses the reverse of the flight of mutation particles and linear decrease inertia weight to enhance the performance of constrained optimization particle swarm optimization(PSO-CO).The simulation results indicate that the SDN-based MPSO-CO algorithm could effectively decrease the latency and improve the quality of service(QoS) in the SDCFN architecture.展开更多
文摘Software-defined networking(SDN)is an innovative paradigm that separates the control and data planes,introducing centralized network control.SDN is increasingly being adopted by Carrier Grade networks,offering enhanced networkmanagement capabilities than those of traditional networks.However,because SDN is designed to ensure high-level service availability,it faces additional challenges.One of themost critical challenges is ensuring efficient detection and recovery from link failures in the data plane.Such failures can significantly impact network performance and lead to service outages,making resiliency a key concern for the effective adoption of SDN.Since the recovery process is intrinsically dependent on timely failure detection,this research surveys and analyzes the current literature on both failure detection and recovery approaches in SDN.The survey provides a critical comparison of existing failure detection techniques,highlighting their advantages and disadvantages.Additionally,it examines the current failure recovery methods,categorized as either restoration-based or protection-based,and offers a comprehensive comparison of their strengths and limitations.Lastly,future research challenges and directions are discussed to address the shortcomings of existing failure recovery methods.
文摘Link failure is a critical issue in large networks and must be effectively addressed.In software-defined networks(SDN),link failure recovery schemes can be categorized into proactive and reactive approaches.Reactive schemes have longer recovery times while proactive schemes provide faster recovery but overwhelm the memory of switches by flow entries.As SDN adoption grows,ensuring efficient recovery from link failures in the data plane becomes crucial.In particular,data center networks(DCNs)demand rapid recovery times and efficient resource utilization to meet carrier-grade requirements.This paper proposes an efficient Decentralized Failure Recovery(DFR)model for SDNs,meeting recovery time requirements and optimizing switch memory resource consumption.The DFR model enables switches to autonomously reroute traffic upon link failures without involving the controller,achieving fast recovery times while minimizing memory usage.DFR employs the Fast Failover Group in the OpenFlow standard for local recovery without requiring controller communication and utilizes the k-shortest path algorithm to proactively install backup paths,allowing immediate local recovery without controller intervention and enhancing overall network stability and scalability.DFR employs flow entry aggregation techniques to reduce switch memory usage.Instead of matching flow entries to the destination host’s MAC address,DFR matches packets to the destination switch’s MAC address.This reduces the switches’Ternary Content-Addressable Memory(TCAM)consumption.Additionally,DFR modifies Address Resolution Protocol(ARP)replies to provide source hosts with the destination switch’s MAC address,facilitating flow entry aggregation without affecting normal network operations.The performance of DFR is evaluated through the network emulator Mininet 2.3.1 and Ryu 3.1 as SDN controller.For different number of active flows,number of hosts per edge switch,and different network sizes,the proposed model outperformed various failure recovery models:restoration-based,protection by flow entries,protection by group entries and protection by Vlan-tagging model in terms of recovery time,switch memory consumption and controller overhead which represented the number of flow entry updates to recover from the failure.Experimental results demonstrate that DFR achieves recovery times under 20 milliseconds,satisfying carrier-grade requirements for rapid failure recovery.Additionally,DFR reduces switch memory usage by up to 95%compared to traditional protection methods and minimizes controller load by eliminating the need for controller intervention during failure recovery.Theresults underscore the efficiency and scalability of the DFR model,making it a practical solution for enhancing network resilience in SDN environments.
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
基金supported by UniversitiKebangsaan Malaysia,under Dana Impak Perdana 2.0.(Ref:DIP–2022–020).
