The future Sixth-Generation (6G) wireless systems are expected to encounter emerging services with diverserequirements. In this paper, 6G network resource orchestration is optimized to support customized networkslicin...The future Sixth-Generation (6G) wireless systems are expected to encounter emerging services with diverserequirements. In this paper, 6G network resource orchestration is optimized to support customized networkslicing of services, and place network functions generated by heterogeneous devices into available resources.This is a combinatorial optimization problem that is solved by developing a Particle Swarm Optimization (PSO)based scheduling strategy with enhanced inertia weight, particle variation, and nonlinear learning factor, therebybalancing the local and global solutions and improving the convergence speed to globally near-optimal solutions.Simulations show that the method improves the convergence speed and the utilization of network resourcescompared with other variants of PSO.展开更多
Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified ne...Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.展开更多
Network function virtualization is a new network concept that moves network functions from dedicated hardware to software-defined applications running on standard high volume severs. In order to accomplish network ser...Network function virtualization is a new network concept that moves network functions from dedicated hardware to software-defined applications running on standard high volume severs. In order to accomplish network services, traffic flows are usually processed by a list of network functions in sequence which is defined by service function chain. By incorporating network function virtualization in inter-data center(DC) network, we can use the network resources intelligently and deploy network services faster. However, orchestrating service function chains across multiple data centers will incur high deployment cost, including the inter-data center bandwidth cost, virtual network function cost and the intra-data center bandwidth cost. In this paper, we orchestrate SFCs across multiple data centers, with a goal to minimize the overall cost. An integer linear programming(ILP) model is formulated and we provide a meta-heuristic algorithm named GBAO which contains three modules to solve it. We implemented our algorithm in Python and performed side-by-side comparison with prior algorithms. Simulation results show that our proposed algorithm reduces the overall cost by at least 21.4% over the existing algorithms for accommodating the same service function chain requests.展开更多
Software Defined Satellite Networks(SDSN) are proposed to solve the problems in traditional satellite networks, such as time-consuming configuration and inflexible traffic scheduling. The emerging application of small...Software Defined Satellite Networks(SDSN) are proposed to solve the problems in traditional satellite networks, such as time-consuming configuration and inflexible traffic scheduling. The emerging application of small satellite and research of SDSN make it possible for satellite networks to provide flexible network services. Service Function Chain(SFC) can satisfy this need. In this paper, we are motivated to investigate applying SFC in the small satellite-based SDSN for service delivery. We introduce the structure of the multi-layer constellation-based SDSN. Then, we describe two deployment patterns of SFC in SDSN, the Multi-Domain(MD) pattern and the Satellite Formation(SF) pattern. We propose two algorithms, SFP-MD, and SFP-SF, to calculate the Service Function Path(SFP). We implement the algorithms and conduct contrast experiments in our prototype. Finally, we summarize the applicable conditions of two deployment patterns according to the experimental results in terms of hops, delay, and packet loss rate.展开更多
Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some o...Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.展开更多
Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection appr...Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.展开更多
It is foreseen that the Internet of Things (IoT) will comprise billions of connected devices, and this will make the provi?sioning and operation of some IoT connectivity services more challenging. Indeed, IoT services...It is foreseen that the Internet of Things (IoT) will comprise billions of connected devices, and this will make the provi?sioning and operation of some IoT connectivity services more challenging. Indeed, IoT services are very different from lega?cy Internet services because of their dimensioning figures and also because IoT services differ dramatically in terms of na?ture and constraints. For example, IoT services often rely on energy and CPU?constrained sensor technologies, regardless of whether the service is for home automation, smart building, e?health, or power or water metering on a regional or national scale. Also, some IoT services, such as dynamic monitoring of biometric data, manipulation of sensitive information, and pri?vacy needs to be safeguarded whenever this information is for?warded over the underlying IoT network infrastructure. This paper discusses how software?defined networking (SDN) can facilitate the deployment and operation of some advanced IoT services regardless of their nature or scope. SDN introduces a high degree of automation in service delivery and operation-from dynamic IoT service parameter exposure and negotiation to resource allocation, service fulfillment, and assurance. This paper does not argue that all IoT services must adopt SDN. Rather, it is left to the discretion of operators to decide which IoT services can best leverage SDN capabilities. This paper only discusses managed IoT services, i.e., services that are op?erated by a service provider.展开更多
In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the grow...In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.展开更多
Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The s...Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.展开更多
With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)sat...With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.展开更多
To address the issues that middleboxes as a fundamental part of today's networks are facing, Network Function Virtualization(NFV)has been recently proposed, which in essence asserts to migrate hardware-based middl...To address the issues that middleboxes as a fundamental part of today's networks are facing, Network Function Virtualization(NFV)has been recently proposed, which in essence asserts to migrate hardware-based middleboxes into software-based virtualized function entities.Due to the demands of virtual services placement in NFV network environment, this paper models the service amount placement problem involving with the resources allocation as a cooperative game and proposes the placement policy by Nash Bargaining Solution(NBS). Specifically,we first introduce the system overview and apply the rigorous cooperative game-theoretic guide to build the mathematical model, which can give consideration to both the responding efficiency of service requirements and the allocation fairness.Then a distributed algorithm corresponding to NBS is designed to achieve predictable network performance for virtual instances placement.Finally, with simulations under various scenarios,the results show that our placement approach can achieve high utilization of network through the analysis of evaluation metrics namely the satisfaction degree and fairness index. With the suitable demand amount of services, the average values of two metrics can reach above 90%. And by tuning the base placement, our solution can enable operators to flexibly balance the tradeoff between satisfaction and fairness of resourcessharing in service platforms.展开更多
Recently, integrating Softwaredefined networking(SDN) and network functions virtualization(NFV) are proposed to address the issue that difficulty and cost of hardwarebased and proprietary middleboxes management. Howev...Recently, integrating Softwaredefined networking(SDN) and network functions virtualization(NFV) are proposed to address the issue that difficulty and cost of hardwarebased and proprietary middleboxes management. However, it lacks of a framework that orchestrates network functions to service chain in the network cooperatively. In this paper, we propose a function combination framework that can dynamically adapt the network based on the integration NFV and SDN. There are two main contributions in this paper. First, the function combination framework based on the integration of SDN and NFV is proposed to address the function combination issue, including the architecture of Service Deliver Network, the port types representing traffic directions and the explanation of terms. Second, we formulate the issue of load balance of function combination as the model minimizing the standard deviations of all servers' loads and satisfying the demand of performance and limit of resource. The least busy placement algorithm is introduced to approach optimal solution of the problem. Finally, experimental results demonstrate that the proposed method can combine functions in an efficient and scalable way and ensure the load balance of the network.展开更多
Due to the development of network technology,the number of users is increasing rapidly,and the demand for emerging multicast services is becoming more and more abundant,traffic data is increasing day by day,network no...Due to the development of network technology,the number of users is increasing rapidly,and the demand for emerging multicast services is becoming more and more abundant,traffic data is increasing day by day,network nodes are becoming denser,network topology is becoming more complex,and operators’equipment operation and maintenance costs are increasing.Network functions virtualization multicast issues include building a traffic forwarding topology,deploying the required functions,and directing traffic.Combining the two is still a problem to be studied in depth at present,and this paper proposes a two-stage solution where the decisions of these two stages are interdependent.Specifically,this paper decouples multicast traffic forwarding and function delivery.The minimum spanning tree of traffic forwarding is constructed by Steiner tree,and the traffic forwarding is realized by Viterbi-algorithm.Use a general topology network to examine network cost and service performance.Simulation results show that this method can reduce overhead and delay and optimize user experience.展开更多
