Accurate early classification of elephant flows(elephants)is important for network management and resource optimization.Elephant models,mainly based on the byte count of flows,can always achieve high accuracy,but not ...Accurate early classification of elephant flows(elephants)is important for network management and resource optimization.Elephant models,mainly based on the byte count of flows,can always achieve high accuracy,but not in a time-efficient manner.The time efficiency becomes even worse when the flows to be classified are sampled by flow entry timeout over Software-Defined Networks(SDNs)to achieve a better resource efficiency.This paper addresses this situation by combining co-training and Reinforcement Learning(RL)to enable a closed-loop classification approach that divides the entire classification process into episodes,each involving two elephant models.One predicts elephants and is retrained by a selection of flows automatically labeled online by the other.RL is used to formulate a reward function that estimates the values of the possible actions based on the current states of both models and further adjusts the ratio of flows to be labeled in each phase.Extensive evaluation based on real traffic traces shows that the proposed approach can stably predict elephants using the packets received in the first 10% of their lifetime with an accuracy of over 80%,and using only about 10% more control channel bandwidth than the baseline over the evolved SDNs.展开更多
The rise of time-sensitive applications with broad geographical scope drives the development of time-sensitive networking(TSN)from intra-domain to inter-domain to ensure overall end-to-end connectivity requirements in...The rise of time-sensitive applications with broad geographical scope drives the development of time-sensitive networking(TSN)from intra-domain to inter-domain to ensure overall end-to-end connectivity requirements in heterogeneous deployments.When multiple TSN networks interconnect over non-TSN networks,all devices in the network need to be syn-chronized by sharing a uniform time reference.How-ever,most non-TSN networks are best-effort.Path delay asymmetry and random noise accumulation can introduce unpredictable time errors during end-to-end time synchronization.These factors can degrade syn-chronization performance.Therefore,cross-domain time synchronization becomes a challenging issue for multiple TSN networks interconnected by non-TSN networks.This paper presents a cross-domain time synchronization scheme that follows the software-defined TSN(SD-TSN)paradigm.It utilizes a com-bined control plane constructed by a coordinate con-troller and a domain controller for centralized control and management of cross-domain time synchroniza-tion.The general operation flow of the cross-domain time synchronization process is designed.The mecha-nism of cross-domain time synchronization is revealed by introducing a synchronization model and an error compensation method.A TSN cross-domain proto-type testbed is constructed for verification.Results show that the scheme can achieve end-to-end high-precision time synchronization with accuracy and sta-bility.展开更多
Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Define...Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Defined Network(SDN)provides solutions through centralized control and dynamic resource allocation,but the existing scheduling methods based on Deep Reinforcement Learning(DRL)are insufficient in terms of convergence speed and dynamic optimization capability.To solve these problems,this paper proposes DRL-AMIR,which is an efficient flow scheduling method for software defined ZTN.This method constructs a flow scheduling optimization model that comprehensively considers service delay,bandwidth occupation,and path hops.Additionally,it balances the differentiated requirements of delay-critical K-flows,bandwidth-intensive D-flows,and background B-flows through adaptiveweighting.Theproposed framework employs a customized state space comprising node labels,link bandwidth,delaymetrics,and path length.It incorporates an action space derived fromnode weights and a hybrid reward function that integrates both single-step and multi-step excitation mechanisms.Based on these components,a hierarchical architecture is designed,effectively integrating the data plane,control plane,and knowledge plane.In particular,the adaptive expert mechanism is introduced,which triggers the shortest path algorithm in the training process to accelerate convergence,reduce trial and error costs,and maintain stability.Experiments across diverse real-world network topologies demonstrate that DRL-AMIR achieves a 15–20%reduction in K-flow transmission delays,a 10–15%improvement in link bandwidth utilization compared to SPR,QoSR,and DRSIR,and a 30%faster convergence speed via adaptive expert mechanisms.展开更多
Distributed denial of service(DDoS)attacks are common network attacks that primarily target Internet of Things(IoT)devices.They are critical for emerging wireless services,especially for applications with limited late...Distributed denial of service(DDoS)attacks are common network attacks that primarily target Internet of Things(IoT)devices.They are critical for emerging wireless services,especially for applications with limited latency.DDoS attacks pose significant risks to entrepreneurial businesses,preventing legitimate customers from accessing their websites.These attacks require intelligent analytics before processing service requests.Distributed denial of service(DDoS)attacks exploit vulnerabilities in IoT devices by launchingmulti-point distributed attacks.These attacks generate massive traffic that overwhelms the victim’s network,disrupting normal operations.The consequences of distributed denial of service(DDoS)attacks are typically more severe in software-defined networks(SDNs)than in traditional networks.The centralised architecture of these networks can exacerbate existing vulnerabilities,as these weaknesses may not be effectively addressed in this model.The preliminary objective for detecting and mitigating distributed denial of service(DDoS)attacks in software-defined networks(SDN)is to monitor traffic patterns and identify anomalies that indicate distributed denial of service(DDoS)attacks.It implements measures to counter the effects ofDDoS attacks,and ensure network reliability and availability by leveraging the flexibility and programmability of SDN to adaptively respond to threats.The authors present a mechanism that leverages the OpenFlow and sFlow protocols to counter the threats posed by DDoS attacks.The results indicate that the proposed model effectively mitigates the negative effects of DDoS attacks in an SDN environment.展开更多
