• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.3-10
• /
• 2020

Recently, the Internet and networks are regarded as essential infrastructures that constitute society, and security threats have been constantly increased. However, the network switch that actually transmits packets in the network can cope with security threats only through firewall or network access control based on fixed rules, so the effective defense for the security threats is extremely limited in the network itself and not actively responding as well. In this paper, we propose an in-network security framework using the high-level data plane programming language, P4 (Programming Protocol-independent Packet Processor), to deal with DDoS attacks and IP spoofing attacks at the network level by monitoring all flows in the network in real time and processing specific security attack packets at the P4 switch. In addition, by allowing the P4 switch to apply the network user's or administrator's policy through the SDN (Software-Defined Network) controller, various security requirements in the network application environment can be reflected.

• Annual Conference of KIPS
• /
• 2015.04a
• /
• pp.373-375
• /
• 2015

소프트웨어 정의 네트워크(SDN)의 등장은 학계와 산업계에 큰 영향을 주었다. SDN은 물리적인 장치를 변경하지 않고 네트워크 관리자의 의도대로 대상 네트워크를 관리 할 수 있기 때문에, 능동적이고 유연한 관리환경을 제공한다. 보안측면에서 SDN 기반의 네트워크는 다양한 공격을 탐지하는 데 유용하게 쓰인다. 하지만 대부분의 SDN을 이용한 보안 연구는 네트워크에만 집중되어 있고, 호스트를 고려하지 않고 있다. 이와 더불어 SDN 기반의 보안 애플리케이션을 제작하기 위해서는, SDN을 운용하는 컨트롤러와 다양한 지식이 요구된다. 본 연구에서는 SDN 기반의 호스트와 네트워크를 모두 고려하는 보안 애플리케이션 제작의 어려움을 해결하기 위해, 소프트웨어 정의 네트워크 기반 위협 대응 프레임워크를 제안한다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.20 no.5
• /
• pp.37-44
• /
• 2015

An antivirus is a widely used solution for detecting malicious softwares in client devices. The performance of antivirus solutions in the mobile client environment is critical due to its resource constrains. Many solutions light-weighting client's overhead in the mobile client environment have been developed. However, most solutions require platform modifications or software installations and it decreases their realizations in practice. In this paper, we propose a solution detecting malwares on networks using the Software Defined Network (SDN). Our main goal is designing a solution detecting malwares of mobile client without involving the client into the work. We contribute to provide a solution that does not require client-side installations or modifications and so is easily applicable in practice.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.4
• /
• pp.266-278
• /
• 2013

In this paper, to manage the efficient control of IP packet flows crossing multi-provider networks such as Internet, we propose a SDN(Software Defined Networking)-based policy controller. The proposed policy controller leverages the visibility of underlying network and manages both virtual links and ports to inter-connect networking elements. The controller is capable of quickly composing multiple on-demand virtual networks and dynamically managing the composed networks, thus it can provide more flexible and optimized overlay networking environment to end-user applications. More specifically, we first look into the proposed structure and features of policy controller. With two kinds of service applications, we then verify the applicability of the proposed controller by evaluating its service composition time.

• Information and Communications Magazine
• /
• v.31 no.6
• /
• pp.3-11
• /
• 2014

Mobile operators today face yet another critical challenge as technology lifecycle becomes increasingly short and also as heterogeneous and complex network becomes exceedingly expensive and difficult to manage. With extremely competitive market and demanding users, the overall revenue structure is expected to get worse. A network architecture based on software-defined networking (SDN) and virtualization techniques gives operators greater opportunity to build cost-effective and efficient alternative to the legacy. In this work we review our Carrier Cloud as a future mobile network infrastructure that exploits both SDN and NFV in order to increase the operator agility, reduce the cost, and even disrupt the vendor landscape. This new architecture will not be fully adopted by the conservative operators at once. Technological hurdles have to be overcome, and a clear understanding of operational differences must be preceded.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.219-230
• /
• 2023

Wireless Body Area Networks (WBANs) have made it easier for healthcare workers and patients to monitor patients' status continuously in real time. WBANs have complex and diverse network structures; thus, management and control can be challenging. Therefore, considering emerging Software-defined networks (SDN) with WBANs is a promising technology since SDN implements a new network management and design approach. The SDN concept is used in this study to create more adaptable and dynamic network architectures for WBANs. The study focuses on comparing the performance of two SDN controllers, POX and Ryu, using Mininet, an open-source simulation tool, to construct network topologies. The performance of the controllers is evaluated based on bandwidth, throughput, and round-trip time metrics for networks using an OpenFlow switch with sixteen nodes and a controller for each topology. The study finds that the choice of network controller can significantly impact network performance and suggests that monitoring network performance indicators is crucial for optimizing network performance. The project provides valuable insights into the performance of SDN-based WBANs using POX and Ryu controllers and highlights the importance of selecting the appropriate network controller for a given network architecture.