With ever-increasing applications of IoT, and due to the heterogeneous and bursty nature of these applications, scalability has become an important research issue in building cloud-based IoT/M2M systems. This research...With ever-increasing applications of IoT, and due to the heterogeneous and bursty nature of these applications, scalability has become an important research issue in building cloud-based IoT/M2M systems. This research proposes a dynamic SDN-based network slicing mechanism to tackle the scalability problems caused by such heterogeneity and fluctuation of IoT application requirements. The proposed method can automatically create a network slice on-the-fly for each new type of IoT application and adjust the QoS characteristics of the slice dynamically according to the changing requirements </span><span style="font-family:Verdana;">of an IoT application. Validated with extensive experiments, the proposed me</span><span style="font-family:Verdana;">chanism demonstrates better platform scalability when compared to a static slicing system.展开更多
As an indispensable component of the emerging 6G networks,Space-Air-Ground Inte-grated Networks(SAGINs)are envisioned to provide ubiquitous network connectivity and services by integrating satellite networks,aerial ne...As an indispensable component of the emerging 6G networks,Space-Air-Ground Inte-grated Networks(SAGINs)are envisioned to provide ubiquitous network connectivity and services by integrating satellite networks,aerial networks,and terrestrial networks.In 6G SAGINs,a wide variety of network services with the features of diverse requirements,complex mobility,and multi-dimensional resources will pose great challenges to service provisioning,which urges the develop-ment of service-oriented SAGINs.In this paper,we conduct a comprehensive review of 6G SAGINs from a new perspective of service-oriented network.First,we present the requirements of service-oriented networks,and then propose a service-oriented SAGINs management architec-ture.Two categories of critical technologies are presented and discussed,i.e.,heterogeneous resource orchestration technologies and the cloud-edge synergy technologies,which facilitate the interoperability of different network segments and cooperatively orchestrate heterogeneous resources across different domains,according to the service features and requirements.In addition,the potential future research directions are also presented and discussed.展开更多
Due to 5G's stringent and uncertainty traffic requirements,open ecosystem would be one inevitable way to develop 5G.On the other hand,GPP based mobile communication becomes appealing recently attributed to its str...Due to 5G's stringent and uncertainty traffic requirements,open ecosystem would be one inevitable way to develop 5G.On the other hand,GPP based mobile communication becomes appealing recently attributed to its striking advantage in flexibility and re-configurability.In this paper,both the advantages and challenges of GPP platform are detailed analyzed.Furthermore,both GPP based software and hardware architectures for open 5G are presented and the performances of real-time signal processing and power consumption are also evaluated.The evaluation results indicate that turbo and power consumption may be another challengeable problem should be further solved to meet the requirements of realistic deployments.展开更多
Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. ...Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.展开更多
Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,t...Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose Route Guardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, Route Guardian supports dynamic routing reconfiguration according to the latest network status. We prototyped Route Guardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.展开更多
This white paper explores three popular development methodologies for network softwarization: DevOps, NetOps, and Verification. The paper compares and contrasts the strengths and weaknesses of each approach and provid...This white paper explores three popular development methodologies for network softwarization: DevOps, NetOps, and Verification. The paper compares and contrasts the strengths and weaknesses of each approach and provides recommendations for organizations looking to adopt network softwarization.展开更多
基金supported by the Social Scientific Research Foundation of China(21VSZ126).
文摘The future Sixth-Generation (6G) wireless systems are expected to encounter emerging services with diverserequirements. In this paper, 6G network resource orchestration is optimized to support customized networkslicing of services, and place network functions generated by heterogeneous devices into available resources.This is a combinatorial optimization problem that is solved by developing a Particle Swarm Optimization (PSO)based scheduling strategy with enhanced inertia weight, particle variation, and nonlinear learning factor, therebybalancing the local and global solutions and improving the convergence speed to globally near-optimal solutions.Simulations show that the method improves the convergence speed and the utilization of network resourcescompared with other variants of PSO.
基金This work was funded by the Deanship of Scientific Research at Jouf University under Grant Number(DSR2022-RG-0102).
文摘Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.
基金supported by the National Natural Science Foundation of China(61501044)
文摘Network function virtualization is a new network concept that moves network functions from dedicated hardware to software-defined applications running on standard high volume severs. In order to accomplish network services, traffic flows are usually processed by a list of network functions in sequence which is defined by service function chain. By incorporating network function virtualization in inter-data center(DC) network, we can use the network resources intelligently and deploy network services faster. However, orchestrating service function chains across multiple data centers will incur high deployment cost, including the inter-data center bandwidth cost, virtual network function cost and the intra-data center bandwidth cost. In this paper, we orchestrate SFCs across multiple data centers, with a goal to minimize the overall cost. An integer linear programming(ILP) model is formulated and we provide a meta-heuristic algorithm named GBAO which contains three modules to solve it. We implemented our algorithm in Python and performed side-by-side comparison with prior algorithms. Simulation results show that our proposed algorithm reduces the overall cost by at least 21.4% over the existing algorithms for accommodating the same service function chain requests.
基金supported in part by NSFC of China under Grant No.61232017National Basic Research Program of China(“973 program”)under Grant No.2013CB329101+1 种基金Fundamental Research Funds for the Central Universities under Grant No.2016YJS026NSAF of China under Grant No.U1530118
文摘Software Defined Satellite Networks(SDSN) are proposed to solve the problems in traditional satellite networks, such as time-consuming configuration and inflexible traffic scheduling. The emerging application of small satellite and research of SDSN make it possible for satellite networks to provide flexible network services. Service Function Chain(SFC) can satisfy this need. In this paper, we are motivated to investigate applying SFC in the small satellite-based SDSN for service delivery. We introduce the structure of the multi-layer constellation-based SDSN. Then, we describe two deployment patterns of SFC in SDSN, the Multi-Domain(MD) pattern and the Satellite Formation(SF) pattern. We propose two algorithms, SFP-MD, and SFP-SF, to calculate the Service Function Path(SFP). We implement the algorithms and conduct contrast experiments in our prototype. Finally, we summarize the applicable conditions of two deployment patterns according to the experimental results in terms of hops, delay, and packet loss rate.
基金supported by the China Postdoctoral Fund Project (No.44603)the National Natural Science Foundation of China (No.61309020)+1 种基金the National key Research and Development Program of China (No.2016YFB0800100, 2016YFB0800101)the National Natural Science Fund for Creative Research Groups Project(No.61521003)
文摘Software.defined networking(SDN) enables third.part companies to participate in the network function innovations. A number of instances for one network function will inevitably co.exist in the network. Although some orchestration architecture has been proposed to chain network functions, rare works are focused on how to optimize this process. In this paper, we propose an optimized model for network function orchestration, function combination model(FCM). Our main contributions are as following. First, network functions are featured with a new abstraction, and are open to external providers. And FCM identifies network functions using unique type, and organizes their instances distributed over the network with the appropriate way. Second, with the specialized demands, we can combine function instances under the global network views, and formulate it into the problem of Boolean linear program(BLP). A simulated annealing algorithm is designed to approach optimal solution for this BLP. Finally, the numerical experiment demonstrates that our model can create outstanding composite schemas efficiently.
文摘Despite extensive research, timing channels (TCs) are still known as a principal category of threats that aim to leak and transmit information by perturbing the timing or ordering of events. Existing TC detection approaches use either signature-based approaches to detect known TCs or anomaly-based approach by modeling the legitimate network traffic in order to detect unknown TCs. Un-fortunately, in a software-defined networking (SDN) environment, most existing TC detection approaches would fail due to factors such as volatile network traffic, imprecise timekeeping mechanisms, and dynamic network topology. Furthermore, stealthy TCs can be designed to mimic the legitimate traffic pattern and thus evade anomalous TC detection. In this paper, we overcome the above challenges by presenting a novel framework that harnesses the advantages of elastic re-sources in the cloud. In particular, our framework dynamically configures SDN to enable/disable differential analysis against outbound network flows of different virtual machines (VMs). Our framework is tightly coupled with a new metric that first decomposes the timing data of network flows into a number of using the discrete wavelet-based multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence (KLD) to measure the variance among flow pairs. The appealing feature of our approach is that, compared with the existing anomaly detection approaches, it can detect most existing and some new stealthy TCs without legitimate traffic for modeling, even with the presence of noise and imprecise timekeeping mechanism in an SDN virtual environment. We implement our framework as a prototype system, OBSERVER, which can be dynamically deployed in an SDN environment. Empirical evaluation shows that our approach can efficiently detect TCs with a higher detection rate, lower latency, and negligible performance overhead compared to existing approaches.
文摘It is foreseen that the Internet of Things (IoT) will comprise billions of connected devices, and this will make the provi?sioning and operation of some IoT connectivity services more challenging. Indeed, IoT services are very different from lega?cy Internet services because of their dimensioning figures and also because IoT services differ dramatically in terms of na?ture and constraints. For example, IoT services often rely on energy and CPU?constrained sensor technologies, regardless of whether the service is for home automation, smart building, e?health, or power or water metering on a regional or national scale. Also, some IoT services, such as dynamic monitoring of biometric data, manipulation of sensitive information, and pri?vacy needs to be safeguarded whenever this information is for?warded over the underlying IoT network infrastructure. This paper discusses how software?defined networking (SDN) can facilitate the deployment and operation of some advanced IoT services regardless of their nature or scope. SDN introduces a high degree of automation in service delivery and operation-from dynamic IoT service parameter exposure and negotiation to resource allocation, service fulfillment, and assurance. This paper does not argue that all IoT services must adopt SDN. Rather, it is left to the discretion of operators to decide which IoT services can best leverage SDN capabilities. This paper only discusses managed IoT services, i.e., services that are op?erated by a service provider.
基金This work is supported by the Fundamental Research Funds for the Central Universities.
文摘In recent years,satellite networks have been proposed as an essential part of next-generation mobile communication systems.Software defined networking techniques are introduced in satellite networks to handle the growing challenges induced by time-varying topology,intermittent inter-satellite link and dramatically increased satellite constellation size.This survey covers the latest progress of software defined satellite networks,including key techniques,existing solutions,challenges,opportunities,and simulation tools.To the best of our knowledge,this paper is the most comprehensive survey that covers the latest progress of software defined satellite networks.An open GitHub repository is further created where the latest papers on this topic will be tracked and updated periodically.Compared with these existing surveys,this survey contributes from three aspects:(1)an up-to-date SDN-oriented review for the latest progress of key techniques and solutions in software defined satellite networks;(2)an inspiring summary of existing challenges,new research opportunities and publicly available simulation tools for follow-up studies;(3)an effort of building a public repository to track new results.
文摘Virtualization of network/service functions means time sharing network/service(and affiliated)resources in a hyper speed manner.The concept of time sharing was popularized in the 1970s with mainframe computing.The same concept has recently resurfaced under the guise of cloud computing and virtualized computing.Although cloud computing was originally used in IT for server virtualization,the ICT industry is taking a new look at virtualization.This paradigm shift is shaking up the computing,storage,networking,and ser vice industries.The hope is that virtualizing and automating configuration and service management/orchestration will save both capes and opex for network transformation.A complimentary trend is the separation(over an open interface)of control and transmission.This is commonly referred to as software defined networking(SDN).This paper reviews trends in network/service functions,efforts to standardize these functions,and required management and orchestration.
基金supported in part by the National Natural Science Foundation of China(NSFC)under grant numbers U22A2007 and 62171010the Open project of Satellite Internet Key Laboratory in 2022(Project 3:Research on Spaceborne Lightweight Core Network and Intelligent Collaboration)the Beijing Natural Science Foundation under grant number L212003.
文摘With the advancements of software defined network(SDN)and network function virtualization(NFV),service function chain(SFC)placement becomes a crucial enabler for flexible resource scheduling in low earth orbit(LEO)satellite networks.While due to the scarcity of bandwidth resources and dynamic topology of LEO satellites,the static SFC placement schemes may cause performance degradation,resource waste and even service failure.In this paper,we consider migration and establish an online migration model,especially considering the dynamic topology.Given the scarcity of bandwidth resources,the model aims to maximize the total number of accepted SFCs while incurring as little bandwidth cost of SFC transmission and migration as possible.Due to its NP-hardness,we propose a heuristic minimized dynamic SFC migration(MDSM)algorithm that only triggers the migration procedure when new SFCs are rejected.Simulation results demonstrate that MDSM achieves a performance close to the upper bound with lower complexity.
基金supported by The National Basic Research Program of China (973) (Grant No. 2012CB315901, 2013CB329104)The National Natural Science Foundation of China (Grant No. 61521003, 61372121, 61309019, 61572519, 61502530)The National High Technology Research and Development Program of China (863) (Grant No. 2015AA016102)
文摘To address the issues that middleboxes as a fundamental part of today's networks are facing, Network Function Virtualization(NFV)has been recently proposed, which in essence asserts to migrate hardware-based middleboxes into software-based virtualized function entities.Due to the demands of virtual services placement in NFV network environment, this paper models the service amount placement problem involving with the resources allocation as a cooperative game and proposes the placement policy by Nash Bargaining Solution(NBS). Specifically,we first introduce the system overview and apply the rigorous cooperative game-theoretic guide to build the mathematical model, which can give consideration to both the responding efficiency of service requirements and the allocation fairness.Then a distributed algorithm corresponding to NBS is designed to achieve predictable network performance for virtual instances placement.Finally, with simulations under various scenarios,the results show that our placement approach can achieve high utilization of network through the analysis of evaluation metrics namely the satisfaction degree and fairness index. With the suitable demand amount of services, the average values of two metrics can reach above 90%. And by tuning the base placement, our solution can enable operators to flexibly balance the tradeoff between satisfaction and fairness of resourcessharing in service platforms.
基金supported by the Foundation for Innovative Research Groups of the National Science Foundation of China (Grant No.61521003)The National Basic Research Program of China(973)(Grant No.2012CB315901,2013CB329104)+1 种基金The National Natural Science Foundation of China(Grant No.61372121,61309019,61309020)The National High Technology Research and Development Program of China(863)(Grant No.2015AA016102,2013AA013505)
文摘Recently, integrating Softwaredefined networking(SDN) and network functions virtualization(NFV) are proposed to address the issue that difficulty and cost of hardwarebased and proprietary middleboxes management. However, it lacks of a framework that orchestrates network functions to service chain in the network cooperatively. In this paper, we propose a function combination framework that can dynamically adapt the network based on the integration NFV and SDN. There are two main contributions in this paper. First, the function combination framework based on the integration of SDN and NFV is proposed to address the function combination issue, including the architecture of Service Deliver Network, the port types representing traffic directions and the explanation of terms. Second, we formulate the issue of load balance of function combination as the model minimizing the standard deviations of all servers' loads and satisfying the demand of performance and limit of resource. The least busy placement algorithm is introduced to approach optimal solution of the problem. Finally, experimental results demonstrate that the proposed method can combine functions in an efficient and scalable way and ensure the load balance of the network.
基金supported by the R&D Program of Beijing Municipal Education Commission(Nos.KM202110858003 and2022X003-KXD)。
文摘Due to the development of network technology,the number of users is increasing rapidly,and the demand for emerging multicast services is becoming more and more abundant,traffic data is increasing day by day,network nodes are becoming denser,network topology is becoming more complex,and operators’equipment operation and maintenance costs are increasing.Network functions virtualization multicast issues include building a traffic forwarding topology,deploying the required functions,and directing traffic.Combining the two is still a problem to be studied in depth at present,and this paper proposes a two-stage solution where the decisions of these two stages are interdependent.Specifically,this paper decouples multicast traffic forwarding and function delivery.The minimum spanning tree of traffic forwarding is constructed by Steiner tree,and the traffic forwarding is realized by Viterbi-algorithm.Use a general topology network to examine network cost and service performance.Simulation results show that this method can reduce overhead and delay and optimize user experience.
文摘With ever-increasing applications of IoT, and due to the heterogeneous and bursty nature of these applications, scalability has become an important research issue in building cloud-based IoT/M2M systems. This research proposes a dynamic SDN-based network slicing mechanism to tackle the scalability problems caused by such heterogeneity and fluctuation of IoT application requirements. The proposed method can automatically create a network slice on-the-fly for each new type of IoT application and adjust the QoS characteristics of the slice dynamically according to the changing requirements </span><span style="font-family:Verdana;">of an IoT application. Validated with extensive experiments, the proposed me</span><span style="font-family:Verdana;">chanism demonstrates better platform scalability when compared to a static slicing system.
基金supported by the National Key Research and Development Program of China(No.2020YFB1807700).
文摘As an indispensable component of the emerging 6G networks,Space-Air-Ground Inte-grated Networks(SAGINs)are envisioned to provide ubiquitous network connectivity and services by integrating satellite networks,aerial networks,and terrestrial networks.In 6G SAGINs,a wide variety of network services with the features of diverse requirements,complex mobility,and multi-dimensional resources will pose great challenges to service provisioning,which urges the develop-ment of service-oriented SAGINs.In this paper,we conduct a comprehensive review of 6G SAGINs from a new perspective of service-oriented network.First,we present the requirements of service-oriented networks,and then propose a service-oriented SAGINs management architec-ture.Two categories of critical technologies are presented and discussed,i.e.,heterogeneous resource orchestration technologies and the cloud-edge synergy technologies,which facilitate the interoperability of different network segments and cooperatively orchestrate heterogeneous resources across different domains,according to the service features and requirements.In addition,the potential future research directions are also presented and discussed.
基金funded in part by National Natural Science Foundation of China(grant NO.61471347)National S&T Mayor Project of the Ministry of S&T of China(grant NO.2016ZX03001020-003)+1 种基金key program for international S&T Cooperation Program of China(grant NO.2014DFA11640)Shanghai Natural Science Foundation(grant NO.16ZR1435100)
文摘Due to 5G's stringent and uncertainty traffic requirements,open ecosystem would be one inevitable way to develop 5G.On the other hand,GPP based mobile communication becomes appealing recently attributed to its striking advantage in flexibility and re-configurability.In this paper,both the advantages and challenges of GPP platform are detailed analyzed.Furthermore,both GPP based software and hardware architectures for open 5G are presented and the performances of real-time signal processing and power consumption are also evaluated.The evaluation results indicate that turbo and power consumption may be another challengeable problem should be further solved to meet the requirements of realistic deployments.
基金supported in part by the grant from the National Natural Science Foundation of China (60973129)
文摘Software-defined networks (SDN) have attracted much attention recently because of their flexibility in terms of network management. Increasingly, SDN is being introduced into wireless networks to form wireless SDN. One enabling technology for wireless SDN is network virtualization, which logically divides one wireless network element, such as a base station, into multiple slices, and each slice serving as a standalone virtual BS. In this way, one physical mobile wireless network can be partitioned into multiple virtual networks in a software-defined manner. Wireless virtual networks comprising virtual base stations also need to provide QoS to mobile end-user services in the same context as their physical hosting networks. One key QoS parameter is delay. This paper presents a delay model for software-defined wireless virtual networks. Network calculus is used in the modelling. In particular, stochastic network calculus, which describes more realistic models than deterministic network calculus, is used. The model enables theoretical investigation of wireless SDN, which is largely dominated by either algorithms or prototype implementations.
基金supported in part by the National Natural Science Foundation of China (Nos. 61402029, 61370190, and 61379002)the National Key Basic Research Program (973) of China (No. 2012CB315905)
文摘Software-Defined Networking(SDN) decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose Route Guardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, Route Guardian supports dynamic routing reconfiguration according to the latest network status. We prototyped Route Guardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.
文摘This white paper explores three popular development methodologies for network softwarization: DevOps, NetOps, and Verification. The paper compares and contrasts the strengths and weaknesses of each approach and provides recommendations for organizations looking to adopt network softwarization.