文摘Software Defined Networking(SDN)is programmable by separation of forwarding control through the centralization of the controller.The controller plays the role of the‘brain’that dictates the intelligent part of SDN technology.Various versions of SDN controllers exist as a response to the diverse demands and functions expected of them.There are several SDN controllers available in the open market besides a large number of commercial controllers;some are developed tomeet carrier-grade service levels and one of the recent trends in open-source SDN controllers is the Open Network Operating System(ONOS).This paper presents a comparative study between open source SDN controllers,which are known as Network Controller Platform(NOX),Python-based Network Controller(POX),component-based SDN framework(Ryu),Java-based OpenFlow controller(Floodlight),OpenDayLight(ODL)and ONOS.The discussion is further extended into ONOS architecture,as well as,the evolution of ONOS controllers.This article will review use cases based on ONOS controllers in several application deployments.Moreover,the opportunities and challenges of open source SDN controllers will be discussed,exploring carriergrade ONOS for future real-world deployments,ONOS unique features and identifying the suitable choice of SDN controller for service providers.In addition,we attempt to provide answers to several critical questions relating to the implications of the open-source nature of SDN controllers regarding vendor lock-in,interoperability,and standards compliance,Similarly,real-world use cases of organizations using open-source SDN are highlighted and how the open-source community contributes to the development of SDN controllers.Furthermore,challenges faced by open-source projects,and considerations when choosing an open-source SDN controller are underscored.Then the role of Artificial Intelligence(AI)and Machine Learning(ML)in the evolution of open-source SDN controllers in light of recent research is indicated.In addition,the challenges and limitations associated with deploying open-source SDN controllers in production networks,how can they be mitigated,and finally how opensource SDN controllers handle network security and ensure that network configurations and policies are robust and resilient are presented.Potential opportunities and challenges for future Open SDN deployment are outlined to conclude the article.
文摘Software-Defined Networking(SDN),with segregated data and control planes,provides faster data routing,stability,and enhanced quality metrics,such as throughput(Th),maximum available bandwidth(Bd(max)),data transfer(DTransfer),and reduction in end-to-end delay(D(E-E)).This paper explores the critical work of deploying SDN in large-scale Data Center Networks(DCNs)to enhance its Quality of Service(QoS)parameters,using logically distributed control configurations.There is a noticeable increase in Delay(E-E)when adopting SDN with a unified(single)control structure in big DCNs to handle Hypertext Transfer Protocol(HTTP)requests causing a reduction in network quality parameters(Bd(max),Th,DTransfer,D(E-E),etc.).This article examines the network performance in terms of quality matrices(bandwidth,throughput,data transfer,etc.),by establishing a large-scale SDN-based virtual network in the Mininet environment.The SDN network is simulated in three stages:(1)An SDN network with unitary controller-POX to manage the data traffic flow of the network without the server load management algorithm.(2)An SDN network with only one controller to manage the data traffic flow of the network with a server load management algorithm.(3)Deployment of SDN in proposed control arrangement(logically distributed controlled framework)with multiple controllers managing data traffic flow under the proposed Intelligent Sensing Server Load Management(ISSLM)algorithm.As a result of this approach,the network quality parameters in large-scale networks are enhanced.
基金Supported by the National Natural Science Foundation of China(62102241)。
文摘Software Defined Network(SDN)has been developed rapidly in technology and popularized in application due to its efficiency and flexibility in network management.In multi-controller SDN architecture,the Controller Placement Problem(CPP)must be solved carefully as it directly affects the whole network performance.This paper proposes a Multi-objective Greedy Optimized K-means Algorithm(MGOKA)to solve this problem to optimize worst-case and average delay between switches and controllers as well as synchronization delay and load balance among controllers for Wide Area Networks(WAN).MGOKA combines the process of network partition based on the K-means algorithm with cluster fusion based on the greedy algorithm and designs a normalization strategy to convert a multi-objective into a single-objective optimization problem.The simulation results depict that in different network scales with different numbers of controllers,the relative optimization rate of our proposed algorithm compared with K-means,K-means++,and GOKA can reach up to 101.5%,109.9%,and 79.8%,respectively.Moreover,the error rate between MGOKA and the global optimal solution is always less than 4%.
