Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Abhishek Savaliya,Rutvij H Jhaveri,Qin Xin,Saad Alqithami,Sagar Ramani,Tariq Ahamed Ahanger

DOI: https://doi.org/10.3934/mbe.2021411

2021-09-22

Abstract:Industrial Cyber-Physical Systems (CPSs) require flexible and tolerant communication networks to overcome commonly occurring security problems and denial-of-service such as links failure and networks congestion that might be due to direct or indirect network attacks. In this work, we take advantage of Software-defined networking (SDN) as an important networking paradigm that provide real-time fault resilience since it is capable of global network visibility and programmability. We consider OpenFlow as an SDN protocol that enables interaction between the SDN controller and forwarding plane of network devices. We employ multiple machine learning algorithms to enhance the decision making in the SDN controller. Integrating machine learning with network resilience solutions can effectively address the challenge of predicting and classifying network traffic and thus, providing real-time network resilience and higher security level. The aim is to address network resilience by proposing an intelligent recommender system that recommends paths in real-time based on predicting link failures and network congestions. We use statistical data of the network such as link propagation delay, the number of packets/bytes received and transmitted by each OpenFlow switch on a specific port. Different state-of-art machine learning models has been implemented such as logistic regression, K-nearest neighbors, support vector machine, and decision tree to train these models in normal state, links failure and congestion conditions. The models are evaluated on the Mininet emulation testbed and provide accuracies ranging from around 91-99% on the test data. The machine learning model with the highest accuracy is utilized in the intelligent recommender system of the SDN controller which helps in selecting resilient paths to achieve a better security and quality-of-service in the network. This real-time recommender system helps the controller to take reactive measures to improve network resilience and security by avoiding faulty paths during path discovery and establishment.

Ali Nadim Alhaj,Narottam Das Patel,Ajeet Singh,Rohit Kumar Bondugula,Mohsin Furkh Dar,Jameel Ahamed

DOI: https://doi.org/10.1504/ijsnet.2024.141613

2024-09-28

International Journal of Sensor Networks

Abstract:The rapid expansion of networks has given rise to numerous challenges and issues. In recent years, one idea that has captivated researchers is segregating the forwarding and control levels, which emerged with software-defined networking (SDN) frameworks. Despite centralised management and network administration advantages, SDN networks have encountered several issues, with safety and reliability being the most prominent. This paper proposes a comprehensive robust security architecture for SDN networks that consists of modular components. Each module addresses a specific security challenge, and by integrating these security solutions, we aim to establish a cohesive security framework for SDN. Furthermore, we propose a robust security algorithm capable of effectively mitigating critical security attacks such as DDoS, ARP, and MITM. Our approach involves developing a multi-level security algorithm to counteract most DDoS attacks, while also devising a real-time algorithm specifically designed to handle ARP attacks, including request-replay-ARP DoS attacks.

computer science, information systems,telecommunications

A. Abirami,S. Palanikumar

DOI: https://doi.org/10.24996/ijs.2023.64.11.35

2023-11-30

Iraqi Journal of Science

Abstract:is at an all-time high in the modern period, and the majority of the population uses the Internet for all types of communication. It is great to be able to improvise like this. As a result of this trend, hackers have become increasingly focused on attacking the system/network in numerous ways. When a hacker commits a digital crime, it is examined in a reactive manner, which aids in the identification of the perpetrators. However, in the modern period, it is not expected to wait for an attack to occur. The user anticipates being able to predict a cyberattack before it causes damage to the system. This can be accomplished with the assistance of the proactive forensic framework presented in this study. The proposed system combines a reactive and proactive framework. The proactive part will use machine learning-based classification algorithms to forecast the attack. Once the assault has been predicted, the reactive element of the proposed framework is used to investigate who is attempting to initiate the attack. The suggested system further emphasizes integrity and confidentiality by proposing an encryption method that encrypts the proactive module's report before decrypting it in the reactive module. The suggested elliptical curve cryptography-based security model was compared to several existing security methods in this paper.A comparison of multiple machine learning-based categorization algorithms is also performed in order to determine which is the most suitable for the proposed Network Forensic Framework. Accuracy, recall, precision, and F1 value are the performance metrics used to evaluate the various machine learning-based algorithms. According to the analysis, the suggested Network Forensic Framework is best implemented using the Extreme Gradient Boosting (XGB) technique.

