References
- C. Clos, "A study of non-blocking switching networks," Bell System Technical Journal, vol. 32, no. 2, pp. 406-424, 1953. https://doi.org/10.1002/j.1538-7305.1953.tb01433.x
- M. F. Bari, R. Boutaba, R. Esteves, L. Z. Granville, M. Podlesny, M. G. Rabbani, Q. Zhang, and M. F. Zhani, "Data center network virtualization: a survey," IEEE Communications Surveys & Tutorials, vol. 15, no. 2, pp. 909-928, 2012.
- R. Jain and S. Paul, "Network virtualization and software defined networking for cloud computing: a survey," IEEE Communications Magazine, vol. 51, no. 11, pp. 24-31, 2013. https://doi.org/10.1109/MCOM.2013.6658648
- S. Scott-Hayward, G. O'Callaghan, and S. Sezer, "SDN security: a survey," in Proceedings of 2013 IEEE SDN for Future Networks and Services (SDN4FNS), Trento, Italy, 2013, pp. 1-7.
- L. Schehlmann, S. Abt, and H. Baier, "Blessing or curse? Revisiting security aspects of software-defined networking," in Proceedings of the 10th International Conference on Network and Service Management (CNSM) and Workshop, Rio de Janeiro, Brazil, 2014, pp. 382-387.
- W. Xia, Y. Wen, C. H. Foh, D. Niyato, and H. Xie, "A survey on software-defined networking," IEEE Communications Surveys & Tutorials, vol. 17, no. 1, pp. 27-51, 2014. https://doi.org/10.1109/COMST.2014.2330903
- I. Ahmad, S. Namal, M. Ylianttila, and A. Gurtov, "Security in software defined networks: a survey," IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2317-2346, 2015. https://doi.org/10.1109/COMST.2015.2474118
- D. Kreutz, F. M. Ramos, P. E. Verissimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, "Software-defined networking: a comprehensive survey," Proceedings of the IEEE, vol. 103, no. 1, pp. 14-76, 2015. https://doi.org/10.1109/JPROC.2014.2371999
- Z. Yao and Z. Yan, "Security in software-defined-networking: a survey," in Security, Privacy and Anonymity in Computation, Communication and Storage. Cham, Switzerland: Springer, 2016, pp. 319-332.
- M. A. Nadeem and T. Karamat, "A survey of cloud network overlay protocols," in Proceedings of 2016 6th International Conference on Digital Information and Communication Technology and its Applications (DICTAP), Konya, Turkey, 2016, pp. 177-182.
- A. Abdou, P. C. Van Oorschot, and T. Wan, "Comparative analysis of control plane security of SDN and conventional networks," IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3542-3559, 2018. https://doi.org/10.1109/COMST.2018.2839348
- B. Yi, X. Wang, K. Li, and M. Huang, "A comprehensive survey of network function virtualization," Computer Networks, vol. 133, pp. 212-262, 2018. https://doi.org/10.1016/j.comnet.2018.01.021
- M. Pattaranantakul, R. He, Q. Song, Z. Zhang, and A. Meddahi, "NFV security survey: from use case driven threat analysis to state-of-the-art countermeasures," IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3330-3368, 2018. https://doi.org/10.1109/COMST.2018.2859449
- A. M. Alwakeel, A. K. Alnaim, and E. B. Fernandez, "A survey of network function virtualization security," in Proceedings of the IEEE SoutheastCon, St. Petersburg, FL, 2018, pp. 1-8.
- Y. Liu, B. Zhao, P. Zhao, P. Fan, and H. Liu, "A survey: typical security issues of software-defined networking," China Communications, vol. 16, no. 7, pp. 13-31, 2019. https://doi.org/10.23919/j.cc.2019.07.002
- Open Networking Foundation, "Software-Defined Networking (SDN) Definition," 2021 [Online]. Available: https://www.opennetworking.org/sdn-definition.
- M. Casado, T. Garfinkel, A. Akella, M. J. Freedman, D. Boneh, N. McKeown, and S. Shenker, "SANE: a protection architecture for enterprise networks," in Proceedings of the 15th USENIX Security Symposium, Vancouver, Canada, 2006.
- M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker, "Ethane: taking control of the enterprise," ACM SIGCOMM Computer Communication Review, vol. 37, no. 4, pp. 1-12, 2007. https://doi.org/10.1145/1282427.1282382
- Linux Foundation, "What is Open vSwitch," 2016 [Online]. Available: https://docs.openvswitch.org/en/latest/intro/what-is-ovs.
- B. Lantz, B. Heller, and N. McKeown, "A network in a laptop: rapid prototyping for software-defined networks," in Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Monterey, CA, 2010, pp. 1-6.
- Open Networking Foundation, "OpenFlow Switch Specification version 1.5.1," 2015 [Online]. Available: https://opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf.
- N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008. https://doi.org/10.1145/1355734.1355746
- R. Enns, M. Bjorklund, J. Schoenwaelder, and A. Bierman, "Network configuration protocol (NETCONF)," Internet Engineering Task Force, RFC6241, 2011.
- M. Bjorklund, "YANG: a data modeling language for the network configuration protocol (NETCONF)," Internet Engineering Task Force, RFC6020, 2010.
- R. T. Fielding, "Architectural styles and the design of network-based software architectures," Ph.D. dissertation, University of California, Irvine, CA, 2000.
- W. Zhou, L. Li, M. Luo, and W. Chou, "Requirements and Design Patterns for REST Northbound API in SDN," Internet Engineering Task Force, Internet Draft, 2016.
- Chef [Online]. Available: https://www.chef.io.
- Puppet [Online]. Available: https://puppet.com.
- Ansible [Online]. Available: https://www.ansible.com.
- S. Yoon, T. Ha, S. Kim, Y. Kim, and H. Lim, "Hiding MAC addresses for cyber security on software-defined networks," in Proceedings of Symposium of the Korean Institute of Communications and Information Sciences (KICS), 2018, pp. 1452-1452.
- J. H. Won, J. W. Hong, and Y. Y. You, "A study on the improvement of security threat analysis and response technology by IoT layer," Journal of Convergence for Information Technology, vol. 8, no. 6, pp. 149-157, 2018.
- R. Sahay, G. Blanc, Z. Zhang, and H. Debar, "ArOMA: an SDN based autonomic DDoS mitigation framework," Computers & Security, vol. 70, pp. 482-499, 2017. https://doi.org/10.1016/j.cose.2017.07.008
- S. Shirali-Shahreza and Y. Ganjali, "Efficient implementation of security applications in OpenFlow controller with FleXam," in Proceedings of 2013 IEEE 21st Annual Symposium on High-Performance Interconnects, San Jose, CA, 2013, pp. 49-54.
- M. Huang and B. Yu, "FuzzyGuard: a DDoS attack prevention extension in software-defined wireless sensor networks," KSII Transactions on Internet and Information Systems (TIIS), vol. 13, no. 7, pp. 3671-3689, 2019. https://doi.org/10.3837/tiis.2019.07.019
- M. Wang, H. Zhou, and J. Chen, "A moving window principal components analysis based anomaly detection and mitigation approach in SDN network," KSII Transactions on Internet and Information Systems (TIIS), vol. 12, no. 8, pp. 3946-3965, 2018. https://doi.org/10.3837/tiis.2018.08.022
- Q. Wei, Z. Wu, K. Ren, and Q. Wang, "An OpenFlow user-switch remapping approach for DDoS defense," KSII Transactions on Internet and Information Systems (TIIS), vol. 10, no. 9, pp. 4529-4548, 2016. https://doi.org/10.3837/tiis.2016.09.027
- M. Afaq, S. Rehman, and W. C. Song, "Large flows detection, marking, and mitigation based on sFlow standard in SDN," Journal of Korea Multimedia Society, vol. 18, no. 2, pp. 189-198, 2015. https://doi.org/10.9717/kmms.2015.18.2.189
- G. Bang, D. Choi, and S. Bang, "A protection method using destination address packet sampling for SYN flooding attack in SDN environments," Journal of Korea Multimedia Society, vol. 18, no. 1, pp. 35-41, 2015. https://doi.org/10.9717/kmms.2015.18.1.035
- M. Nugraha, I. Paramita, A. Musa, D. Choi, and B. Cho, "Utilizing OpenFlow and sFlow to detect and mitigate SYN flooding attack," Journal of Korea Multimedia Society, vol. 17, no. 8, pp. 988-994, 2014. https://doi.org/10.9717/kmms.2014.17.8.988
- S. Shin, V. Yegneswaran, P. Porras, and G. Gu, "Avant-guard: scalable and vigilant switch flow management in software-defined networks," in Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013, pp. 413-424.
- M. Ambrosin, M. Conti, F. De Gaspari, and R. Poovendran, "LineSwitch: tackling control plane saturation attacks in software-defined networking," IEEE/ACM Transactions on Networking, vol. 25, no. 2, pp. 1206-1219, 2016. https://doi.org/10.1109/TNET.2016.2626287
- R. Mohammadi, R. Javidan, and M. Conti, "SLICOTS: an SDN-based lightweight countermeasure for TCP SYN flooding attacks," IEEE Transactions on Network and Service Management, vol. 14, no. 2, pp. 487-497, 2017. https://doi.org/10.1109/TNSM.2017.2701549
- K. Hong, Y. Kim, H. Choi, and J. Park, "SDN-assisted slow HTTP DDoS attack defense method," IEEE Communications Letters, vol. 22, no. 4, pp. 688-691, 2017. https://doi.org/10.1109/lcomm.2017.2766636
- R. Deb and S. Roy, "Dynamic vulnerability assessments of software-defined networks," Innovations in Systems and Software Engineering, vol. 16, no. 1, pp. 45-51, 2020. https://doi.org/10.1007/s11334-019-00337-3
- European Telecommunications Standards Institute (ETSI), "Network Functions Virtualisation (NFV)," 2021 [Online]. Available: https://www.etsi.org/technologies/nfv.
