Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection appr...Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.展开更多
In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the grow...In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.展开更多
Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The s...Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.展开更多
针对传统的IP欺骗攻击缓解方法存在运算开销大、缺乏灵活性等问题,提出了一种基于动态限制策略的软件定义网络(software defined network,SDN)中IP欺骗攻击缓解方法。首先,利用Packet-In消息中三元组信息回溯攻击路径,定位IP欺骗攻击源...针对传统的IP欺骗攻击缓解方法存在运算开销大、缺乏灵活性等问题,提出了一种基于动态限制策略的软件定义网络(software defined network,SDN)中IP欺骗攻击缓解方法。首先,利用Packet-In消息中三元组信息回溯攻击路径,定位IP欺骗攻击源头主机;然后,由控制器制定动态限制策略对连接攻击源头主机的交换机端口的新流转发功能进行限制,待限制期满再恢复其转发新流的功能,限制期的大小随着被检测为攻击源的次数而增长。研究结果表明:这种动态的限制策略可阻隔攻击流进入SDN网络,从而有效避免SDN交换机、控制器以及链路过载;由于在限制期间无需再对这些限制的交换机端口进行实时监测,该方法在应对长时攻击时较传统方法具有更高的缓解效率和更少的资源消耗。展开更多
Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. ...Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.展开更多
With ever-increasing applications of IoT, and due to the heterogeneous and bursty nature of these applications, scalability has become an important research issue in building cloud-based IoT/M2M systems. This research...With ever-increasing applications of IoT, and due to the heterogeneous and bursty nature of these applications, scalability has become an important research issue in building cloud-based IoT/M2M systems. This research proposes a dynamic SDN-based network slicing mechanism to tackle the scalability problems caused by such heterogeneity and fluctuation of IoT application requirements. The proposed method can automatically create a network slice on-the-fly for each new type of IoT application and adjust the QoS characteristics of the slice dynamically according to the changing requirements </span><span style="font-family:Verdana;">of an IoT application. Validated with extensive experiments, the proposed me</span><span style="font-family:Verdana;">chanism demonstrates better platform scalability when compared to a static slicing system.展开更多
To address the issues that middleboxes as a fundamental part of today's networks are facing, Network Function Virtualization(NFV)has been recently proposed, which in essence asserts to migrate hardware-based middl...To address the issues that middleboxes as a fundamental part of today's networks are facing, Network Function Virtualization(NFV)has been recently proposed, which in essence asserts to migrate hardware-based middleboxes into software-based virtualized function entities.Due to the demands of virtual services placement in NFV network environment, this paper models the service amount placement problem involving with the resources allocation as a cooperative game and proposes the placement policy by Nash Bargaining Solution(NBS). Specifically,we first introduce the system overview and apply the rigorous cooperative game-theoretic guide to build the mathematical model, which can give consideration to both the responding efficiency of service requirements and the allocation fairness.Then a distributed algorithm corresponding to NBS is designed to achieve predictable network performance for virtual instances placement.Finally, with simulations under various scenarios,the results show that our placement approach can achieve high utilization of network through the analysis of evaluation metrics namely the satisfaction degree and fairness index. With the suitable demand amount of services, the average values of two metrics can reach above 90%. And by tuning the base placement, our solution can enable operators to flexibly balance the tradeoff between satisfaction and fairness of resourcessharing in service platforms.展开更多
Due to 5G's stringent and uncertainty traffic requirements,open ecosystem would be one inevitable way to develop 5G.On the other hand,GPP based mobile communication becomes appealing recently attributed to its str...Due to 5G's stringent and uncertainty traffic requirements,open ecosystem would be one inevitable way to develop 5G.On the other hand,GPP based mobile communication becomes appealing recently attributed to its striking advantage in flexibility and re-configurability.In this paper,both the advantages and challenges of GPP platform are detailed analyzed.Furthermore,both GPP based software and hardware architectures for open 5G are presented and the performances of real-time signal processing and power consumption are also evaluated.The evaluation results indicate that turbo and power consumption may be another challengeable problem should be further solved to meet the requirements of realistic deployments.展开更多
文摘Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.
