• International Journal of Computer Science & Network Security
• /
• 제22권4호
• /
• pp.374-386
• /
• 2022

Nowadays, research in deep learning leveraged automated computing and networking paradigm evidenced rapid contributions in terms of Software Defined Networking (SDN) and its diverse security applications while handling cybercrimes. SDN plays a vital role in sniffing information related to network usage in large-scale data centers that simultaneously support an improved algorithm design for automated detection of network intrusions. Despite its security protocols, SDN is considered contradictory towards DDoS attacks (Distributed Denial of Service). Several research studies developed machine learning-based network intrusion detection systems addressing detection and mitigation of DDoS attacks in SDN-based networks due to dynamic changes in various features and behavioral patterns. Addressing this problem, this research study focuses on effectively designing a multistage hybrid and intelligent deep learning classifier based on modified deep forest classification to detect DDoS attacks in SDN networks. Experimental results depict that the performance accuracy of the proposed classifier is improved when evaluated with standard parameters.

• International Journal of Computer Science & Network Security
• /
• 제22권10호
• /
• pp.303-309
• /
• 2022

Software Defined Networking (SDN) is a novel approach that have accelerated the development of numerous technologies such as policy-based access control, network virtualization, and others. It allows to boost network architectural flexibility and expedite the return on investment. However, this increases the system's complexity, necessitating the expenditure of dollars to assure the system's security. Network Function Virtualization (NFV) opens up new possibilities for network engineers, but it also raises security concerns. A number of Internet service providers and network equipment manufacturers are grappling with the difficulty of developing and characterizing NFVs and related technologies. Through Moodle's efforts to maintain security, this paper presents a detailed review of security-related challenges in software-defined networks and network virtualization services.

• ETRI Journal
• /
• 제45권3호
• /
• pp.433-447
• /
• 2023

Critical issues such as connection congestion, long transmission delay, and packet loss become even worse during epidemic, disaster, and so on. In this study, a link load balancing method is proposed to address these issues on the data plane, a plane of the software-defined network (SDN) architecture. These problems are NP-complete, so a meta-heuristic approach, discrete particle swarm optimization, is used with a novel hybrid cost function. The superiority of the proposed method over existing methods in the literature is that it provides link and switch load balancing simultaneously. The goal is to choose a path that minimizes the connection load between the source and destination in multipath SDNs. Furthermore, the proposed work is dynamic, so selected paths are regularly updated. Simulation results prove that with the proposed method, streams reach the target with minimum time, no loss, low power consumption, and low memory usage.

• Journal of Communications and Networks
• /
• 제18권4호
• /
• pp.559-566
• /
• 2016

Software defined network (SDN) can effectively improve the performance of traffic engineering and will be widely used in backbone networks. Therefore, new energy-saving schemes must take SDN into consideration; this action is extremely important owing to the rapidly increasing energy consumption in telecom and Internet service provider (ISP) networks. Meanwhile, the introduction of SDN in current networks must be incremental in most cases, for technical and economic reasons. During this period, operators must manage hybrid networks in which SDN and traditional protocols coexist. In this study, we investigate the energy-efficient traffic engineering problem in hybrid SDN/Internet protocol (IP) networks. First, we formulate the mathematical optimization model considering the SDN/IP hybrid routing mode. The problem is NP-hard; therefore, we propose a fast heuristic algorithm named hybrid energy-aware traffic engineering (HEATE) as a solution. In our proposed HEATE algorithm, the IP routers perform shortest-path routing by using distributed open shortest path first (OSPF) link weight optimization. The SDNs perform multipath routing with traffic-flow splitting managed by the global SDN controller. The HEATE algorithm determines the optimal setting for the OSPF link weight and the splitting ratio of SDNs. Thus, the traffic flow is aggregated onto partial links, and the underutilized links can be turned off to save energy. Based on computer simulation results, we demonstrate that our algorithm achieves a significant improvement in energy efficiency in hybrid SDN/IP networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.4703-4723
• /
• 2018

In recent years, dense small cell network has been deployed to address the challenge that has resulted from the unprecendented growth of mobile data traffic and users. It has proven to be a cost efficeient solution to offload traffic from macro-cells. Software defined heterogeneous wireless network can decouple the control plane from the data plane. The control signal goes through the macro-cell while the data traffic can be offloaded by small cells. In this paper, we propose a framework for cell virtualization and user association in order to satisfy versatile requirements of multiple tenants. In the proposed framework, we propose an interference graph partioning based virtual-cell association and customized physical-cell association for multi-homed users in a software defined small cell network. The proposed user association scheme includes 3 steps: initialization, virtual-cell association and physical-cell association. Simulation results show that the proposed virtual-cell association outperforms the other schemes. For physical-cell association, the results on resource utilization and user fairness are examined for mobile users and infrastructure providers.