Parmod Kumar,Anupam Baliyan,K. Ramalingeswara Prasad,N. Sreekanth,Parag Jawarkar,Vandana Roy,Enoch Tetteh Amoatey

DOI: https://doi.org/10.1155/2022/5713092

2022-04-13

Wireless Communications and Mobile Computing

Abstract:A number of disadvantages of traditional networks may be attributed to the close relationship that exists between the control plane and the data plane inside proprietary hardware designs, as described above. The problem of security is one of the most difficult to deal with. There are a plethora of network hazards and attacks that might be encountered these days. DDoS attacks are one of the most popular and disruptive attacks on the internet today, and they affect a wide range of organisations. Despite a large number of traditional mitigation solutions now available, the frequency, volume, and intensity of distributed denial-of-service (DDoS) attacks continue to rise. According to the findings of this paper, a new network paradigm is necessary to satisfy the requirements of today’s complex security concerns. It was necessary to develop a software-defined network (SDN) in order to meet the real-time needs of the massive network that was expanding at an exponential rate. Many advantages of SDN exist, including simplicity of administration, scalability, and agility, but one of the most critical is security, which is one of the most important considerations when implementing SDN. SDS may be seen as a paradigm in which the implementation of new security regulations in the computer environment is performed via the use of protected software, which is described further below. The goal is to provide a flexible and extensible architecture for DDoS detection and prevention that is both flexible and extendable; the suggested clustering approach, which is based on the Open Day Light (ODL) Controller, is employed to carry out the experimental findings. In this section, we emphasise DDoS penetration techniques from a range of tools, and we evaluate the vulnerability against various tactics. It is necessary to use a Mininet emulation tool to construct a detection and prevention system against distributed denial of service (DDoS) attacks in order to achieve success. There is a range of other simulation tools that are utilised in conjunction with this research in order to bring it to a conclusion. Integration of industry standards such as SNORT and Flow has been accomplished in a variety of situations and parameter settings. During the creation of a framework capable of detecting and mitigating DDoS attacks at an early stage in both the control and application levels, the implementation of this framework has been shown to be crucial in the development of a framework.

computer science, information systems,telecommunications,engineering, electrical & electronic

Piyush Piyush,,,,,,,Akhilesh A. Waoo,Murlidhar Prasad Singh,Piyush Kumar Pareek,Shoaib Kamal,Shraddha V. Pandit

DOI: https://doi.org/10.54216/jisiot.120215

2024-01-01

Journal of Intelligent Systems and Internet of Things

Abstract:This research introduces an algorithmic framework for enhancing the security of Internet of Things (IoT) networks. The Enhanced Anomaly Detection (EAD) algorithm initiates the process by detecting anomalies in real-time IoT data, serving as the foundational layer. The Behavior Analysis for Profiling (BAP) algorithm builds upon EAD, adding behavior analysis for profiling and adaptive identification of abnormal behavior. Signature-Based Detection (SBD) involves pre-identified attack signatures, which supports detection of known attacks and provides proactive defense measures against documented threats. The MLID, or the Machine Learning-Based Intrusion Detection, algorithm uses trained machine learning models in order to detect anomalies and the adaptability to changing security risks. The Real-Time Threat Intelligence Integration (RTI) algorithm integrates updated threat intelligence feeds, which improves the framework's responsiveness to emerging threats. The visual representations illustrate once again the idea of the new framework being very accurate at intergration, applicability, and overal security effectiveness. The research makes a standard solution which proves to be a smart and responsive way guarding the IoT networks reducing and even fighting known and potential threats in a real-time mode.