Internet Exchange Point(IXP)is a system that increases network bandwidth performance.Internet exchange points facilitate interconnection among network providers,including Internet Service Providers(ISPs)andContent Del...Internet Exchange Point(IXP)is a system that increases network bandwidth performance.Internet exchange points facilitate interconnection among network providers,including Internet Service Providers(ISPs)andContent Delivery Providers(CDNs).To improve service management,Internet exchange point providers have adopted the Software Defined Network(SDN)paradigm.This implementation is known as a Software-Defined Exchange Point(SDX).It improves network providers’operations and management.However,performance issues still exist,particularly with multi-hop topologies.These issues include switch memory costs,packet processing latency,and link failure recovery delays.The paper proposes Enhanced Link Failure Rerouting(ELFR),an improved mechanism for rerouting link failures in software-defined exchange point networks.The proposed mechanism aims to minimize packet processing time for fast link failure recovery and enhance path calculation efficiency while reducing switch storage overhead by exploiting the Programming Protocol-independent Packet Processors(P4)features.The paper presents the proposed mechanisms’efficiency by utilizing advanced algorithms and demonstrating improved performance in packet processing speed,path calculation effectiveness,and switch storage management compared to current mechanisms.The proposed mechanism shows significant improvements,leading to a 37.5%decrease in Recovery Time(RT)and a 33.33%decrease in both Calculation Time(CT)and Computational Overhead(CO)when compared to current mechanisms.The study highlights the effectiveness and resource efficiency of the proposed mechanism in effectively resolving crucial issues inmulti-hop software-defined exchange point networks.展开更多
Software-Defined Networking(SDN)improves network management by separating its control logic from the underlying hardware and integrating it into a logically centralized control unit,termed the SDN controller.SDN adapt...Software-Defined Networking(SDN)improves network management by separating its control logic from the underlying hardware and integrating it into a logically centralized control unit,termed the SDN controller.SDN adaptation is essential for wireless networks because it offers enhanced and data-intensive services.The initial intent of the SDN design was to have a physically centralized controller.However,network experts have suggested logically centralized and physically distributed designs for SDN controllers,owing to issues such as a single point of failure and scalability.This study addressed the security,scalability,reliability,and consistency issues associated with the design of distributed SDN controllers.Moreover,the security issues of an enterprise related to multiple physically distributed controllers in a software-defined wireless local area network(SD-WLAN)were emphasized,and optimal solutions were suggested.展开更多
In Software-Defined Networks(SDNs),determining how to efficiently achieve Quality of Service(QoS)-aware routing is challenging but critical for significantly improving the performance of a network,where the metrics of...In Software-Defined Networks(SDNs),determining how to efficiently achieve Quality of Service(QoS)-aware routing is challenging but critical for significantly improving the performance of a network,where the metrics of QoS can be defined as,for example,average latency,packet loss ratio,and throughput.The SDN controller can use network statistics and a Deep Reinforcement Learning(DRL)method to resolve this challenge.In this paper,we formulate dynamic routing in an SDN as a Markov decision process and propose a DRL algorithm called the Asynchronous Advantage Actor-Critic QoS-aware Routing Optimization Mechanism(AQROM)to determine routing strategies that balance the traffic loads in the network.AQROM can improve the QoS of the network and reduce the training time via dynamic routing strategy updates;that is,the reward function can be dynamically and promptly altered based on the optimization objective regardless of the network topology and traffic pattern.AQROM can be considered as one-step optimization and a black-box routing mechanism in high-dimensional input and output sets for both discrete and continuous states,and actions with respect to the operations in the SDN.Extensive simulations were conducted using OMNeT++and the results demonstrated that AQROM 1)achieved much faster and stable convergence than the Deep Deterministic Policy Gradient(DDPG)and Advantage Actor-Critic(A2C),2)incurred a lower packet loss ratio and latency than Open Shortest Path First(OSPF),DDPG,and A2C,and 3)resulted in higher and more stable throughput than OSPF,DDPG,and A2C.展开更多
The controller is a main component in the Software-Defined Networking(SDN)framework,which plays a significant role in enabling programmability and orchestration for 5G and next-generation networks.In SDN,frequent comm...The controller is a main component in the Software-Defined Networking(SDN)framework,which plays a significant role in enabling programmability and orchestration for 5G and next-generation networks.In SDN,frequent communication occurs between network switches and the controller,which manages and directs traffic flows.If the controller is not strategically placed within the network,this communication can experience increased delays,negatively affecting network performance.Specifically,an improperly placed controller can lead to higher end-to-end(E2E)delay,as switches must traverse more hops or encounter greater propagation delays when communicating with the controller.This paper introduces a novel approach using Deep Q-Learning(DQL)to dynamically place controllers in Software-Defined Internet of Things(SD-IoT)environments,with the goal of minimizing E2E delay between switches and controllers.E2E delay,a crucial metric for network performance,is influenced by two key factors:hop count,which measures the number of network nodes data must traverse,and propagation delay,which accounts for the physical distance between nodes.Our approach models the controller placement problem as a Markov Decision Process(MDP).In this model,the network configuration at any given time is represented as a“state,”while“actions”correspond to potential decisions regarding the placement of controllers or the reassignment of switches to controllers.Using a Deep Q-Network(DQN)to approximate the Q-function,the system learns the optimal controller placement by maximizing the cumulative reward,which is defined as the negative of the E2E delay.Essentially,the lower the delay,the higher the reward the system receives,enabling it to continuously improve its controller placement strategy.The experimental results show that our DQL-based method significantly reduces E2E delay when compared to traditional benchmark placement strategies.By dynamically learning from the network’s real-time conditions,the proposed method ensures that controller placement remains efficient and responsive,reducing communication delays and enhancing overall network performance.展开更多