• 한국통신학회논문지
• /
• 제39B권6호
• /
• pp.379-386
• /
• 2014

최근 네트워크가 점점 복잡해짐에 따라 많은 수의 미들박스를 동적으로 유연하게 관리할 필요성이 증가하고 있으며, 미들박스 설정이 사업자의 정책과 다르게 잘못 설정되는 경우가 빈번하기 때문에 미들박스를 효율적으로 관리할 수 있는 기법이 절실한 상황이다. 이러한 미들박스 관리의 어려움은 SDN (Software Defined Networking)의 중앙 집중화된 컨트롤러 구조와 유연한 프로그래밍 능력을 통해 해결할 수 있다. 즉, 네트워크 상황에 맞춰 동적으로 미들박스 정책을 적용하고, 데이터/컨트롤 평면의 분리를 통해 기존 미들박스 구조는 그대로 유지한 채 새로운 컨트롤 평면을 추가하는 것이 가능하다. 또한 클라우드와 분산 네트워크 기능 가상화 (NFV : Network Function Virtualization) 기술을 통해 보다 유연하게 미들박스를 관리하는 방안도 가능하다. 본 논문에서는 유선망과 무선망이 통합된 네트워크에서 SDN 기반의 미들박스 관리 기법과 클라우드 기반의 미들박스 관리 방안에 대해 알아보고 향후 연구 이슈에 대해서 살펴본다.

• 한국통신학회논문지
• /
• 제38B권4호
• /
• pp.266-278
• /
• 2013

본 논문은 인터넷과 같은 다중제공자(multi-provider) 네트워크 환경 하에서 패킷 플로우를 효과적으로 제어하기 위한 SDN(Software Defined Networking) 기반의 정책 제어기를 소개한다. 제안된 정책 제어기는 네트워크 가시성 정보를 이용해 가상링크 및 가상포트 등을 직관적으로 제어함으로써 효과적인 서비스 오버레이 네트워킹(service overlay networking) 환경을 실현한다. 또한, 논리적으로 구분된 다수의 주문형 가상망을 신속히 구성하고 동적으로 관리함으로써 응용에 최적화된 네트워킹 환경을 사용자에게 제공한다. 본 논문에서는 정책 제어기의 구조 및 특징을 소개한 후, 멀티캐스트를 위한 두 가지 서비스 응용을 예시한다. 또한, 해당 응용들을 이용한 네트워크 서비스의 구성 시간을 성능 평가함으로써 정책 제어기의 적용 가능성을 확인한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권6호
• /
• pp.2848-2869
• /
• 2017

Mobile Wireless Sensor Networks (MWSN) are usually constrained in energy supply, which makes energy efficiency a key factor to extend the network lifetime. The management of the network topology has been widely used as a mechanism to enhance the lifetime of wireless sensor networks (WSN), and this work presents an alternative to this. Software Defined Networking (SDN) is a well-known technology in data center applications that separates the data and control planes during the network management. This paper proposes a solution based on SDN that optimizes the energy use in MWSN. The network intelligence is placed in a controller that can be accessed through different controller gateways within a MWSN. This network intelligence runs a Topology Control (TC) mechanism to build a backbone of coordinator nodes. Therefore, nodes only need to perform forwarding tasks, they reduce message retransmissions and CPU usage. This results in an improvement of the network lifetime. The performance of the proposed solution is evaluated and compared with a distributed approach using the OMNeT++ simulation framework. Results show that the network lifetime increases when 2 or more controller gateways are used.

• 한국통신학회논문지
• /
• 제39B권6호
• /
• pp.387-396
• /
• 2014

최근 SDN (Software Defined Networking) 기반의 다양한 네트워크 제어 및 관리 플랫폼들이 서비스제공자 및 통신사업자들에 의해 연구되고 있다. SDN의 중요한 특징 중 하나는 소프트웨어 프로그램으로 작성된 간단한 응용에 의해 네트워크가 쉽게 제어되고 관리된다는 점에 있다. 이러한 관점에서 잘못 작성된 SDN 응용은 네트워크 전체에 오류를 발생시킬 수 있어, 해당 응용은 작성된 오픈플로우 포워딩 규칙(rule)을 SDN 컨트롤러(controller)를 통해 스위치에 반영하기 전에 토폴로지와 네트워크 환경의 안전성(safety)과 일관성(consistency)이 반드시 검증되어야 한다. 본 논문에서는 SDN 응용 검증을 위한 프로세스 알지브라 (process algebra) 기반의 언어인 pACSR (Packet based Algebra of Communicating Shared Resources)와 이를 기반으로 한 정형 검증 프레임워크를 제안하고, 이에 대한 SDN 정형검증 도구 연구시제품 구현 현황을 기술한다.

• 정보보호학회논문지
• /
• 제29권1호
• /
• pp.29-43
• /
• 2019

최근, IoT 무선 디바이스 등의 증가로 WSN(Wireless Sensor Network) 환경에서 네트워크 트래픽이 증가하면서 네트워크 자원을 안전하고 효율적으로 관리하는 SDN(Software-Defined Networking)을 WSN에 적용한 SDWSN(Software-Defined Wireless Sensor Networking)과 그에 대한 보안 기술에 대한 관심도가 증가하고 있다. 본 논문에서는 SDWSN 환경에서 PUF(Physical Unclonable Function) 기반 그룹 키 분배 방법을 안전하고 효율적으로 설계하는 방법을 서술한다. 최근에 Huang 등은 그룹 키 분배에 SDN의 장점과 PUF의 물리적 보안 기능을 이용하여 그룹 키 분배 방법을 설계하였다. 하지만, 본 논문에서는 Huang 등의 프로토콜이 보조 제어부 미인증과 불필요한 동기화 정보를 유지하는 취약점이 존재함을 발견하였다. 본 논문에서는 보조 제어부에 인증과정을 안전하게 설계하고, 불필요한 동기화 정보는 삭제하되 카운터 스트링과 랜덤 정보를 추가하여 Huang의 취약점을 개선하였다.