Hewa Balisane,,Ehigiator Egho-Promise,Emmanuel Lyada,Folayo Aina,Abimbola Sangodoyin,Halima Kure,,,,,

DOI: https://doi.org/10.26562/irjcs.2024.v1106.03

2024-06-30

International Research Journal of Computer Science

Abstract:The rapidly evolving landscape of cyber threats necessitates robust and adaptable strategies to safeguard networking. This study explores the development and evaluation of a comprehensive framework for threat mitigation, integrating advanced methodologies from cybersecurity, risk management, and threat intelligence. Leveraging a mixed-methods approach, including surveys and secondary data analysis, the research assesses current practices and identifies critical gaps in existing frameworks. The proposed multi-layered defense mechanism incorporates proactive and reactive measures, aligning real-time threat intelligence with sophisticated incident response strategies. Key components such as anomaly detection systems, employee training, and continuous security audits are highlighted as essential elements of the framework. Through extensive validation, including empirical tests and case studies, the framework demonstrates its efficacy in enhancing organizational resilience against complex cyber threats. The findings provide valuable insights into the practical application of integrated cybersecurity measures, offering a scalable and flexible solution tailored to the dynamic nature of digital security challenges. This study addresses the critical need for an adaptable and holistic approach to threat mitigation, contributing to the field of cybersecurity with actionable strategies for managing and mitigating digital threats

Muhammad Aslam,Dengpan Ye,Aqil Tariq,Muhammad Asad,Muhammad Hanif,David Ndzi,Samia Allaoua Chelloug,Mohamed Abd Elaziz,Mohammed A A Al-Qaness,Syeda Fizzah Jilani

DOI: https://doi.org/10.3390/s22072697

2022-03-31

Abstract:The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.

Diksha Goel

2023-09-22

Abstract:With the burgeoning advancements of computing and network communication technologies, network infrastructures and their application environments have become increasingly complex. Due to the increased complexity, networks are more prone to hardware faults and highly susceptible to cyber-attacks. Therefore, for rapidly growing network-centric applications, network resilience is essential to minimize the impact of attacks and to ensure that the network provides an acceptable level of services during attacks, faults or disruptions. In this regard, this thesis focuses on developing effective approaches for enhancing network resilience. Existing approaches for enhancing network resilience emphasize on determining bottleneck nodes and edges in the network and designing proactive responses to safeguard the network against attacks. However, existing solutions generally consider broader application domains and possess limited applicability when applied to specific application areas such as cyber defense and information diffusion, which are highly popular application domains among cyber attackers. This thesis aims to design effective, efficient and scalable techniques for discovering bottleneck nodes and edges in the network to enhance network resilience in cyber defense and information diffusion application domains. We first investigate a cyber defense graph optimization problem, i.e., hardening active directory systems by discovering bottleneck edges in the network. We then study the problem of identifying bottleneck structural hole spanner nodes, which are crucial for information diffusion in the network. We transform both problems into graph-combinatorial optimization problems and design machine learning based approaches for discovering bottleneck points vital for enhancing network resilience.

Cryptography and Security,Machine Learning

Hao Wu,Aiqin Hou,Weike Nie,Chase Wu

DOI: https://doi.org/10.1109/icnc57223.2023.10074226

2023-01-01

Abstract:As a new network paradigm, software-defined networking (SDN) technology has been increasingly adopted. Unfortunately, SDN-enabled networks are more prone to threats from DDoS attacks than traditional networks due to the nature of centralized management. We propose an integrated defense framework to detect and mitigate various types of DDoS attacks in SDN-enabled networks. The proposed framework deploys two technical modules in the control plane of SDN for defending against high-rate and low-rate DDoS attacks, respectively. The former module consists of three components, which watch out for suspicious traffic, detect attacks using ensemble learning, and intercept malicious packets, respectively. The latter module is designed specifically to defend against the Slow Ternary Content Addressable Memory (TCAM) exhaustion attack (Slow-TCAM) using a new Alleviative Threat for TCAM (ATFT) algorithm. The proposed framework is implemented and tested in simulated networks using Mininet and further evaluated on the CICDDoS2019 dataset. Experimental results illustrate the superior performance of the proposed framework in defending against different types of DDoS attacks in comparison with other state-of-the-art algorithms.