文摘针对传统的IP欺骗攻击缓解方法存在运算开销大、缺乏灵活性等问题,提出了一种基于动态限制策略的软件定义网络(software defined network,SDN)中IP欺骗攻击缓解方法。首先,利用Packet-In消息中三元组信息回溯攻击路径,定位IP欺骗攻击源头主机;然后,由控制器制定动态限制策略对连接攻击源头主机的交换机端口的新流转发功能进行限制,待限制期满再恢复其转发新流的功能,限制期的大小随着被检测为攻击源的次数而增长。研究结果表明:这种动态的限制策略可阻隔攻击流进入SDN网络,从而有效避免SDN交换机、控制器以及链路过载;由于在限制期间无需再对这些限制的交换机端口进行实时监测,该方法在应对长时攻击时较传统方法具有更高的缓解效率和更少的资源消耗。
文摘针对工业物联网中业务需求多样性和服务质量(Quality of Service,QoS)要求差异性导致的网络资源利用低问题,提出一种基于深度强化学习的网络切片资源分配策略。该策略运用深度强化学习优化网络切片资源分配的准入控制,通过智能体在特定时间窗口内处理资源请求,并根据不同网络切片的QoS要求及请求准入结果进行资源的动态分配。实验结果表明,所提策略相比基准算法在提高网络收益、资源利用率和接收率方面分别提升了8.33%、9.84%和8.57%。该策略能够在保证服务质量的同时提高整个网络的效率和性能。
基金This work was funded by the Deanship of Scientific Research at Jouf University under Grant Number(DSR2022-RG-0102).
文摘Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.
基金supported by the National Natural Science Foundation of China(61571336)the Science and Technology Project of Henan Province in China(172102210081)the Independent Innovation Research Foundation of Wuhan University of Technology(2016-JL-036)
文摘As communication technology and smart manufacturing have developed, the industrial internet of things(IIo T)has gained considerable attention from academia and industry.Wireless sensor networks(WSNs) have many advantages with broad applications in many areas including environmental monitoring, which makes it a very important part of IIo T. However,energy depletion and hardware malfunctions can lead to node failures in WSNs. The industrial environment can also impact the wireless channel transmission, leading to network reliability problems, even with tightly coupled control and data planes in traditional networks, which obviously also enhances network management cost and complexity. In this paper, we introduce a new software defined network(SDN), and modify this network to propose a framework called the improved software defined wireless sensor network(improved SD-WSN). This proposed framework can address the following issues. 1) For a large scale heterogeneous network, it solves the problem of network management and smooth merging of a WSN into IIo T. 2) The network coverage problem is solved which improves the network reliability. 3) The framework addresses node failure due to various problems, particularly related to energy consumption.Therefore, it is necessary to improve the reliability of wireless sensor networks, by developing certain schemes to reduce energy consumption and the delay time of network nodes under IIo T conditions. Experiments have shown that the improved approach significantly reduces the energy consumption of nodes and the delay time, thus improving the reliability of WSN.
基金supported in part by National Natural Science Foundation of China (No.61401331,No.61401328)111 Project in Xidian University of China(B08038)+2 种基金Hong Kong,Macao and Taiwan Science and Technology Cooperation Special Project (2014DFT10320,2015DFT10160)The National Science and Technology Major Project of the Ministry of Science and Technology of China(2015zx03002006-003)FundamentalResearch Funds for the Central Universities (20101155739)
文摘The Internet of Vehicles(IoV)has been widely researched in recent years,and cloud computing has been one of the key technologies in the IoV.Although cloud computing provides high performance compute,storage and networking services,the IoV still suffers with high processing latency,less mobility support and location awareness.In this paper,we integrate fog computing and software defined networking(SDN) to address those problems.Fog computing extends computing and storing to the edge of the network,which could decrease latency remarkably in addition to enable mobility support and location awareness.Meanwhile,SDN provides flexible centralized control and global knowledge to the network.In order to apply the software defined cloud/fog networking(SDCFN) architecture in the IoV effectively,we propose a novel SDN-based modified constrained optimization particle swarm optimization(MPSO-CO) algorithm which uses the reverse of the flight of mutation particles and linear decrease inertia weight to enhance the performance of constrained optimization particle swarm optimization(PSO-CO).The simulation results indicate that the SDN-based MPSO-CO algorithm could effectively decrease the latency and improve the quality of service(QoS) in the SDCFN architecture.