By decoupling control plane and data plane,Software-Defined Networking(SDN) approach simplifies network management and speeds up network innovations.These benefits have led not only to prototypes,but also real SDN dep...By decoupling control plane and data plane,Software-Defined Networking(SDN) approach simplifies network management and speeds up network innovations.These benefits have led not only to prototypes,but also real SDN deployments.For wide-area SDN deployments,multiple controllers are often required,and the placement of these controllers becomes a particularly important task in the SDN context.This paper studies the problem of placing controllers in SDNs,so as to maximize the reliability of SDN control networks.We present a novel metric,called expected percentage of control path loss,to characterize the reliability of SDN control networks.We formulate the reliability-aware control placement problem,prove its NP-hardness,and examine several placement algorithms that can solve this problem.Through extensive simulations using real topologies,we show how the number of controllers and their placement influence the reliability of SDN control networks.Besides,we also found that,through strategic controller placement,the reliability of SDN control networks can be significantly improved without introducing unacceptable switch-to-controller latencies.展开更多
Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmab...Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.展开更多
The controller is indispensable in software-defined networking(SDN).With several features,controllers monitor the network and respond promptly to dynamic changes.Their performance affects the quality-of-service(QoS)in...The controller is indispensable in software-defined networking(SDN).With several features,controllers monitor the network and respond promptly to dynamic changes.Their performance affects the quality-of-service(QoS)in SDN.Every controller supports a set of features.However,the support of the features may be more prominent in one controller.Moreover,a single controller leads to performance,single-point-of-failure(SPOF),and scalability problems.To overcome this,a controller with an optimum feature set must be available for SDN.Furthermore,a cluster of optimum feature set controllers will overcome an SPOF and improve the QoS in SDN.Herein,leveraging an analytical network process(ANP),we rank SDN controllers regarding their supporting features and create a hierarchical control plane based cluster(HCPC)of the highly ranked controller computed using the ANP,evaluating their performance for the OS3E topology.The results demonstrated in Mininet reveal that a HCPC environment with an optimum controller achieves an improved QoS.Moreover,the experimental results validated in Mininet show that our proposed approach surpasses the existing distributed controller clustering(DCC)schemes in terms of several performance metrics i.e.,delay,jitter,throughput,load balancing,scalability and CPU(central processing unit)utilization.展开更多
Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing...Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).展开更多
Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a ...Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a consistent and holistic way,without the need of understanding the underlying network structure.At present,SDN may face many challenges like insider attacks,i.e.,the centralized control plane would be attacked by malicious underlying devices and switches.To protect the security of SDN,effective detection approaches are indispensable.In the literature,challenge-based collaborative intrusion detection networks(CIDNs)are an effective detection framework in identifying malicious nodes.It calculates the nodes'reputation and detects a malicious node by sending out a special message called a challenge.In this work,we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes.Our results demonstrate that such a mechanism can be effective in SDN environments.展开更多
As a new networking paradigm,Software-Defined Networking(SDN)enables us to cope with the limitations of traditional networks.SDN uses a controller that has a global view of the network and switch devices which act as ...As a new networking paradigm,Software-Defined Networking(SDN)enables us to cope with the limitations of traditional networks.SDN uses a controller that has a global view of the network and switch devices which act as packet forwarding hardware,known as“OpenFlow switches”.Since load balancing service is essential to distribute workload across servers in data centers,we propose an effective load balancing scheme in SDN,using a genetic programming approach,called Genetic Programming based Load Balancing(GPLB).We formulate the problem to find a path:1)with the best bottleneck switch which has the lowest capacity within bottleneck switches of each path,2)with the shortest path,and 3)requiring the less possible operations.For the purpose of choosing the real-time least loaded path,GPLB immediately calculates the integrated load of paths based on the information that receives from the SDN controller.Hence,in this design,the controller sends the load information of each path to the load balancing algorithm periodically and then the load balancing algorithm returns a least loaded path to the controller.In this paper,we use the Mininet emulator and the OpenDaylight controller to evaluate the effectiveness of the GPLB.The simulative study of the GPLB shows that there is a big improvement in performance metrics and the latency and the jitter are minimized.The GPLB also has the maximum throughput in comparison with related works and has performed better in the heavy traffic situation.The results show that our model stands smartly while not increasing further overhead.展开更多