Naziya Aslam,Shashank Srivastava,M. M. Gore

DOI: https://doi.org/10.1002/ett.4534

IF: 3.6

2022-05-24

Transactions on Emerging Telecommunications Technologies

Abstract:The programmable behavior of Software‐Defined Networking (SDN) enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. Unfortunately, SDN suffers from the threat of DDoS attacks. We have developed an approach to detect and mitigate these threats in SDN by creating an ONOS Flood Defender application (OFD app). This app effectively detects DDoS attacks using machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system and efficiently mitigates the attacks, preventing a tremendous amount of damage to legitimate users. Software‐Defined Networking (SDN) has made its place in the networks as new technology. SDN's programmable behavior enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. However, SDN suffers from the threat of DDoS attack. We have developed an approach to mitigate these threats by creating an ONOS Flood Defender Application (OFD App). This app effectively detects DDoS attack using supervised and ensemble machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. Our results show that ensemble machine learning techniques perform better than single machine learning algorithm to detect DDoS attack. Random Forest classifier (RFC), an ensemble technique, performs best with the highest accuracy of 99.3% in detecting DDoS attack, followed by XGBoost classifier with an accuracy of 99%. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system. Our app efficiently mitigates the attacks, thereby preventing a tremendous amount of damage to legitimate users.

telecommunications

Min Luo,Yulong Zeng,Jianfei Li,Wu Chou

DOI: https://doi.org/10.1016/j.comnet.2015.02.004

IF: 5.493

2015-01-01

Computer Networks

Abstract:The Adaptive Dynamic Multi-Path Computation Framework (ADMPCF) is to provide an integrated resource control and management platform with an adequate set of management applications for better routing and resource allocation in centrally controlled or loosely coupled distributed software defined networking (SDN), especially for large network systems. As an open and extensible solution framework, it can provide the necessary infrastructure and integrates data collection and analytics, network performance evaluation, and various optimization algorithms. ADMPCF utilizes a set of complementary algorithms that work together in an adaptive and intelligent fashion that enable global routing and resource allocation optimization. It can also be easily extended to incorporate new algorithms through some open APIs. Such an approach would be able to efficiently and effectively adapt to the rapid changes in network topology, states, and most importantly application traffic, while it is often infeasible for a single optimization algorithm to get satisfactory solution for multiple nonlinear optimization objectives and constraints for a large and centrally controlled network. As it would be costly for centrally controlled global optimization algorithms to calculate good routes dynamically with adequate response time, the proposed ADMPCF framework takes advantage of many hidden patterns of the network information fragments in the combinations of network topology, states, and traffic flows. Therefore, it can lead to a much improved data structure for fast search and match that avoids the expensive re-optimization whenever possible.

Seunghan Lee,Saurabh Jain,Young-Jun Son

DOI: https://doi.org/10.1145/3490027

IF: 0.851

2022-01-31

ACM Transactions on Modeling and Computer Simulation

Abstract:One of the major challenges faced by the current society is developing disaster management strategies to minimize the effects of catastrophic events. Disaster planning and strategy development phases of this urgency require larger amounts of cooperation among communities or individuals in society. Social networks have also been playing a crucial role in the establishment of efficient disaster management planning. This article proposes a hierarchical decision-making framework that would assist in analyzing two imperative information flow processes (innovation diffusion and opinion formation) in social networks under the consideration of community detection. The proposed framework was proven to capture the heterogeneity of individuals using cognitive behavior models and evaluate its impact on diffusion speed and opinion convergence. Moreover, the framework demonstrated the evolution of communities based on their inter-and intracommunication. The simulation results with real social network data suggest that the model can aid in establishing an efficient disaster management policy using social sensing and delivery.

computer science, interdisciplinary applications,mathematics, applied

S. Muthukumar,A.K. Ashfauk Ahamed

DOI: https://doi.org/10.3233/jhs-230142

2024-03-15

Journal of High Speed Networks

Abstract:The “Distributed Denial of Service (DDoS)” threats have become a tool for the hackers, cyber swindlers, and cyber terrorists. Despite the high amount of conventional mitigation mechanisms that are present nowadays, the DDoS threats continue to enhance in severity, volume, and frequency. The DDoS attack has highly affected the availability of the networks for the previous years and still, there is no efficient defense technique against it. Moreover, the new and complex DDoS attacks are increasing on a daily basis but the traditional DDoS attack detection techniques cannot react to these threats. On the other hand, the hackers are employing very innovative strategies to initiate the threats. But, the traditional methods can become effective and reliable when combined with the deep learning-aided approaches. To solve these certain issues, a framework detection mechanism for DDoS attacks utilizes an attention-aided deep learning methodology. The primary thing is the acquisition of data from standard data online sources. Further, from the garnered data, the significant features are drawn out from the “Deep Weighted Restricted Boltzmann Machine (RBM)” using a “Deep Belief Network (DBN)”, in which the parameters are tuned by employing the recommended Enhanced Gannet Optimization Algorithm (EGOA). This feature extraction operation increases the network performance rate and also diminishes the dimensionality issues. Lastly, the acquired features are transferred to the model of “Attention and Cascaded Recurrent Neural Network (RNN) with Residual Long Short Term Memory (LSTM) (ACRNN-RLSTM)” blocks for the DDoS threat detection purpose. This designed network precisely identifies the complex and new attacks, thus it increases the trustworthiness of the network. In the end, the performance of the approach is contrasted with other traditional algorithms. Hence, the simulation outcomes are obtained that prove the system’s efficiency. Also, the outcomes displayed that the designed system overcame the conventional threat detection techniques.

