• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.6
• /
• pp.1081-1086
• /
• 2023

The rapid growth and increasing complexity of modern networks have highlighted the limitations of traditional network architectures. The emergence of SDN (Software-Defined Network) in response to these challenges has changed the existing network environment. The SDN separates the control unit and the data unit, and adjusts the network operation using a centralized controller. However, this structure has also recently caused a huge amount of traffic due to the rapid spread of numerous Internet of Things (IoT) devices, which has not only slowed the transmission speed of the network but also made it difficult to ensure quality of service (QoS). Therefore, this paper proposes a method of load distribution by switching the IP and any server (processor) from the existing data processing scheduling technique, RR (Round-Robin), to mapping when a large amount of data flows in from a specific IP, that is, server overload and data loss.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.7
• /
• pp.3351-3369
• /
• 2017

In recent years, datacenters, network devices and computers have proliferated. The power consumed by information and communication technology (ICT) devices has inflated in an extraordinary manner. Green communication has emerged as a new approach to reduce and optimize power consumption in ICT sector. Many methods and protocols have been proposed and implemented to achieve green communication. Nevertheless, the increase of power consumption remains a problem. In this work, we attempt to reduce and optimize power consumption of network devices in datacenters environment utilizing software defined network (SDN) paradigm. To gain more insight of the power consumption requirements of network switches, a power measurement system is constructed to measure power consumption levels of network devices. Subsequently, we propose a duplication resolver algorithm (DRA) to power off/on switches reactively. DRA algorithm reduces the required time by switches to construct their flow tables after rebooting. To this end, DRA-based external circuit has been constructed utilizing Ethernet module and an Arduino kit to control power supplies of network devices. To facilitate our work, a testbed has been constructed utilizing Ryu SDN controller, HP2920-24G switches and Arduino kits. Our results show that DRA algorithm can reduce both the power usage and start-up time delay of network switches after failures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.29-43
• /
• 2019

In recent years, as the network traffic in the WSN(Wireless Sensor Network) has been increased by the growing number of IoT wireless devices, SDWSN(Software-Defined Wireless Sensor Network) and its security that aims a secure SDN(Software-Defined Networking) for efficiently managing network resources in WSN have received much attention. In this paper, we study on how to efficiently and securely design a PUF(Physical Unclonable Function)-assisted group key distribution scheme for the SDWSN environment. Recently, Huang et al. have designed a group key distribution scheme using the strengths of SDN and the physical security features of PUF. However, we observe that Huang et al.'s scheme has weak points that it does not only lack of authentication for the auxiliary controller but also it maintains the redundant synchronization information. In this paper, we securely design an authentication process of the auxiliary controller and improve the vulnerabilities of Huang et al.'s scheme by adding counter strings and random information but deleting the redundant synchronization information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.348-350
• /
• 2015

SDN(Software Defined Network) 컨트롤러는 스위치와 논리적으로 연결되어 스위치와 요청을 주고받으며 중앙 집중적으로 네트워크를 관리하는 역할을 한다. 스위치로부터의 요청이 많아지면 컨트롤러에 주어지는 부하가 증가하게 되며 이로 인한 연결 실패 현상이 발생하게 되면 신뢰성을 보장할 수 없다. 이러한 현상을 막기 위하여 여러 개의 컨트롤러를 이용하여 스위치의 요청을 처리한다. 이 때 특정 컨트롤러에 과부하가 주어진 경우 다른 컨트롤러로 부하를 분배하는 알고리즘에 대한 연구가 지금까지 이루어져 왔으며, 본 논문에서는 특정 컨트롤러에 부하가 지나치게 적을 때 그 부하를 다른 컨트롤러로 전달 후 대기 상태로 전환하여 네트워크 자원을 더 효율적으로 사용하고 컨트롤러 구동에 필요한 에너지 또한 효율적으로 사용할 수 있는 방안을 제시한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.43-44
• /
• 2019

본 논문에서는 머신러닝 알고리즘 중 하나인 Hopfield Network 알고리즘을 이용하여 SDN 환경에서 분산된 컨트롤러를 선택하는 모델을 제안하였다. Hopfield Network 알고리즘은 신경망의 물리적 모델로써 최적화, 연상기억 등에 사용되는데 이를 통해 효율적인 컨트롤러 동기화를 기대한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.39-40
• /
• 2019

본 논문에서는 연관규칙 마이닝 알고리즘인 Apriori 알고리즘을 기반으로 향상된 인공벌 군집 알고리즘(ABC algorihtm)을 적용하여 SDN 환경에서 분산된 컨트롤러를 선택하는 모델을 제안하였다. 이를 통해 자주 사용되는 컨트롤러를 우선적으로 선택함으로써 향상된 컨트롤러 선택을 목표로 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2534-2553
• /
• 2018

Source routing is the routing scheme that arranges the whole path from source to target at the origin node that may suit the requirements from the upper layer applications' perspective. The centralized control in SDN (Software-Defined Networking) networks enables the awareness of the global topology at the controller. Therefore, augmented source routing schemes can be designed to achieve various purposes. This paper proposes a source routing scheme that conducts the top-K QoS-aware paths discovery in SDN. First, the novel non-invasive QoS over LLDP scheme is designed to collect QoS information based on LLDP in a piggyback fashion. Then, variations of the KSP (K Shortest Paths) algorithm are derived to find the unconstrained/constrained top-K ranked paths with regard to individual/overall path costs, reflecting the Quality of Service. The experiment results show that the proposed scheme can efficiently collect the QoS information and find the top-K paths. Also, the performance of our scheme is applicable in QoS-sensitive application scenarios compared with previous works.

• Journal of Korea Multimedia Society
• /
• v.18 no.1
• /
• pp.35-41
• /
• 2015

SDN(Software Defined Networking) has been considered as a new future computer network architecture and DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture, we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If the Backlog queue of the certain server is occupied over 70%, the sFlow performs packet sampling with the server address as the destination address. To distinguish between the attacker and the normal user, we use the source address. We decide the SYN packet threshold using the remaining Backlog queue that possible to allow the number of connections. If certain sources address send the SYN packet over the threshold, we judge that this address is attacker. The controller will modify the flow table entry to block attack traffics. By using this method, we reduce the resource consumption about the unnecessary monitoring and the protection range is expanded to all switches. The result achieved from our experiment show that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.24-32
• /
• 2015

Recently, SDN is actively used as datacenter networks and gradually increase its applied areas. Along with this change of networking environment, research of deploying network security systems on SDN becomes highlighted. Especially, systems for detecting network flooding attacks by monitoring every packets through ports of OpenFlow switches have been proposed. However, because of the centralized management of a SDN controller which manage multiple switches, it may be substantial overhead that the attack detection system continuously monitors all the flows. In this paper, a sampling based network flooding attack detection and prevention system is proposed to reduce the overhead of monitoring packets and to achieve reasonable functionality of attack detection and prevention. The proposed system periodically takes sample packets of network flows with the given sampling conditions, analyzes the sampled packets to detect network flooding attacks, and block the attack flows actively by managing the flow entries in OpenFlow switches. As network traffic sampler, sFlow agent is used, and snort, an opensource IDS, is used to detect network flooding attack from the sampled packets. For active prevention of the detected attacks, an OpenDaylight application is developed and applied. The proposed system is evaluated on the local testbed composed with multiple OVSes (Open Virtual Switch), and the performance and overhead of the proposed system under various sampling condition is analyzed.