In multi-agent confrontation scenarios, a jammer is constrained by the single limited performance and inefficiency of practical application. To cope with these issues, this paper aims to investigate the multi-agent ja...In multi-agent confrontation scenarios, a jammer is constrained by the single limited performance and inefficiency of practical application. To cope with these issues, this paper aims to investigate the multi-agent jamming problem in a multi-user scenario, where the coordination between the jammers is considered. Firstly, a multi-agent Markov decision process (MDP) framework is used to model and analyze the multi-agent jamming problem. Secondly, a collaborative multi-agent jamming algorithm (CMJA) based on reinforcement learning is proposed. Finally, an actual intelligent jamming system is designed and built based on software-defined radio (SDR) platform for simulation and platform verification. The simulation and platform verification results show that the proposed CMJA algorithm outperforms the independent Q-learning method and provides a better jamming effect.展开更多
Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some o...Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.展开更多
Elastic control could balance the distributed control plane in Software-Defined Networking(SDN). Dynamic switch migration has been proposed to achieve it. However, existing schemes mainly focus on how to execute migra...Elastic control could balance the distributed control plane in Software-Defined Networking(SDN). Dynamic switch migration has been proposed to achieve it. However, existing schemes mainly focus on how to execute migration operation, but not why. This paper designs a decision-making mechanism based on zero-sum game theory to reelect a new controller as the master for migrated switches. It first chooses a switch for migration in the heavy controller which invites its neighbors as the game players to compete for the master role of this switch in the game-playing field(GPF) which is an occasional and loose domain for game-playing. Second, based on the concept of GPF, we design a decentralized strategy to play the game and determine which player as the final master. We implement it by extending the Open Flow protocol. Finally, numerical results demonstrate that our distributed strategy can approach elastic control plane with better performance.展开更多
Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. ...Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. It has found center, and enterprise networks. applications in mobile, data The SDN architecture has a centralized, programmable control plane that is separate from the data plane. SDN also provides the ability to control and manage virtualized resources and networks without requiring new hardware technologies. This is a major shift in networking technologies.展开更多
Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,f...Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.展开更多
The controller in software-defined networking(SDN)acts as strategic point of control for the underlying network.Multiple controllers are available,and every single controller retains a number of features such as the O...The controller in software-defined networking(SDN)acts as strategic point of control for the underlying network.Multiple controllers are available,and every single controller retains a number of features such as the OpenFlow version,clustering,modularity,platform,and partnership support,etc.They are regarded as vital when making a selection among a set of controllers.As such,the selection of the controller becomes a multi-criteria decision making(MCDM)problem with several features.Hence,an increase in this number will increase the computational complexity of the controller selection process.Previously,the selection of controllers based on features has been studied by the researchers.However,the prioritization of features has gotten less attention.Moreover,several features increase the computational complexity of the selection process.In this paper,we propose a mathematical modeling for feature prioritization with analytical network process(ANP)bridge model for SDN controllers.The results indicate that a prioritized features model lead to a reduction in the computational complexity of the selection of SDN controller.In addition,our model generates prioritized features for SDN controllers.展开更多
基金supported by the National Natural Science Foundation of China(61962016)the Ministry of Science and Technology of China(G2022033002L)+1 种基金National Natural Science Foundation of Guangxi(2022JJA170057)Guangxi Education Department’s Project on Improving the Basic Research Ability of Young and Middleaged Teachers in Universities(2023ky0812,Research on Statistical Network Delay Predictions in Large-scale SDNs).
文摘Accurate early classification of elephant flows(elephants)is important for network management and resource optimization.Elephant models,mainly based on the byte count of flows,can always achieve high accuracy,but not in a time-efficient manner.The time efficiency becomes even worse when the flows to be classified are sampled by flow entry timeout over Software-Defined Networks(SDNs)to achieve a better resource efficiency.This paper addresses this situation by combining co-training and Reinforcement Learning(RL)to enable a closed-loop classification approach that divides the entire classification process into episodes,each involving two elephant models.One predicts elephants and is retrained by a selection of flows automatically labeled online by the other.RL is used to formulate a reward function that estimates the values of the possible actions based on the current states of both models and further adjusts the ratio of flows to be labeled in each phase.Extensive evaluation based on real traffic traces shows that the proposed approach can stably predict elephants using the packets received in the first 10% of their lifetime with an accuracy of over 80%,and using only about 10% more control channel bandwidth than the baseline over the evolved SDNs.
基金supported in part by National Key R&D Program of China(Grant No.2022YFC3803700)in part by the National Natural Science Foundation of China(Grant No.92067102)in part by the project of Beijing Laboratory of Advanced Information Networks.