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications

H M Imran Kays,Khondhaker Al Momin,K.K. "Muralee" Muraleetharan,Arif Mohaimin Sadri

2024-01-15

Abstract:Roadway reconfiguration is a crucial aspect of transportation planning, aiming to enhance traffic flow, reduce congestion, and improve overall road network performance with existing infrastructure and resources. This paper presents a novel roadway reconfiguration technique by integrating optimization based Brute Force search approach and decision support framework to rank various roadway configurations for better performance. The proposed framework incorporates a multi-criteria decision analysis (MCDA) approach, combining input from generated scenarios during the optimization process. By utilizing data from optimization, the model identifies total betweenness centrality (TBC), system travel time (STT), and total link traffic flow (TLTF) as the most influential decision variables. The developed framework leverages graph theory to model the transportation network topology and apply network science metrics as well as stochastic user equilibrium traffic assignment to assess the impact of each roadway configuration on the overall network performance. To rank the roadway configurations, the framework employs machine learning algorithms, such as ridge regression, to determine the optimal weights for each criterion (i.e., TBC, STT, TLTF). Moreover, the network-based analysis ensures that the selected configurations not only optimize individual roadway segments but also enhance system-level efficiency, which is particularly helpful as the increasing frequency and intensity of natural disasters and other disruptive events underscore the critical need for resilient transportation networks. By integrating multi-criteria decision analysis, machine learning, and network science metrics, the proposed framework would enable transportation planners to make informed and data-driven decisions, leading to more sustainable, efficient, and resilient roadway configurations.

Social and Information Networks,Machine Learning,Applications

Nteziriza Nkerabahizi Josbert,Wang Ping,Min Wei,Mohammed Saleh Ali Muthanna,Ahsan Rafiq

DOI: https://doi.org/10.1109/access.2021.3079896

IF: 3.9

2021-01-01

IEEE Access

Abstract:In order to meet strict Quality-of-Service (QoS) constraints imposed by some industrial applications, the configuration of industrial networks must address the requirements of traffic flows with different priorities such as minimum delay and packet loss. The performance is affected significantly if the end-to-end delay and packet loss surpasses a specific limit, and may become unbefitting for the destination. In this paper, we select Software-Defined Networking (SDN) technology to manage centralized devices and design an optimal path to guarantee the QoS requirements by taking into consideration two types of traffic flows: the first is low-delay while the second is both low-delay and low-loss. By using this optimal path, the Reactive Flow Installation (RFI) method increases the time delay in the forwarding of packets. So as to solve this issue, we propose a Mixed Flow Installation (MFI) method based on caching the flow rules which correspond to the optimal paths in the hash table deployed in the SDN controller memory in order to reduce the computation time of the forwarding path and the load at the SDN controller. Alternatively, the pre-configured flow rules in switches by the Proactive Flow Installation (PFI) method achieves the delay-sensitive. However, the PFI is not modified when the network status or the traffic type changes till the timeout value expires. This can affect the QoS requirements for industrial applications. To handle this challenge, we propose a PFI Re-routing (PFIR) method that redefined faster a new optimal path according to change without waiting the SDN controller for new flow rules. With the care of wireless and wired networks, we have built a simulation network via the OpenDayLight SDN controller and conducted an experimental testbed. The framework results are demonstrated by the performances through reduction of end-to-end delay, packet loss rate, and packet violation ratio.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shanqing Jiang,Lin Yang,Guang Cheng,Xianming Gao,Tao Feng,Yuyang Zhou