• Electronics and Telecommunications Trends
• /
• v.28 no.6
• /
• pp.13-27
• /
• 2013

SDN(Software Defined Network) 기술이 미국을 중심으로 먼저 출발하였으며 NFV(Network Function Virtualization) 기술은 유럽을 중심으로 한 SDN의 경쟁적인 기술로 초기에는 인식이 되었으나, 두 기술의 상호 시너지 효과를 고려하여 2013년 하반기부터는 다양한 형태의 협력 방안들이 표준단체, 산업체 및 캐리어들로부터 소개되고 있다. 두 기술이 지향하는 가장 큰 목표는 하드웨어의 의존성을 배제하고 네트워크 및 서비스를 추상화함으로써 캐리어들이 신규 서비스를 Time-to-Market에 맞게 그러면서도 유연하게 출시하고 제어 및 관리를 중앙집중 방식으로 제공하여 CAPEX(Capital Expenditure) & OPEX(Operating Expense)를 최소화 하는데 있다. 본고에서는 이 두 기술의 표준화 및 기술 동향, 그리고 아직은 태동기인 두 기술이 지향하는 다양한 Use Case들과 적용사례를 캐리어 환경 중심으로 살펴보고 향후 상용화 및 산업화에 대한 장 단기 발전 전망에 대해 기술 중심으로 예측해 본다.

• Electronics and Telecommunications Trends
• /
• v.30 no.1
• /
• pp.133-143
• /
• 2015

최근 기술발전으로 컴퓨터 수준의 스마트 디바이스를 이용한 무선 인터넷 서비스 이용이 확대되고 있어 이에 따른 트래픽 증가를 효율적으로 수용하기 위한 새로운 이동통신시스템과 네트워크 구조 연구가 활발하게 진행되고 있다. 이러한 과정에 유선 IT 분야에서 선행적으로 진행된 SDN(Software Defined Network) 및 cloud & virtualization 기술들을 이동통신의 액세스 또는 서비스 플랫폼 환경에 적용하는 선도적인 연구개발이 진행되고 있어 SDN 및 cloud & virtualization 분야에 대한 최근 동향을 파악하고 이러한 기술들이 이동통신분야에 적용되는 다양한 사례들을 분석하여 새로운 형태의 네트워크 및 시스템 구조와 방식에 대한 연구개발 방향을 제시한다.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.6
• /
• pp.605-610
• /
• 2020

Software Defined Networking (SDN) is setting the standard for the management of networks due to its scalability, flexibility and functionality to program the network. The Distributed Denial of Service (DDoS) attack is most widely used to attack the SDN controller to bring down the network. Different methodologies have been utilized to detect DDoS attack previously. In this paper, first the dataset is obtained by Kaggle with 84 features, and then according to the rank, the 20 highest rank features are selected using Permutation Importance Algorithm. Then, the datasets are trained and tested with Convolution Neural Network (CNN) classifier model by utilizing deep learning techniques. Our proposed solution has achieved the best results, which will allow the critical systems which need more security to adopt and take full advantage of the SDN paradigm without compromising their security.

• Journal of Internet Computing and Services
• /
• v.22 no.5
• /
• pp.27-33
• /
• 2021

With the broad adoption of the Internet of Things (IoT) in a variety of scenarios and application services, management and orchestration entities require upgrading the traditional architecture and develop intelligent models with ultra-reliable methods. In a heterogeneous network environment, mission-critical IoT applications are significant to consider. With erroneous priorities and high failure rates, catastrophic losses in terms of human lives, great business assets, and privacy leakage will occur in emergent scenarios. In this paper, an efficient resource slicing scheme for optimizing federated learning in software-defined IoT (SDIoT) is proposed. The decentralized support vector regression (SVR) based controllers predict the IoT slices via packet inspection data during peak hour central congestion to achieve a time-sensitive condition. In off-peak hour intervals, a centralized deep neural networks (DNN) model is used within computation-intensive aspects on fine-grained slicing and remodified decentralized controller outputs. With known slice and prioritization, federated learning communications iteratively process through the adjusted resources by virtual network functions forwarding graph (VNFFG) descriptor set up in software-defined networking (SDN) and network functions virtualization (NFV) enabled architecture. To demonstrate the theoretical approach, Mininet emulator was conducted to evaluate between reference and proposed schemes by capturing the key Quality of Service (QoS) performance metrics.