文摘The rise of time-sensitive applications with broad geographical scope drives the development of time-sensitive networking(TSN)from intra-domain to inter-domain to ensure overall end-to-end connectivity requirements in heterogeneous deployments.When multiple TSN networks interconnect over non-TSN networks,all devices in the network need to be syn-chronized by sharing a uniform time reference.How-ever,most non-TSN networks are best-effort.Path delay asymmetry and random noise accumulation can introduce unpredictable time errors during end-to-end time synchronization.These factors can degrade syn-chronization performance.Therefore,cross-domain time synchronization becomes a challenging issue for multiple TSN networks interconnected by non-TSN networks.This paper presents a cross-domain time synchronization scheme that follows the software-defined TSN(SD-TSN)paradigm.It utilizes a com-bined control plane constructed by a coordinate con-troller and a domain controller for centralized control and management of cross-domain time synchroniza-tion.The general operation flow of the cross-domain time synchronization process is designed.The mecha-nism of cross-domain time synchronization is revealed by introducing a synchronization model and an error compensation method.A TSN cross-domain proto-type testbed is constructed for verification.Results show that the scheme can achieve end-to-end high-precision time synchronization with accuracy and sta-bility.
基金supported in part by Scientific Research Fund of Zhejiang Provincial Education Department under Grant Y202351110in part by Huzhou Science and Technology Plan Project under Grant 2024YZ23+1 种基金in part by Research Fund of National Key Laboratory of Advanced Communication Networks under Grant SCX23641X004in part by Postgraduate Research and Innovation Project of Huzhou University under Grant 2024KYCX50.
文摘Zero Trust Network(ZTN)enhances network security through strict authentication and access control.However,in the ZTN,optimizing flow control to improve the quality of service is still facing challenges.Software Defined Network(SDN)provides solutions through centralized control and dynamic resource allocation,but the existing scheduling methods based on Deep Reinforcement Learning(DRL)are insufficient in terms of convergence speed and dynamic optimization capability.To solve these problems,this paper proposes DRL-AMIR,which is an efficient flow scheduling method for software defined ZTN.This method constructs a flow scheduling optimization model that comprehensively considers service delay,bandwidth occupation,and path hops.Additionally,it balances the differentiated requirements of delay-critical K-flows,bandwidth-intensive D-flows,and background B-flows through adaptiveweighting.Theproposed framework employs a customized state space comprising node labels,link bandwidth,delaymetrics,and path length.It incorporates an action space derived fromnode weights and a hybrid reward function that integrates both single-step and multi-step excitation mechanisms.Based on these components,a hierarchical architecture is designed,effectively integrating the data plane,control plane,and knowledge plane.In particular,the adaptive expert mechanism is introduced,which triggers the shortest path algorithm in the training process to accelerate convergence,reduce trial and error costs,and maintain stability.Experiments across diverse real-world network topologies demonstrate that DRL-AMIR achieves a 15–20%reduction in K-flow transmission delays,a 10–15%improvement in link bandwidth utilization compared to SPR,QoSR,and DRSIR,and a 30%faster convergence speed via adaptive expert mechanisms.
基金supported by the Deanship of Graduate Studies and Scientific Research at Qassim University for financial support(QU-APC-2025).
文摘Distributed denial of service(DDoS)attacks are common network attacks that primarily target Internet of Things(IoT)devices.They are critical for emerging wireless services,especially for applications with limited latency.DDoS attacks pose significant risks to entrepreneurial businesses,preventing legitimate customers from accessing their websites.These attacks require intelligent analytics before processing service requests.Distributed denial of service(DDoS)attacks exploit vulnerabilities in IoT devices by launchingmulti-point distributed attacks.These attacks generate massive traffic that overwhelms the victim’s network,disrupting normal operations.The consequences of distributed denial of service(DDoS)attacks are typically more severe in software-defined networks(SDNs)than in traditional networks.The centralised architecture of these networks can exacerbate existing vulnerabilities,as these weaknesses may not be effectively addressed in this model.The preliminary objective for detecting and mitigating distributed denial of service(DDoS)attacks in software-defined networks(SDN)is to monitor traffic patterns and identify anomalies that indicate distributed denial of service(DDoS)attacks.It implements measures to counter the effects ofDDoS attacks,and ensure network reliability and availability by leveraging the flexibility and programmability of SDN to adaptively respond to threats.The authors present a mechanism that leverages the OpenFlow and sFlow protocols to counter the threats posed by DDoS attacks.The results indicate that the proposed model effectively mitigates the negative effects of DDoS attacks in an SDN environment.
文摘Internet Exchange Point(IXP)is a system that increases network bandwidth performance.Internet exchange points facilitate interconnection among network providers,including Internet Service Providers(ISPs)andContent Delivery Providers(CDNs).To improve service management,Internet exchange point providers have adopted the Software Defined Network(SDN)paradigm.This implementation is known as a Software-Defined Exchange Point(SDX).It improves network providers’operations and management.However,performance issues still exist,particularly with multi-hop topologies.These issues include switch memory costs,packet processing latency,and link failure recovery delays.The paper proposes Enhanced Link Failure Rerouting(ELFR),an improved mechanism for rerouting link failures in software-defined exchange point networks.The proposed mechanism aims to minimize packet processing time for fast link failure recovery and enhance path calculation efficiency while reducing switch storage overhead by exploiting the Programming Protocol-independent Packet Processors(P4)features.The paper presents the proposed mechanisms’efficiency by utilizing advanced algorithms and demonstrating improved performance in packet processing speed,path calculation effectiveness,and switch storage management compared to current mechanisms.The proposed mechanism shows significant improvements,leading to a 37.5%decrease in Recovery Time(RT)and a 33.33%decrease in both Calculation Time(CT)and Computational Overhead(CO)when compared to current mechanisms.The study highlights the effectiveness and resource efficiency of the proposed mechanism in effectively resolving crucial issues inmulti-hop software-defined exchange point networks.
文摘Software-Defined Networking(SDN)improves network management by separating its control logic from the underlying hardware and integrating it into a logically centralized control unit,termed the SDN controller.SDN adaptation is essential for wireless networks because it offers enhanced and data-intensive services.The initial intent of the SDN design was to have a physically centralized controller.However,network experts have suggested logically centralized and physically distributed designs for SDN controllers,owing to issues such as a single point of failure and scalability.This study addressed the security,scalability,reliability,and consistency issues associated with the design of distributed SDN controllers.Moreover,the security issues of an enterprise related to multiple physically distributed controllers in a software-defined wireless local area network(SD-WLAN)were emphasized,and optimal solutions were suggested.
基金fully supported by GUET Excellent Graduate Thesis Program(Grant No.19YJPYBS03)Innovation Project of Guangxi Graduate Education(Grant No.YCBZ2022109)New Technology Research University Cooperation Project of the 34th Research Institute of China Electronics Technology Group Corporation,2021(Grant No.SF2126007)。
文摘In Software-Defined Networks(SDNs),determining how to efficiently achieve Quality of Service(QoS)-aware routing is challenging but critical for significantly improving the performance of a network,where the metrics of QoS can be defined as,for example,average latency,packet loss ratio,and throughput.The SDN controller can use network statistics and a Deep Reinforcement Learning(DRL)method to resolve this challenge.In this paper,we formulate dynamic routing in an SDN as a Markov decision process and propose a DRL algorithm called the Asynchronous Advantage Actor-Critic QoS-aware Routing Optimization Mechanism(AQROM)to determine routing strategies that balance the traffic loads in the network.AQROM can improve the QoS of the network and reduce the training time via dynamic routing strategy updates;that is,the reward function can be dynamically and promptly altered based on the optimization objective regardless of the network topology and traffic pattern.AQROM can be considered as one-step optimization and a black-box routing mechanism in high-dimensional input and output sets for both discrete and continuous states,and actions with respect to the operations in the SDN.Extensive simulations were conducted using OMNeT++and the results demonstrated that AQROM 1)achieved much faster and stable convergence than the Deep Deterministic Policy Gradient(DDPG)and Advantage Actor-Critic(A2C),2)incurred a lower packet loss ratio and latency than Open Shortest Path First(OSPF),DDPG,and A2C,and 3)resulted in higher and more stable throughput than OSPF,DDPG,and A2C.
基金supported by the Researcher Supporting Project number(RSPD2024R582),King Saud University,Riyadh,Saudi Arabia.
文摘The controller is a main component in the Software-Defined Networking(SDN)framework,which plays a significant role in enabling programmability and orchestration for 5G and next-generation networks.In SDN,frequent communication occurs between network switches and the controller,which manages and directs traffic flows.If the controller is not strategically placed within the network,this communication can experience increased delays,negatively affecting network performance.Specifically,an improperly placed controller can lead to higher end-to-end(E2E)delay,as switches must traverse more hops or encounter greater propagation delays when communicating with the controller.This paper introduces a novel approach using Deep Q-Learning(DQL)to dynamically place controllers in Software-Defined Internet of Things(SD-IoT)environments,with the goal of minimizing E2E delay between switches and controllers.E2E delay,a crucial metric for network performance,is influenced by two key factors:hop count,which measures the number of network nodes data must traverse,and propagation delay,which accounts for the physical distance between nodes.Our approach models the controller placement problem as a Markov Decision Process(MDP).In this model,the network configuration at any given time is represented as a“state,”while“actions”correspond to potential decisions regarding the placement of controllers or the reassignment of switches to controllers.Using a Deep Q-Network(DQN)to approximate the Q-function,the system learns the optimal controller placement by maximizing the cumulative reward,which is defined as the negative of the E2E delay.Essentially,the lower the delay,the higher the reward the system receives,enabling it to continuously improve its controller placement strategy.The experimental results show that our DQL-based method significantly reduces E2E delay when compared to traditional benchmark placement strategies.By dynamically learning from the network’s real-time conditions,the proposed method ensures that controller placement remains efficient and responsive,reducing communication delays and enhancing overall network performance.
基金supported in part by the National High Technology Research and Development Program(863 Program)of China under Grant No.2011AA01A101the National High Technology Research and Development Program(863 Program)of China under Grant No.2013AA01330the National High Technology Research and Development Program(863 Program)of China under Grant No.2013AA013303
文摘By decoupling control plane and data plane,Software-Defined Networking(SDN) approach simplifies network management and speeds up network innovations.These benefits have led not only to prototypes,but also real SDN deployments.For wide-area SDN deployments,multiple controllers are often required,and the placement of these controllers becomes a particularly important task in the SDN context.This paper studies the problem of placing controllers in SDNs,so as to maximize the reliability of SDN control networks.We present a novel metric,called expected percentage of control path loss,to characterize the reliability of SDN control networks.We formulate the reliability-aware control placement problem,prove its NP-hardness,and examine several placement algorithms that can solve this problem.Through extensive simulations using real topologies,we show how the number of controllers and their placement influence the reliability of SDN control networks.Besides,we also found that,through strategic controller placement,the reliability of SDN control networks can be significantly improved without introducing unacceptable switch-to-controller latencies.
基金supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295)National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)
文摘Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
基金supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2020-2018-0-01431)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘The controller is indispensable in software-defined networking(SDN).With several features,controllers monitor the network and respond promptly to dynamic changes.Their performance affects the quality-of-service(QoS)in SDN.Every controller supports a set of features.However,the support of the features may be more prominent in one controller.Moreover,a single controller leads to performance,single-point-of-failure(SPOF),and scalability problems.To overcome this,a controller with an optimum feature set must be available for SDN.Furthermore,a cluster of optimum feature set controllers will overcome an SPOF and improve the QoS in SDN.Herein,leveraging an analytical network process(ANP),we rank SDN controllers regarding their supporting features and create a hierarchical control plane based cluster(HCPC)of the highly ranked controller computed using the ANP,evaluating their performance for the OS3E topology.The results demonstrated in Mininet reveal that a HCPC environment with an optimum controller achieves an improved QoS.Moreover,the experimental results validated in Mininet show that our proposed approach surpasses the existing distributed controller clustering(DCC)schemes in terms of several performance metrics i.e.,delay,jitter,throughput,load balancing,scalability and CPU(central processing unit)utilization.
基金supported by the National Natural Science Foundation of China for Innovative Research Groups (61521003)the National Natural Science Foundation of China (61872382)+1 种基金the National Key Research and Development Program of China (2017YFB0803204)the Research and Development Program in Key Areas of Guangdong Province (No.2018B010113001)
文摘Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).
基金This work was supported by National Natural Science Foundation of China(No.61802080 and 61802077)Guangdong General Colleges and Universities Research Project(2018GkQNCX105)+1 种基金Zhongshan Public Welfare Science and Technology Research Project(2019B2044)Keping Yu was supported in part by the Japan Society for the Promotion of Science(JSPS)Grants-in-Aid for Scientific Research(KAKENHI)under Grant JP18K18044.
文摘Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a consistent and holistic way,without the need of understanding the underlying network structure.At present,SDN may face many challenges like insider attacks,i.e.,the centralized control plane would be attacked by malicious underlying devices and switches.To protect the security of SDN,effective detection approaches are indispensable.In the literature,challenge-based collaborative intrusion detection networks(CIDNs)are an effective detection framework in identifying malicious nodes.It calculates the nodes'reputation and detects a malicious node by sending out a special message called a challenge.In this work,we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes.Our results demonstrate that such a mechanism can be effective in SDN environments.
文摘As a new networking paradigm,Software-Defined Networking(SDN)enables us to cope with the limitations of traditional networks.SDN uses a controller that has a global view of the network and switch devices which act as packet forwarding hardware,known as“OpenFlow switches”.Since load balancing service is essential to distribute workload across servers in data centers,we propose an effective load balancing scheme in SDN,using a genetic programming approach,called Genetic Programming based Load Balancing(GPLB).We formulate the problem to find a path:1)with the best bottleneck switch which has the lowest capacity within bottleneck switches of each path,2)with the shortest path,and 3)requiring the less possible operations.For the purpose of choosing the real-time least loaded path,GPLB immediately calculates the integrated load of paths based on the information that receives from the SDN controller.Hence,in this design,the controller sends the load information of each path to the load balancing algorithm periodically and then the load balancing algorithm returns a least loaded path to the controller.In this paper,we use the Mininet emulator and the OpenDaylight controller to evaluate the effectiveness of the GPLB.The simulative study of the GPLB shows that there is a big improvement in performance metrics and the latency and the jitter are minimized.The GPLB also has the maximum throughput in comparison with related works and has performed better in the heavy traffic situation.The results show that our model stands smartly while not increasing further overhead.