基金This work is supported by the Fundamental Research Funds for the Central Universities.
文摘In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.
文摘Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.
文摘针对传统的IP欺骗攻击缓解方法存在运算开销大、缺乏灵活性等问题,提出了一种基于动态限制策略的软件定义网络(software defined network,SDN)中IP欺骗攻击缓解方法。首先,利用Packet-In消息中三元组信息回溯攻击路径,定位IP欺骗攻击源头主机;然后,由控制器制定动态限制策略对连接攻击源头主机的交换机端口的新流转发功能进行限制,待限制期满再恢复其转发新流的功能,限制期的大小随着被检测为攻击源的次数而增长。研究结果表明:这种动态的限制策略可阻隔攻击流进入SDN网络,从而有效避免SDN交换机、控制器以及链路过载;由于在限制期间无需再对这些限制的交换机端口进行实时监测,该方法在应对长时攻击时较传统方法具有更高的缓解效率和更少的资源消耗。
基金supported in part by the grant from the National Natural Science Foundation of China (60973129)
文摘Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.
文摘With ever-increasing applications of IoT, and due to the heterogeneous and bursty nature of these applications, scalability has become an important research issue in building cloud-based IoT/M2M systems. This research proposes a dynamic SDN-based network slicing mechanism to tackle the scalability problems caused by such heterogeneity and fluctuation of IoT application requirements. The proposed method can automatically create a network slice on-the-fly for each new type of IoT application and adjust the QoS characteristics of the slice dynamically according to the changing requirements </span><span style="font-family:Verdana;">of an IoT application. Validated with extensive experiments, the proposed me</span><span style="font-family:Verdana;">chanism demonstrates better platform scalability when compared to a static slicing system.
基金supported by The National Basic Research Program of China (973) (Grant No. 2012CB315901, 2013CB329104)The National Natural Science Foundation of China (Grant No. 61521003, 61372121, 61309019, 61572519, 61502530)The National High Technology Research and Development Program of China (863) (Grant No. 2015AA016102)
文摘To address the issues that middleboxes as a fundamental part of today's networks are facing, Network Function Virtualization(NFV)has been recently proposed, which in essence asserts to migrate hardware-based middleboxes into software-based virtualized function entities.Due to the demands of virtual services placement in NFV network environment, this paper models the service amount placement problem involving with the resources allocation as a cooperative game and proposes the placement policy by Nash Bargaining Solution(NBS). Specifically,we first introduce the system overview and apply the rigorous cooperative game-theoretic guide to build the mathematical model, which can give consideration to both the responding efficiency of service requirements and the allocation fairness.Then a distributed algorithm corresponding to NBS is designed to achieve predictable network performance for virtual instances placement.Finally, with simulations under various scenarios,the results show that our placement approach can achieve high utilization of network through the analysis of evaluation metrics namely the satisfaction degree and fairness index. With the suitable demand amount of services, the average values of two metrics can reach above 90%. And by tuning the base placement, our solution can enable operators to flexibly balance the tradeoff between satisfaction and fairness of resourcessharing in service platforms.
基金funded in part by National Natural Science Foundation of China(grant NO.61471347)National S&T Mayor Project of the Ministry of S&T of China(grant NO.2016ZX03001020-003)+1 种基金key program for international S&T Cooperation Program of China(grant NO.2014DFA11640)Shanghai Natural Science Foundation(grant NO.16ZR1435100)
文摘Due to 5G's stringent and uncertainty traffic requirements,open ecosystem would be one inevitable way to develop 5G.On the other hand,GPP based mobile communication becomes appealing recently attributed to its striking advantage in flexibility and re-configurability.In this paper,both the advantages and challenges of GPP platform are detailed analyzed.Furthermore,both GPP based software and hardware architectures for open 5G are presented and the performances of real-time signal processing and power consumption are also evaluated.The evaluation results indicate that turbo and power consumption may be another challengeable problem should be further solved to meet the requirements of realistic deployments.
