• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1223-1232
• /
• 2016

A virtual network technology can provide a network reflecting the requirements of various services. The virtual network can distribute resources of the physical network to each virtual slice. An efficient resource distribution technique is needed to reflect the requirements of various services. Existing bandwidth distribution techniques can only control downlink traffic without taking traffic conditions on the network into account. Downlink and uplink share the same resources in a wireless network. The existing bandwidth distribution techniques assumed that all stations generate saturated traffic. Therefore, the existing bandwidth distribution technique cannot make traffic isolation in a virtual wireless network. In this paper, we proposed a traffic-based bandwidth control techniques to solve these problems. We applied Software-Defined Networking(SDN) to the virtual wireless network, monitored the traffic at each station, and searched for stations that generated unsaturated traffic. We also controlled both uplink and downlink traffics dynamically based on monitoring information. Our system can be implemented with legasy 802.11 clients and SDN-enabled APs. After the actual test bed configuration, it was compared to existing techniques. As a result, the distribution performance of the proposed technique was improved by 14% in maximum.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.397-405
• /
• 2014

Software-Defined Networking (SDN), which separates the control plane from the data plane and manages data planes in a centralized way, is now considered as a future networking technology, and many researchers and practitioners have dived into this area to devise new network applications, such new routing methods. Likewise, network security applications could be redesigned with SDN, and some pioneers have proposed several interesting network security applications with SDN. However, most approaches have just reimplemented some well-known network security applications, although SDN provides many interesting features, They didn't effectively use them. To investigate if we can use SDN in realizing sophisticated network security applications, we have designed and implemented an advanced network security application, Reflectornet, which redirects malicious or suspicious network trials to other security monitoring points (e.g., honeypot). In addition, we have tested its performance and practicability in diverse angles. Our findings and some insights will encourage other researchers to design better or intelligent network security applications with SDN.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.94-96
• /
• 2021

Software-Defined Networking (SDN), which has emerged to overcome the limitations of existing network architectures, makes routing management simpler and more efficient through a central controller. SR (Segment Routing) is a flexible and scalable way of doing source routing, and defines the information path of the network through a list of segments arranged in the packet header. In an SDN environment, the performance of each router is almost the same, but packets tend to be concentrated on routes that are frequently used depending on routing algorithms. Routers in that path have a relatively high frequency of failure and are more likely to become bottlenecks. In this paper, we propose a routing algorithm that allows the router, which is a resource in the network, to evenly process packets in the SDN with SR, so that the administrator can utilize the resources in the network without idle routers, and at the same time facilitate the management of the router.

• Journal of Information Processing Systems
• /
• v.13 no.2
• /
• pp.236-255
• /
• 2017

The rapid growth of smart devices demands an enhanced throughput for network connection sustainability during mobility. However, traditional wireless network architecture suffers from mobility management issues. In order to resolve the traditional mobility management issues, we propose a novel architecture for future wireless access network based on software-defined network (SDN) by using the advantage of network function virtualization (NFV). In this paper, network selection approach (NSA) has been introduced for mobility management that comprises of acquiring the information of the underlying networking devices through the OpenFlow controller, percepts the current network behavior and later the selection of an appropriate action or network. Furthermore, mobility-related scenarios and use cases to analyze the implementation aspects of the proposed architecture are provided. The simulation results confirm that the proposed scenarios have obtained a seamless mobility with enhanced throughput at minimum packet loss as compared to the existing IEEE 802.11 wireless network.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3435-3454
• /
• 2016

Device-to-device (D2D) communication is a potential solution to the incessant increase in data traffic on cellular networks. The greatest problem is how to control the interference between D2D users and cellular mobile users, and between D2D users themselves. This paper proposes a solution for this issue by putting the full control privilege in cellular network using the software-defined networking (SDN) concept. A software virtual switch called Open vSwitch and several components are integrated into mobile devices for data forwarding and radio resource mapping, whereas the control functions are executed in the cellular network via a SDN controller. This allows the network to assign radio resources for D2D communication directly, thus reducing interference. This solution also brings out many benefits, including resource efficiency, energy saving, topology flexibility, etc. The advantages and disadvantages of this architecture are analyzed by both a mathematical method and a simple implementation. The result shows that implementation of this solution in the next generation of cellular networks is feasible.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.149-150
• /
• 2019

기존의 Flow 규칙 구분을 위해 연구되었던 기법들은 적응적 또는 사전 처리의 접근법이 제안되었으나 각각의 장단점을 기반으로 효율적인 접근법이 연구되어야한다. 본 연구에서는 Flow 규칙을 삽입하기 전에, 스위치의 계산 작업을 완화하기 위하여 전이 학습 기법인 TrAdaBoost를 이용함으로써 Flow 규칙들을 구분하는 접근법을 제안한다.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.3-10
• /
• 2020

Recently, the Internet and networks are regarded as essential infrastructures that constitute society, and security threats have been constantly increased. However, the network switch that actually transmits packets in the network can cope with security threats only through firewall or network access control based on fixed rules, so the effective defense for the security threats is extremely limited in the network itself and not actively responding as well. In this paper, we propose an in-network security framework using the high-level data plane programming language, P4 (Programming Protocol-independent Packet Processor), to deal with DDoS attacks and IP spoofing attacks at the network level by monitoring all flows in the network in real time and processing specific security attack packets at the P4 switch. In addition, by allowing the P4 switch to apply the network user's or administrator's policy through the SDN (Software-Defined Network) controller, various security requirements in the network application environment can be reflected.

• Journal of Digital Contents Society
• /
• v.14 no.4
• /
• pp.557-564
• /
• 2013

An important research challenge about the traditional Internet environment is to enable open networking architecture on which end users are able to innovate the Internet based on the technologies of network programmability, virtualization, and federation. The SDN (Software Defined Network) technology that includes OpenFlow protocol specifications, is suggested as a major driver for the open networking architecture, and is closely coupled with the classical Internet (non-SDN). Therefore, it is very important to keep the integrated SDN and non-SDN network infrastructure reliable from the view point of network operators and engineers. Under this background, this paper proposes an operations and management framework for the combined software defined network environment across not only a single-domain network, but also multi-domain networks. The suggested framework is designed to allow SDN controllers and DvNOC systems to interact with each other to achieve sustainable end-to-end user-oriented SDN and non-SDN integrated network environment. Plus, the proposed scheme is designed to apply enhanced functionalities on DvNOC to support four major network failure scenarios over the combined network infrastructure, mainly derived from SDN controllers, SDN devices, and the connected network paths.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.1
• /
• pp.23-34
• /
• 2022

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.12
• /
• pp.4725-4747
• /
• 2020

Software defined networking (SDN) is considered to be one of the most promising paradigms in the future. To solve the scalability and performance problem that a single and centralized controller suffers from, the distributed multi-controller architecture is adopted, thus forms multi-domain SDN. In a multi-domain SDN network, it is of great importance to ensure a reliable control plane. In this paper, we focus on the reliability problem of multi-domain SDN against controller failure from perspectives of backup controller deployment and controller replication. We firstly propose a placement algorithm for backup controllers, which considers both the reliability and the cost factors. Then a controller replication mechanism based on shared data storage is proposed to solve the inconsistency between the active and standby controllers. We also propose a shared data storage layout method that considers both reliability and performance. Besides, a fault recovery and repair process is designed based on the controller backup and shared data storage mechanism. Simulations show that our approach can recover and repair controller failure. Evaluation results also show that the proposed backup controller placement approach is more effective than other methods.