- sdxcentral, "What are virtual network functions or VNFs?," 2014 [Online]. Available: https://www.sdxcentral.com/networking/nfv/definitions/virtual-network-function.
- European Telecommunications Standards Institute (ETSI), "Network Functions Virtualisation - Introductory White Paper," 2012 [Online]. Available: https://portal.etsi.org/NFV/NFV_White_Paper.pdf.
- European Telecommunications Standards Institute (ETSI), "Network Functions Virtualisation (NFV); Architectural Framework," 2014 [Online]. Available: https://www.etsi.org/deliver/etsi_gs/NFV/001_099/002/01.02.01_60/gs_NFV002v010201p.pdf.
- OPNFV, "Open Platform for NFV (OPNFV) - technical overview," [Online]. Available: https://www.opnfv.org/software/technical-overview.
- T. Park, Y. Kim, J. Park, H. Suh, B. Hong, and S. Shin, "QoSE: quality of security a network security framework with distributed NFV," in Proceedings of 2016 IEEE International Conference on Communications (ICC), Kuala Lumpur, Malaysia, 2016, pp. 1-6.
- S. Lal, T. Taleb, and A. Dutta, "NFV: Security threats and best practices," IEEE Communications Magazine, vol. 55, no. 8, pp. 211-217, 2017. https://doi.org/10.1109/MCOM.2017.1600899
- C. C. Liu, B. S. Huang, C. W. Tseng, Y. T. Yang, and L. D. Chou, "SDN/NFV-based moving target DDoS defense mechanism," in Recent Trends in Data Science and Soft Computing. Cham, Switzerland: Springer, 2019, pp. 548-556.
- H. Kim, S. Park, and J. Ryou, "Research on DDoS Detection using AI in NFV," Journal of Digital Contents Society, vol. 19, no. 4, pp. 837-844, 2018. https://doi.org/10.9728/DCS.2018.19.4.837
- J. T. Kim, J. H. Kim, and I. K. Kim, "Analysis on the VNF-DPI for the cloud security," in Proceedings of Symposium of the Korean Institute of Communications and Information Sciences (KICS), 2018, pp. 811-812.
- M. Pattaranantakul, R. He, A. Meddahi, and Z. Zhang, "SecMANO: towards network functions virtualization (NFV) based security management and orchestration," in Proceedings of 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, China, 2016, pp. 598-605.
- J. Jeong, S. Hyun, T. Ahn, S. Hares, and D. R. Lopez, "Applicability of interfaces to network security functions to network-based security services," Internet Engineering Task Force, Fremont, CA, draft-ietfi2nsf-applicability-10, 2019.
- J. Hyun and W. Hong, "Technical research trends of network virtualization technologies," in Proceedings of the Committee on Korean Network Operations and Management (KNOM) Conference, Chooncheon, Korea, 2016.
- T. Narten, E. Gray, D. Black, L. Fang, L. Kreeger, and N. Napierala, "Problem statement: Overlays for network virtualization," Internet Engineering Task Force, Fremont, CA, RFC 7364, 2013.
- P. Garg and Y. Wang, "NVGRE: network virtualization using generic routing encapsulation," Internet Engineering Task Force, Fremont, CA, RFC 7637, 2015.
- B. Davie and J. Gross, "A stateless transport tunneling protocol for network virtualization (STT)," Internet Engineering Task Force, Fremont, CA, draft-davie-stt-06, 2016.
- M. Mahalingam, D. G. Dutt, K. Duda, K. Agarwal, L. Kreeger, T. Sridhar, M. Bursell, and C. Wright, "Virtual eXtensible Local Area Network (VXLAN): a framework for overlaying virtualized layer 2 networks over layer 3 networks," Internet Engineering Task Force, Fremont, CA, RFC 7348, 2014.
- J. Gross, I. Ganga, and T. Sridhar, "GENEVE: generic network virtualization encapsulation," Internet Engineering Task Force, Fremont, CA, RFC 8926, 2020.
- B. G. Jung, H. G. Lee, H. S. Park, and J. D. Park, "Hyper-connected trust network technology," Electronics and Telecommunications Trends, vol. 32, no. 1, pp. 35-45, 2017.
- Y. Andamasov, "GRE over IPsec for secure tunneling," 2021 [Online]. Available: https://support.vyos.io/en/kb/articles/gre-over-ipsec-for-secure-tunneling-2.
- Fortinet, "FortiOS 6.2.3 (VXLAN over IPsec tunnel)," 2020 [Online]. Available: https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/821119/vxlan-over-ipsec-tunnel.
- S. Boutros, C. Qian, and D. Wing, "IPsec over Geneve Encapsulation," Internet Engineering Task Force, Fremont, CA, draft-boutros-nvo3-ipsec-over-geneve-01, 2018.
- IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) security (IEEE Std 802.1AE), 2018 [Online]. Available: https://1.ieee802.org/security/802-1ae/.