DOI: https://doi.org/10.1016/j.comcom.2022.07.042

IF: 5.047

2022-08-03

Computer Communications

Abstract:Measuring and evaluating network resilience has become an important aspect since the network is vulnerable to both uncertain disturbances and malicious attacks. Networked systems are often composed of many dynamic components and change over time, which makes it difficult for existing methods to access the changeable situation of network resilience. This paper establishes a novel quantitative framework for evaluating network's multi-stage resilience using the Dynamic Bayesian Network. First, we define the dynamic capacities of network components and establish the network's five core resilience capabilities to describe the resilient networking stages including preparation, resistance, adaptation, recovery, and evolution; the five core resilience capabilities consist of rapid response capability, sustained resistance capability, continuous running capability, rapid convergence capability, and dynamic evolution capability. Then, we employ a two-time slices approach based on the Dynamic Bayesian Network to quantify five crucial performances of network resilience based on proposed core capabilities. The proposed approach can ensure the time continuity of resilience evaluation in time-varying networks. Finally, our proposed evaluation framework is applied to different attack and recovery conditions in typical simulations and real-world network topology. Results and comparisons with existing studies indicate that the proposed method can achieve more accurate and comprehensive evaluation and can be applied to network scenarios under various intensities of attack and recovery.

computer science, information systems,telecommunications,engineering, electrical & electronic

Sisamouth Hongvanthong,Li Chunlin

DOI: https://doi.org/10.1002/dac.5020

2021-10-28

International Journal of Communication Systems

Abstract:Summary Software‐defined networking is an emerging paradigm for supporting flexible network management. In the traditional architecture for a software‐defined network (SDN), the controller commonly uses a general routing algorithm such as Open Shortest Path First (OSPF), which chooses the shortest path for communication. This may cause the largest amount of network traffic, especially in large‐scale environments. In this paper, we present the design for a novel SDN‐based four‐tier architecture for scalable secure routing and load balancing. In Tier 1, user authentication is conducted using elliptic curve cryptography (ECC) ; this avoids unnecessary loads from unauthorized users. In Tier 2, packet classification is performed based on the packet characteristics using the fuzzy analytical hierarchy process (fuzzy AHP) , and packets are placed into three individual queues. In Tier 3, scalable secure routing is achieved by selecting the optimal path using the improved particle swarm optimization and ant colony optimization algorithms. With these optimization algorithms, we can adaptively change the number of users, the number of switches, and other parameters. In Tier 4, the recommended secure cluster (multicontroller) management is accomplished using an algorithm that employs modified k‐means clustering and a recurrent neural network . Deep reinforcement learning (DRL) is also proposed for updating the controller information. Experimental results are analyzed using the OMNeT++ network simulator, and the evaluated performance displayed improvement over a variety of existing methods in terms of response time (50% to 60%), load (55%), execution time (3.2%), throughput (9.8%), packet loss rate (1.02%), end‐to‐end delay (50%), and bandwidth consumption (45%).

telecommunications,engineering, electrical & electronic

Huixiong Wang,Xing Pan,Zeqing Liu,Yuheng Dang,Dongpao Hong

DOI: https://doi.org/10.1109/tr.2024.3371215

IF: 5.883

2024-01-01

IEEE Transactions on Reliability

Abstract:In recent years, network-based resilience assessment has aroused attention because of its strong link to the stability and dependability of complex systems. Previous network-based studies have contributed to the definition and quantification of system resilience, but an integral and consistent framework is still lacking for the procedure of resilience analysis for general complex systems, and system responses and strains induced by multiple rounds of disruptions have not been well studied. In this manuscript, dynamic resilience is defined as a system's ability to resist loss of resilience and to adapt to successive resilience processes. We employ a four-factor measurement system, instead of a single-factor measurement, for the resilience analysis. A comprehensive framework for resilience assessment is proposed for dynamic resilience modeling in general complex systems to address various concerns in complex systems. A case study demonstrates the application of the proposed framework by simulating disruption intensity and recovery volume on a model communication system. We find that the assessment of dynamic resilience produces distinct results for different resilience aspects, while optimizations can help us identify solutions when all resilience factors are stabilized in the long-term dynamic resilience process. The dependability of the simulation results is verified using noise techniques in signal processing.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture