Distributed denial of service(DDoS)attacks are common network attacks that primarily target Internet of Things(IoT)devices.They are critical for emerging wireless services,especially for applications with limited late...Distributed denial of service(DDoS)attacks are common network attacks that primarily target Internet of Things(IoT)devices.They are critical for emerging wireless services,especially for applications with limited latency.DDoS attacks pose significant risks to entrepreneurial businesses,preventing legitimate customers from accessing their websites.These attacks require intelligent analytics before processing service requests.Distributed denial of service(DDoS)attacks exploit vulnerabilities in IoT devices by launchingmulti-point distributed attacks.These attacks generate massive traffic that overwhelms the victim’s network,disrupting normal operations.The consequences of distributed denial of service(DDoS)attacks are typically more severe in software-defined networks(SDNs)than in traditional networks.The centralised architecture of these networks can exacerbate existing vulnerabilities,as these weaknesses may not be effectively addressed in this model.The preliminary objective for detecting and mitigating distributed denial of service(DDoS)attacks in software-defined networks(SDN)is to monitor traffic patterns and identify anomalies that indicate distributed denial of service(DDoS)attacks.It implements measures to counter the effects ofDDoS attacks,and ensure network reliability and availability by leveraging the flexibility and programmability of SDN to adaptively respond to threats.The authors present a mechanism that leverages the OpenFlow and sFlow protocols to counter the threats posed by DDoS attacks.The results indicate that the proposed model effectively mitigates the negative effects of DDoS attacks in an SDN environment.展开更多
Software-Defined Networking(SDN)improves network management by separating its control logic from the underlying hardware and integrating it into a logically centralized control unit,termed the SDN controller.SDN adapt...Software-Defined Networking(SDN)improves network management by separating its control logic from the underlying hardware and integrating it into a logically centralized control unit,termed the SDN controller.SDN adaptation is essential for wireless networks because it offers enhanced and data-intensive services.The initial intent of the SDN design was to have a physically centralized controller.However,network experts have suggested logically centralized and physically distributed designs for SDN controllers,owing to issues such as a single point of failure and scalability.This study addressed the security,scalability,reliability,and consistency issues associated with the design of distributed SDN controllers.Moreover,the security issues of an enterprise related to multiple physically distributed controllers in a software-defined wireless local area network(SD-WLAN)were emphasized,and optimal solutions were suggested.展开更多
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
Software-Defined Networking(SDN),with segregated data and control planes,provides faster data routing,stability,and enhanced quality metrics,such as throughput(Th),maximum available bandwidth(Bd(max)),data transfer(DT...Software-Defined Networking(SDN),with segregated data and control planes,provides faster data routing,stability,and enhanced quality metrics,such as throughput(Th),maximum available bandwidth(Bd(max)),data transfer(DTransfer),and reduction in end-to-end delay(D(E-E)).This paper explores the critical work of deploying SDN in large-scale Data Center Networks(DCNs)to enhance its Quality of Service(QoS)parameters,using logically distributed control configurations.There is a noticeable increase in Delay(E-E)when adopting SDN with a unified(single)control structure in big DCNs to handle Hypertext Transfer Protocol(HTTP)requests causing a reduction in network quality parameters(Bd(max),Th,DTransfer,D(E-E),etc.).This article examines the network performance in terms of quality matrices(bandwidth,throughput,data transfer,etc.),by establishing a large-scale SDN-based virtual network in the Mininet environment.The SDN network is simulated in three stages:(1)An SDN network with unitary controller-POX to manage the data traffic flow of the network without the server load management algorithm.(2)An SDN network with only one controller to manage the data traffic flow of the network with a server load management algorithm.(3)Deployment of SDN in proposed control arrangement(logically distributed controlled framework)with multiple controllers managing data traffic flow under the proposed Intelligent Sensing Server Load Management(ISSLM)algorithm.As a result of this approach,the network quality parameters in large-scale networks are enhanced.展开更多
The controller is indispensable in software-defined networking(SDN).With several features,controllers monitor the network and respond promptly to dynamic changes.Their performance affects the quality-of-service(QoS)in...The controller is indispensable in software-defined networking(SDN).With several features,controllers monitor the network and respond promptly to dynamic changes.Their performance affects the quality-of-service(QoS)in SDN.Every controller supports a set of features.However,the support of the features may be more prominent in one controller.Moreover,a single controller leads to performance,single-point-of-failure(SPOF),and scalability problems.To overcome this,a controller with an optimum feature set must be available for SDN.Furthermore,a cluster of optimum feature set controllers will overcome an SPOF and improve the QoS in SDN.Herein,leveraging an analytical network process(ANP),we rank SDN controllers regarding their supporting features and create a hierarchical control plane based cluster(HCPC)of the highly ranked controller computed using the ANP,evaluating their performance for the OS3E topology.The results demonstrated in Mininet reveal that a HCPC environment with an optimum controller achieves an improved QoS.Moreover,the experimental results validated in Mininet show that our proposed approach surpasses the existing distributed controller clustering(DCC)schemes in terms of several performance metrics i.e.,delay,jitter,throughput,load balancing,scalability and CPU(central processing unit)utilization.展开更多
Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing...Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).展开更多
Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a ...Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a consistent and holistic way,without the need of understanding the underlying network structure.At present,SDN may face many challenges like insider attacks,i.e.,the centralized control plane would be attacked by malicious underlying devices and switches.To protect the security of SDN,effective detection approaches are indispensable.In the literature,challenge-based collaborative intrusion detection networks(CIDNs)are an effective detection framework in identifying malicious nodes.It calculates the nodes'reputation and detects a malicious node by sending out a special message called a challenge.In this work,we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes.Our results demonstrate that such a mechanism can be effective in SDN environments.展开更多
Elastic control could balance the distributed control plane in Software-Defined Networking(SDN). Dynamic switch migration has been proposed to achieve it. However, existing schemes mainly focus on how to execute migra...Elastic control could balance the distributed control plane in Software-Defined Networking(SDN). Dynamic switch migration has been proposed to achieve it. However, existing schemes mainly focus on how to execute migration operation, but not why. This paper designs a decision-making mechanism based on zero-sum game theory to reelect a new controller as the master for migrated switches. It first chooses a switch for migration in the heavy controller which invites its neighbors as the game players to compete for the master role of this switch in the game-playing field(GPF) which is an occasional and loose domain for game-playing. Second, based on the concept of GPF, we design a decentralized strategy to play the game and determine which player as the final master. We implement it by extending the Open Flow protocol. Finally, numerical results demonstrate that our distributed strategy can approach elastic control plane with better performance.展开更多
Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. ...Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. It has found center, and enterprise networks. applications in mobile, data The SDN architecture has a centralized, programmable control plane that is separate from the data plane. SDN also provides the ability to control and manage virtualized resources and networks without requiring new hardware technologies. This is a major shift in networking technologies.展开更多
The controller in software-defined networking(SDN)acts as strategic point of control for the underlying network.Multiple controllers are available,and every single controller retains a number of features such as the O...The controller in software-defined networking(SDN)acts as strategic point of control for the underlying network.Multiple controllers are available,and every single controller retains a number of features such as the OpenFlow version,clustering,modularity,platform,and partnership support,etc.They are regarded as vital when making a selection among a set of controllers.As such,the selection of the controller becomes a multi-criteria decision making(MCDM)problem with several features.Hence,an increase in this number will increase the computational complexity of the controller selection process.Previously,the selection of controllers based on features has been studied by the researchers.However,the prioritization of features has gotten less attention.Moreover,several features increase the computational complexity of the selection process.In this paper,we propose a mathematical modeling for feature prioritization with analytical network process(ANP)bridge model for SDN controllers.The results indicate that a prioritized features model lead to a reduction in the computational complexity of the selection of SDN controller.In addition,our model generates prioritized features for SDN controllers.展开更多
Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to...Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.展开更多
Large latency of applications will bring revenue loss to cloud infrastructure providers in the cloud data center. The existing controllers of software-defined networking architecture can fetch and process traffic info...Large latency of applications will bring revenue loss to cloud infrastructure providers in the cloud data center. The existing controllers of software-defined networking architecture can fetch and process traffic information in the network. Therefore, the controllers can only optimize the network latency of applications. However, the serving latency of applications is also an important factor in delivered user-experience for arrival requests. Unintelligent request routing will cause large serving latency if arrival requests are allocated to overloaded virtual machines. To deal with the request routing problem, this paper proposes the workload-aware software-defined networking controller architecture. Then, request routing algorithms are proposed to minimize the total round trip time for every type of request by considering the congestion in the network and the workload in virtual machines(VMs). This paper finally provides the evaluation of the proposed algorithms in a simulated prototype. The simulation results show that the proposed methodology is efficient compared with the existing approaches.展开更多
The low-cost,self-configuration capability and "plug-and-play" feature of Ethernet establishes its dominant position in the local area networks(LAN).However,it is hard to extend to large scale because of the...The low-cost,self-configuration capability and "plug-and-play" feature of Ethernet establishes its dominant position in the local area networks(LAN).However,it is hard to extend to large scale because of the legacy broadcast-based service discovery mechanism.Therefore,to solve this problem,a new split network architecture named Software-Defined Networking(SDN) is introduced in this paper,and a novel floodless service discovery mechanism(FSDM)for SDN is designed.For the FSDM,the widespread broadcast messages for Dynamic Host Configuration Protocol(DHCP) and Address Resolution Protocol(ARP) are considered especially,respectively.Then the DHCP relay and ARP proxy are proposed to handle DHCP broadcast messages and ARP broadcast messages,respectively.The proposed FSDM in this paper can eliminate flooding completely,reserve the autoconfiguration characteristics.Particularly,there is no need to change the existing hardware,software and protocols of hosts for the proposed scheme.Finally,the simulation results are demonstrated to show that our proposed model allows redundant links existed in network and has the property of scalability,which can significantly reduce network traffic in data plane and control traffic in control plane,and decrease the overhead of control plane.展开更多
Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,t...Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,the network topology of each control domain of SDN will affect the performance of the multidomain network,so performance evaluation is required before the deployment of the multi-domain SDN.Besides,there is a high cost to build real multi-domain SDN networks with different topologies,so it is necessary to use simulation testing methods to evaluate the topological performance of the multi-domain SDN network.As there is a lack of existing methods to construct a multi-domain SDN simulation network for the tool to evaluate the topological performance automatically,this paper proposes an automated multi-domain SDN topology performance evaluation framework,which supports multiple types of SDN network topologies in cooperating to construct a multi-domain SDN network.The framework integrates existing single-domain SDN simulation tools with network performance testing tools to realize automated performance evaluation of multidomain SDN network topologies.We designed and implemented a Mininet-based simulation tool that can connect multiple controllers and run user-specified topologies in multiple SDN control domains to build and test multi-domain SDN networks faster.Then,we used the tool to perform performance tests on various data center network topologies in single-domain and multi-domain SDN simulation environments.Test results show that Space Shuffle has the most stable performance in a single-domain environment,and Fat-tree has the best performance in a multi-domain environment.Also,this tool has the characteristics of simplicity and stability,which can meet the needs of multi-domain SDN topology performance evaluation.展开更多
Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmab...Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.展开更多
Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection appr...Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.展开更多
Network management and multimedia data mining techniques have a great interest in analyzing and improving the network traffic process.In recent times,the most complex task in Software Defined Network(SDN)is security,w...Network management and multimedia data mining techniques have a great interest in analyzing and improving the network traffic process.In recent times,the most complex task in Software Defined Network(SDN)is security,which is based on a centralized,programmable controller.Therefore,monitoring network traffic is significant for identifying and revealing intrusion abnormalities in the SDN environment.Consequently,this paper provides an extensive analysis and investigation of the NSL-KDD dataset using five different clustering algorithms:K-means,Farthest First,Canopy,Density-based algorithm,and Exception-maximization(EM),using the Waikato Environment for Knowledge Analysis(WEKA)software to compare extensively between these five algorithms.Furthermore,this paper presents an SDN-based intrusion detection system using a deep learning(DL)model with the KDD(Knowledge Discovery in Databases)dataset.First,the utilized dataset is clustered into normal and four major attack categories via the clustering process.Then,a deep learning method is projected for building an efficient SDN-based intrusion detection system.The results provide a comprehensive analysis and a flawless reasonable study of different kinds of attacks incorporated in the KDD dataset.Similarly,the outcomes reveal that the proposed deep learning method provides efficient intrusion detection performance compared to existing techniques.For example,the proposed method achieves a detection accuracy of 94.21%for the examined dataset.展开更多
The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,securit...The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.展开更多
With the increasing number of switches in Software-Defined Network-ing(SDN),there are more and more faults rising in the data plane.However,due to the existence of link redundancy and multi-path forwarding mechanisms,t...With the increasing number of switches in Software-Defined Network-ing(SDN),there are more and more faults rising in the data plane.However,due to the existence of link redundancy and multi-path forwarding mechanisms,these problems cannot be detected in time.The current faulty path detection mechan-isms have problems such as the large scale of detection and low efficiency,which is difficult to meet the requirements of efficient faulty path detection in large-scale SDN.Concerning this issue,we propose an efficient network path fault testing model ProbD based on probability detection.This model achieves a high prob-ability of detecting arbitrary path fault in the form of small-scale random sam-pling.Under a certain path fault rate,ProbD obtains the curve of sample size and probability of detecting arbitrary path fault by randomly sampling network paths several times.After a small number of experiments,the ProbD model can cor-rectly estimate the path fault rate of the network and calculate the total number of paths that need to be detected according to the different probability of detecting arbitrary path fault and the path fault rate of the network.Thefinal experimental results show that,compared with the full path coverage test,the ProbD model based on probability detection can achieve efficient network testing with less overhead.Besides,the larger the network scale is,the more overhead will be saved.展开更多
The rise of time-sensitive applications with broad geographical scope drives the development of time-sensitive networking(TSN)from intra-domain to inter-domain to ensure overall end-to-end connectivity requirements in...The rise of time-sensitive applications with broad geographical scope drives the development of time-sensitive networking(TSN)from intra-domain to inter-domain to ensure overall end-to-end connectivity requirements in heterogeneous deployments.When multiple TSN networks interconnect over non-TSN networks,all devices in the network need to be syn-chronized by sharing a uniform time reference.How-ever,most non-TSN networks are best-effort.Path delay asymmetry and random noise accumulation can introduce unpredictable time errors during end-to-end time synchronization.These factors can degrade syn-chronization performance.Therefore,cross-domain time synchronization becomes a challenging issue for multiple TSN networks interconnected by non-TSN networks.This paper presents a cross-domain time synchronization scheme that follows the software-defined TSN(SD-TSN)paradigm.It utilizes a com-bined control plane constructed by a coordinate con-troller and a domain controller for centralized control and management of cross-domain time synchroniza-tion.The general operation flow of the cross-domain time synchronization process is designed.The mecha-nism of cross-domain time synchronization is revealed by introducing a synchronization model and an error compensation method.A TSN cross-domain proto-type testbed is constructed for verification.Results show that the scheme can achieve end-to-end high-precision time synchronization with accuracy and sta-bility.展开更多
基金supported by the Deanship of Graduate Studies and Scientific Research at Qassim University for financial support(QU-APC-2025).
文摘Distributed denial of service(DDoS)attacks are common network attacks that primarily target Internet of Things(IoT)devices.They are critical for emerging wireless services,especially for applications with limited latency.DDoS attacks pose significant risks to entrepreneurial businesses,preventing legitimate customers from accessing their websites.These attacks require intelligent analytics before processing service requests.Distributed denial of service(DDoS)attacks exploit vulnerabilities in IoT devices by launchingmulti-point distributed attacks.These attacks generate massive traffic that overwhelms the victim’s network,disrupting normal operations.The consequences of distributed denial of service(DDoS)attacks are typically more severe in software-defined networks(SDNs)than in traditional networks.The centralised architecture of these networks can exacerbate existing vulnerabilities,as these weaknesses may not be effectively addressed in this model.The preliminary objective for detecting and mitigating distributed denial of service(DDoS)attacks in software-defined networks(SDN)is to monitor traffic patterns and identify anomalies that indicate distributed denial of service(DDoS)attacks.It implements measures to counter the effects ofDDoS attacks,and ensure network reliability and availability by leveraging the flexibility and programmability of SDN to adaptively respond to threats.The authors present a mechanism that leverages the OpenFlow and sFlow protocols to counter the threats posed by DDoS attacks.The results indicate that the proposed model effectively mitigates the negative effects of DDoS attacks in an SDN environment.
文摘Software-Defined Networking(SDN)improves network management by separating its control logic from the underlying hardware and integrating it into a logically centralized control unit,termed the SDN controller.SDN adaptation is essential for wireless networks because it offers enhanced and data-intensive services.The initial intent of the SDN design was to have a physically centralized controller.However,network experts have suggested logically centralized and physically distributed designs for SDN controllers,owing to issues such as a single point of failure and scalability.This study addressed the security,scalability,reliability,and consistency issues associated with the design of distributed SDN controllers.Moreover,the security issues of an enterprise related to multiple physically distributed controllers in a software-defined wireless local area network(SD-WLAN)were emphasized,and optimal solutions were suggested.
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
文摘Software-Defined Networking(SDN),with segregated data and control planes,provides faster data routing,stability,and enhanced quality metrics,such as throughput(Th),maximum available bandwidth(Bd(max)),data transfer(DTransfer),and reduction in end-to-end delay(D(E-E)).This paper explores the critical work of deploying SDN in large-scale Data Center Networks(DCNs)to enhance its Quality of Service(QoS)parameters,using logically distributed control configurations.There is a noticeable increase in Delay(E-E)when adopting SDN with a unified(single)control structure in big DCNs to handle Hypertext Transfer Protocol(HTTP)requests causing a reduction in network quality parameters(Bd(max),Th,DTransfer,D(E-E),etc.).This article examines the network performance in terms of quality matrices(bandwidth,throughput,data transfer,etc.),by establishing a large-scale SDN-based virtual network in the Mininet environment.The SDN network is simulated in three stages:(1)An SDN network with unitary controller-POX to manage the data traffic flow of the network without the server load management algorithm.(2)An SDN network with only one controller to manage the data traffic flow of the network with a server load management algorithm.(3)Deployment of SDN in proposed control arrangement(logically distributed controlled framework)with multiple controllers managing data traffic flow under the proposed Intelligent Sensing Server Load Management(ISSLM)algorithm.As a result of this approach,the network quality parameters in large-scale networks are enhanced.
基金supported by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2020-2018-0-01431)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation).
文摘The controller is indispensable in software-defined networking(SDN).With several features,controllers monitor the network and respond promptly to dynamic changes.Their performance affects the quality-of-service(QoS)in SDN.Every controller supports a set of features.However,the support of the features may be more prominent in one controller.Moreover,a single controller leads to performance,single-point-of-failure(SPOF),and scalability problems.To overcome this,a controller with an optimum feature set must be available for SDN.Furthermore,a cluster of optimum feature set controllers will overcome an SPOF and improve the QoS in SDN.Herein,leveraging an analytical network process(ANP),we rank SDN controllers regarding their supporting features and create a hierarchical control plane based cluster(HCPC)of the highly ranked controller computed using the ANP,evaluating their performance for the OS3E topology.The results demonstrated in Mininet reveal that a HCPC environment with an optimum controller achieves an improved QoS.Moreover,the experimental results validated in Mininet show that our proposed approach surpasses the existing distributed controller clustering(DCC)schemes in terms of several performance metrics i.e.,delay,jitter,throughput,load balancing,scalability and CPU(central processing unit)utilization.
基金supported by the National Natural Science Foundation of China for Innovative Research Groups (61521003)the National Natural Science Foundation of China (61872382)+1 种基金the National Key Research and Development Program of China (2017YFB0803204)the Research and Development Program in Key Areas of Guangdong Province (No.2018B010113001)
文摘Software-Defined Networking(SDN)adapts logically-centralized control by decoupling control plane from data plane and provides the efficient use of network resources.However,due to the limitation of traditional routing strategies relying on manual configuration,SDN may suffer from link congestion and inefficient bandwidth allocation among flows,which could degrade network performance significantly.In this paper,we propose EARS,an intelligence-driven experiential network architecture for automatic routing.EARS adapts deep reinforcement learning(DRL)to simulate the human methods of learning experiential knowledge,employs the closed-loop network control mechanism incorporating with network monitoring technologies to realize the interaction with network environment.The proposed EARS can learn to make better control decision from its own experience by interacting with network environment and optimize the network intelligently by adjusting services and resources offered based on network requirements and environmental conditions.Under the network architecture,we design the network utility function with throughput and delay awareness,differentiate flows based on their size characteristics,and design a DDPGbased automatic routing algorithm as DRL decision brain to find the near-optimal paths for mice and elephant flows.To validate the network architecture,we implement it on a real network environment.Extensive simulation results show that EARS significantly improve the network throughput and reduces the average packet delay in comparison with baseline schemes(e.g.OSPF,ECMP).
基金This work was supported by National Natural Science Foundation of China(No.61802080 and 61802077)Guangdong General Colleges and Universities Research Project(2018GkQNCX105)+1 种基金Zhongshan Public Welfare Science and Technology Research Project(2019B2044)Keping Yu was supported in part by the Japan Society for the Promotion of Science(JSPS)Grants-in-Aid for Scientific Research(KAKENHI)under Grant JP18K18044.
文摘Software-Defined Networking(SDN)is an emerging architecture that enables a computer network to be intelligently and centrally controlled via software applications.It can help manage the whole network environment in a consistent and holistic way,without the need of understanding the underlying network structure.At present,SDN may face many challenges like insider attacks,i.e.,the centralized control plane would be attacked by malicious underlying devices and switches.To protect the security of SDN,effective detection approaches are indispensable.In the literature,challenge-based collaborative intrusion detection networks(CIDNs)are an effective detection framework in identifying malicious nodes.It calculates the nodes'reputation and detects a malicious node by sending out a special message called a challenge.In this work,we devise a challenge-based CIDN in SDN and measure its performance against malicious internal nodes.Our results demonstrate that such a mechanism can be effective in SDN environments.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China(Grant No.61521003)the National Basic Research Program of China(2012CB315901,2013CB329104)+2 种基金the National Natural Science Foundation of China(Grant No.61372121,61309020,61309019)the National High-Tech Research&Development Program of China(Grant No.2013AA013505)the National Science and Technology Support Program Project(Grant No.2014BAH30B01)
文摘Elastic control could balance the distributed control plane in Software-Defined Networking(SDN). Dynamic switch migration has been proposed to achieve it. However, existing schemes mainly focus on how to execute migration operation, but not why. This paper designs a decision-making mechanism based on zero-sum game theory to reelect a new controller as the master for migrated switches. It first chooses a switch for migration in the heavy controller which invites its neighbors as the game players to compete for the master role of this switch in the game-playing field(GPF) which is an occasional and loose domain for game-playing. Second, based on the concept of GPF, we design a decentralized strategy to play the game and determine which player as the final master. We implement it by extending the Open Flow protocol. Finally, numerical results demonstrate that our distributed strategy can approach elastic control plane with better performance.
文摘Software- defined networking (SDN) is a promising technology for next-generation networking and has attracted much attention from academics, network equipment manufacturer, network operators, and service providers. It has found center, and enterprise networks. applications in mobile, data The SDN architecture has a centralized, programmable control plane that is separate from the data plane. SDN also provides the ability to control and manage virtualized resources and networks without requiring new hardware technologies. This is a major shift in networking technologies.
基金This research was supported partially by LIG Nex1It was also supported partially by the MSIT(Ministry of Science and ICT),Korea,under the ITRC(Information Technology Research Center)support program(IITP-2021-2018-0-01431)supervised by the IITP(Institute for Information&Communications Technology Planning Evaluation).
文摘The controller in software-defined networking(SDN)acts as strategic point of control for the underlying network.Multiple controllers are available,and every single controller retains a number of features such as the OpenFlow version,clustering,modularity,platform,and partnership support,etc.They are regarded as vital when making a selection among a set of controllers.As such,the selection of the controller becomes a multi-criteria decision making(MCDM)problem with several features.Hence,an increase in this number will increase the computational complexity of the controller selection process.Previously,the selection of controllers based on features has been studied by the researchers.However,the prioritization of features has gotten less attention.Moreover,several features increase the computational complexity of the selection process.In this paper,we propose a mathematical modeling for feature prioritization with analytical network process(ANP)bridge model for SDN controllers.The results indicate that a prioritized features model lead to a reduction in the computational complexity of the selection of SDN controller.In addition,our model generates prioritized features for SDN controllers.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No. 61521003)The National Key R&D Program of China (No.2016YFB0800101)+1 种基金the National Science Foundation for Distinguished Young Scholars of China (No.61602509)Henan Province Key Technologies R&D Program of China(No.172102210615)
文摘Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.
基金supported by the National Postdoctoral Science Foundation of China(2014M550068)
文摘Large latency of applications will bring revenue loss to cloud infrastructure providers in the cloud data center. The existing controllers of software-defined networking architecture can fetch and process traffic information in the network. Therefore, the controllers can only optimize the network latency of applications. However, the serving latency of applications is also an important factor in delivered user-experience for arrival requests. Unintelligent request routing will cause large serving latency if arrival requests are allocated to overloaded virtual machines. To deal with the request routing problem, this paper proposes the workload-aware software-defined networking controller architecture. Then, request routing algorithms are proposed to minimize the total round trip time for every type of request by considering the congestion in the network and the workload in virtual machines(VMs). This paper finally provides the evaluation of the proposed algorithms in a simulated prototype. The simulation results show that the proposed methodology is efficient compared with the existing approaches.
基金supported by the National Basic Research Program(973)of China(No.2012CB315801)the National Natural Science Fund(No.61302089,61300184)the fundamental research funds for the Central Universities(No.2013RC0113)
文摘The low-cost,self-configuration capability and "plug-and-play" feature of Ethernet establishes its dominant position in the local area networks(LAN).However,it is hard to extend to large scale because of the legacy broadcast-based service discovery mechanism.Therefore,to solve this problem,a new split network architecture named Software-Defined Networking(SDN) is introduced in this paper,and a novel floodless service discovery mechanism(FSDM)for SDN is designed.For the FSDM,the widespread broadcast messages for Dynamic Host Configuration Protocol(DHCP) and Address Resolution Protocol(ARP) are considered especially,respectively.Then the DHCP relay and ARP proxy are proposed to handle DHCP broadcast messages and ARP broadcast messages,respectively.The proposed FSDM in this paper can eliminate flooding completely,reserve the autoconfiguration characteristics.Particularly,there is no need to change the existing hardware,software and protocols of hosts for the proposed scheme.Finally,the simulation results are demonstrated to show that our proposed model allows redundant links existed in network and has the property of scalability,which can significantly reduce network traffic in data plane and control traffic in control plane,and decrease the overhead of control plane.
基金This work was supported by the Fundamental Research Funds for the Central Universities(2021RC239)the Postdoctoral Science Foundation of China(2021 M690338)+3 种基金the Hainan Provincial Natural Science Foundation of China(620RC562,2019RC096,620RC560)the Scientific Research Setup Fund of Hainan University(KYQD(ZR)1877)the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(QCXM201910)the National Natural Science Foundation of China(61802092,62162021).
文摘Software-defined networking(SDN)is widely used in multiple types of data center networks,and these distributed data center networks can be integrated into a multi-domain SDN by utilizing multiple controllers.However,the network topology of each control domain of SDN will affect the performance of the multidomain network,so performance evaluation is required before the deployment of the multi-domain SDN.Besides,there is a high cost to build real multi-domain SDN networks with different topologies,so it is necessary to use simulation testing methods to evaluate the topological performance of the multi-domain SDN network.As there is a lack of existing methods to construct a multi-domain SDN simulation network for the tool to evaluate the topological performance automatically,this paper proposes an automated multi-domain SDN topology performance evaluation framework,which supports multiple types of SDN network topologies in cooperating to construct a multi-domain SDN network.The framework integrates existing single-domain SDN simulation tools with network performance testing tools to realize automated performance evaluation of multidomain SDN network topologies.We designed and implemented a Mininet-based simulation tool that can connect multiple controllers and run user-specified topologies in multiple SDN control domains to build and test multi-domain SDN networks faster.Then,we used the tool to perform performance tests on various data center network topologies in single-domain and multi-domain SDN simulation environments.Test results show that Space Shuffle has the most stable performance in a single-domain environment,and Fat-tree has the best performance in a multi-domain environment.Also,this tool has the characteristics of simplicity and stability,which can meet the needs of multi-domain SDN topology performance evaluation.
基金supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295)National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)
文摘Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
文摘Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.
文摘Network management and multimedia data mining techniques have a great interest in analyzing and improving the network traffic process.In recent times,the most complex task in Software Defined Network(SDN)is security,which is based on a centralized,programmable controller.Therefore,monitoring network traffic is significant for identifying and revealing intrusion abnormalities in the SDN environment.Consequently,this paper provides an extensive analysis and investigation of the NSL-KDD dataset using five different clustering algorithms:K-means,Farthest First,Canopy,Density-based algorithm,and Exception-maximization(EM),using the Waikato Environment for Knowledge Analysis(WEKA)software to compare extensively between these five algorithms.Furthermore,this paper presents an SDN-based intrusion detection system using a deep learning(DL)model with the KDD(Knowledge Discovery in Databases)dataset.First,the utilized dataset is clustered into normal and four major attack categories via the clustering process.Then,a deep learning method is projected for building an efficient SDN-based intrusion detection system.The results provide a comprehensive analysis and a flawless reasonable study of different kinds of attacks incorporated in the KDD dataset.Similarly,the outcomes reveal that the proposed deep learning method provides efficient intrusion detection performance compared to existing techniques.For example,the proposed method achieves a detection accuracy of 94.21%for the examined dataset.
基金This work was supported by Universiti Sains Malaysia under external grant(Grant Number 304/PNAV/650958/U154).
文摘The emergence of a new network architecture,known as Software Defined Networking(SDN),in the last two decades has overcome some drawbacks of traditional networks in terms of performance,scalability,reliability,security,and network management.However,the SDN is vulnerable to security threats that target its controller,such as low-rate Distributed Denial of Service(DDoS)attacks,The low-rate DDoS attack is one of the most prevalent attacks that poses a severe threat to SDN network security because the controller is a vital architecture component.Therefore,there is an urgent need to propose a detection approach for this type of attack with a high detection rate and low false-positive rates.Thus,this paper proposes an approach to detect low-rate DDoS attacks on the SDN controller by adapting a dynamic threshold.The proposed approach has been evaluated using four simulation scenarios covering a combination of low-rate DDoS attacks against the SDN controller involving(i)a single host attack targeting a single victim;(ii)a single host attack targeting multiple victims;(iii)multiple hosts attack targeting a single victim;and(iv)multiple hosts attack targeting multiple victims.The proposed approach’s average detection rates are 96.65%,91.83%,96.17%,and 95.33%for the above scenarios,respectively;and its average false-positive rates are 3.33%,8.17%,3.83%,and 4.67%for similar scenarios,respectively.The comparison between the proposed approach and two existing approaches showed that it outperformed them in both categories.
基金supported by the Fundamental Research Funds for the Central Universities(2021RC239)the Postdoctoral Science Foundation of China(2021 M690338)+3 种基金the Hainan Provincial Natural Science Foundation of China(620RC562,2019RC096,620RC560)the Scientific Research Setup Fund of Hainan University(KYQD(ZR)1877)the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(QCXM201910)the National Natural Science Foundation of China(61802092,62162021).
文摘With the increasing number of switches in Software-Defined Network-ing(SDN),there are more and more faults rising in the data plane.However,due to the existence of link redundancy and multi-path forwarding mechanisms,these problems cannot be detected in time.The current faulty path detection mechan-isms have problems such as the large scale of detection and low efficiency,which is difficult to meet the requirements of efficient faulty path detection in large-scale SDN.Concerning this issue,we propose an efficient network path fault testing model ProbD based on probability detection.This model achieves a high prob-ability of detecting arbitrary path fault in the form of small-scale random sam-pling.Under a certain path fault rate,ProbD obtains the curve of sample size and probability of detecting arbitrary path fault by randomly sampling network paths several times.After a small number of experiments,the ProbD model can cor-rectly estimate the path fault rate of the network and calculate the total number of paths that need to be detected according to the different probability of detecting arbitrary path fault and the path fault rate of the network.Thefinal experimental results show that,compared with the full path coverage test,the ProbD model based on probability detection can achieve efficient network testing with less overhead.Besides,the larger the network scale is,the more overhead will be saved.
基金supported in part by National Key R&D Program of China(Grant No.2022YFC3803700)in part by the National Natural Science Foundation of China(Grant No.92067102)in part by the project of Beijing Laboratory of Advanced Information Networks.
文摘The rise of time-sensitive applications with broad geographical scope drives the development of time-sensitive networking(TSN)from intra-domain to inter-domain to ensure overall end-to-end connectivity requirements in heterogeneous deployments.When multiple TSN networks interconnect over non-TSN networks,all devices in the network need to be syn-chronized by sharing a uniform time reference.How-ever,most non-TSN networks are best-effort.Path delay asymmetry and random noise accumulation can introduce unpredictable time errors during end-to-end time synchronization.These factors can degrade syn-chronization performance.Therefore,cross-domain time synchronization becomes a challenging issue for multiple TSN networks interconnected by non-TSN networks.This paper presents a cross-domain time synchronization scheme that follows the software-defined TSN(SD-TSN)paradigm.It utilizes a com-bined control plane constructed by a coordinate con-troller and a domain controller for centralized control and management of cross-domain time synchroniza-tion.The general operation flow of the cross-domain time synchronization process is designed.The mecha-nism of cross-domain time synchronization is revealed by introducing a synchronization model and an error compensation method.A TSN cross-domain proto-type testbed is constructed for verification.Results show that the scheme can achieve end-to-end high-precision time synchronization with accuracy and sta-bility.