基金supported by National Natural Science Foundation of China (No. 62071488 and No. 62061013)
文摘In multi-agent confrontation scenarios, a jammer is constrained by the single limited performance and inefficiency of practical application. To cope with these issues, this paper aims to investigate the multi-agent jamming problem in a multi-user scenario, where the coordination between the jammers is considered. Firstly, a multi-agent Markov decision process (MDP) framework is used to model and analyze the multi-agent jamming problem. Secondly, a collaborative multi-agent jamming algorithm (CMJA) based on reinforcement learning is proposed. Finally, an actual intelligent jamming system is designed and built based on software-defined radio (SDR) platform for simulation and platform verification. The simulation and platform verification results show that the proposed CMJA algorithm outperforms the independent Q-learning method and provides a better jamming effect.
基金supported by the China Postdoctoral Fund Project (No.44603)the National Natural Science Foundation of China (No.61309020)+1 种基金the National key Research and Development Program of China (No.2016YFB0800100, 2016YFB0800101)the National Natural Science Fund for Creative Research Groups Project(No.61521003)
文摘Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China(Grant No.61521003)the National Basic Research Program of China(2012CB315901,2013CB329104)+2 种基金the National Natural Science Foundation of China(Grant No.61372121,61309020,61309019)the National High-Tech Research&Development Program of China(Grant No.2013AA013505)the National Science and Technology Support Program Project(Grant No.2014BAH30B01)
文摘Elastic control could balance the distributed control plane in Software-Defined Networking(SDN). Dynamic switch migration has been proposed to achieve it. However, existing schemes mainly focus on how to execute migration operation, but not why. This paper designs a decision-making mechanism based on zero-sum game theory to reelect a new controller as the master for migrated switches. It first chooses a switch for migration in the heavy controller which invites its neighbors as the game players to compete for the master role of this switch in the game-playing field(GPF) which is an occasional and loose domain for game-playing. Second, based on the concept of GPF, we design a decentralized strategy to play the game and determine which player as the final master. We implement it by extending the Open Flow protocol. Finally, numerical results demonstrate that our distributed strategy can approach elastic control plane with better performance.
文摘Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. It has found center, and enterprise networks. applications in mobile, data The SDN architecture has a centralized, programmable control plane that is separate from the data plane. SDN also provides the ability to control and manage virtualized resources and networks without requiring new hardware technologies. This is a major shift in networking technologies.
文摘Currently,the Internet of Things(IoT)is revolutionizing communi-cation technology by facilitating the sharing of information between different physical devices connected to a network.To improve control,customization,flexibility,and reduce network maintenance costs,a new Software-Defined Network(SDN)technology must be used in this infrastructure.Despite the various advantages of combining SDN and IoT,this environment is more vulnerable to various attacks due to the centralization of control.Most methods to ensure IoT security are designed to detect Distributed Denial-of-Service(DDoS)attacks,but they often lack mechanisms to mitigate their severity.This paper proposes a Multi-Attack Intrusion Detection System(MAIDS)for Software-Defined IoT Networks(SDN-IoT).The proposed scheme uses two machine-learning algorithms to improve detection efficiency and provide a mechanism to prevent false alarms.First,a comparative analysis of the most commonly used machine-learning algorithms to secure the SDN was performed on two datasets:the Network Security Laboratory Knowledge Discovery in Databases(NSL-KDD)and the Canadian Institute for Cyberse-curity Intrusion Detection Systems(CICIDS2017),to select the most suitable algorithms for the proposed scheme and for securing SDN-IoT systems.The algorithms evaluated include Extreme Gradient Boosting(XGBoost),K-Nearest Neighbor(KNN),Random Forest(RF),Support Vector Machine(SVM),and Logistic Regression(LR).Second,an algorithm for selecting the best dataset for machine learning in Intrusion Detection Systems(IDS)was developed to enable effective comparison between the datasets used in the development of the security scheme.The results showed that XGBoost and RF are the best algorithms to ensure the security of SDN-IoT and to be applied in the proposed security system,with average accuracies of 99.88%and 99.89%,respectively.Furthermore,the proposed security scheme reduced the false alarm rate by 33.23%,which is a significant improvement over prevalent schemes.Finally,tests of the algorithm for dataset selection showed that the rates of false positives and false negatives were reduced when the XGBoost and RF algorithms were trained on the CICIDS2017 dataset,making it the best for IDS compared to the NSL-KDD dataset.
基金This research was supported partially by LIG Nex1It was also supported partially by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2021-2018-0-01431)supervised by the IITP(Institute for Information&Communications Technology Planning Evaluation).
文摘The controller in software-defined networking(SDN)acts as strategic point of control for the underlying network.Multiple controllers are available,and every single controller retains a number of features such as the OpenFlow version,clustering,modularity,platform,and partnership support,etc.They are regarded as vital when making a selection among a set of controllers.As such,the selection of the controller becomes a multi-criteria decision making(MCDM)problem with several features.Hence,an increase in this number will increase the computational complexity of the controller selection process.Previously,the selection of controllers based on features has been studied by the researchers.However,the prioritization of features has gotten less attention.Moreover,several features increase the computational complexity of the selection process.In this paper,we propose a mathematical modeling for feature prioritization with analytical network process(ANP)bridge model for SDN controllers.The results indicate that a prioritized features model lead to a reduction in the computational complexity of the selection of SDN controller.In addition,our model generates prioritized features for SDN controllers.
