Software-Defined Networking: An Evolving Network Architecture—Programmability and Security Perspective

Security and Communication Networks ◽

10.1155/2021/9971705 ◽

2021 ◽

Vol 2021 ◽

pp. 1-7

Author(s):

Nitheesh Murugan Kaliyamurthy ◽

Swapnesh Taterh ◽

Suresh Shanmugasundaram ◽

Ankit Saxena ◽

Omar Cheikhrouhou ◽

...

Keyword(s):

Network Architecture ◽

Software Defined Networking ◽

Mitigation Strategies ◽

Review Of The Literature ◽

Limited Perspective ◽

Weak Points ◽

Decoupled Architecture ◽

Cost Efficient ◽

Feasible Solutions ◽

Security Behaviors

Software-defined networking is an evolving network architecture beheading the traditional network architecture focusing its disadvantages in a limited perspective. A couple of decades before, programming and networking were viewed as different domains which today with the lights of SDN bridging themselves together. This is to overcome the existing challenges faced by the networking domain and an attempt to propose cost-efficient effective and feasible solutions. Changes to the existing network architecture are inevitable considering the volume of connected devices and the data being held together. SDN introduces a decoupled architecture and brings customization within the network making it easy to configure, manage, and troubleshoot. This paper focuses on the evolving network architecture, the software-defined networking. Unlike a generic view on the evolving network, which makes work as a review, this work addresses various perspectives of the architecture leaving it an intermediate work in between the review of the literature and implementation, contributing towards factors like the design, programmability, security, security behaviors, and security lapses. This paper also analyses various weak points of the architecture and evolves the attack vectors in each plane leaving a conclusion to further progress towards identifying the impacts of the attacks and proposing mitigation strategies.

Download Full-text

Vulnerability of SDN Network Architecture and Proposed Countermeasures on Enhancing Security

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d5266.118419 ◽

2019 ◽

Vol 8 (4) ◽

pp. 7197-7201

Keyword(s):

Network Architecture ◽

High Speed ◽

Research Work ◽

Software Defined Networking ◽

Data Traffic ◽

High Data ◽

Weak Points ◽

Pros And Cons ◽

And Control ◽

Networking Architecture

The current problems raising as a horizon in the computational and networking sector is based on the unimaginable increase of high numbers of users which in turn results in high data traffic, limitations over products which are vendor specific, incurring high expenses in maintaining the existing network. This dilutes a major part of the beneficiaries in the sector to move towards Cloud Networks. All these happenings in the past has quietly increased the risks and challenges in the aspect of security considering both data and the infrastructure accommodating the data. In an attempt to address almost a major portion of the existing above said problems, Software Defined Networking was highly anticipated, however, it was considered as a theoretical approach. After the implementation of SDN networks by industrial giants like Google, the SDN concepts again managed to reach the safer hands of the researchers in the movement of enhancement. A very rapid and high speed research work has been initiated by researchers all around the globe in analysing the risk factors and implementation barricades stated in the Software Defined Networking architecture. The research work focus on adding values to the Quality of Service, Latency, Load Balancing and most importantly the security aspects in various metrics of the Software Defined Networking Architecture. The odd man out architecture of Software Defined Networking by decoupling data and control plane allows the network to be configured and maintained in a real time scenario pertaining to pose a complete view of the network and its flow. The fact that is considered as an advantage itself is a factor of question in the case of security in the overall SDN architecture. This paper focuses on a detailed view of SDN architecture with the existing security feature and continues with the expected threats and classifying the weak points in the SDN. This paper also briefs about the pros and cons of the existing applications in the SDN architecture.

Download Full-text

An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-200850 ◽

2020 ◽

pp. 1-20

Author(s):

K. Muthamil Sudar ◽

P. Deepalakshmi

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Network Architecture ◽

Detection System ◽

Software Defined Networking ◽

Control Plane ◽

Control Logic ◽

Data Plane

Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.

Download Full-text

Mitigating Future Respiratory Virus Pandemics: New Threats and Approaches to Consider

Viruses ◽

10.3390/v13040637 ◽

2021 ◽

Vol 13 (4) ◽

pp. 637

Author(s):

Gregory C. Gray ◽

Emily R. Robie ◽

Caleb J. Studstill ◽

Charles L. Nunn

Keyword(s):

Pathogen Detection ◽

Respiratory Virus ◽

Emerging Infectious Diseases ◽

Health Resources ◽

Mitigation Strategies ◽

High Yield ◽

Animal Virus ◽

Virus Surveillance ◽

Human Animal ◽

Cost Efficient

Despite many recent efforts to predict and control emerging infectious disease threats to humans, we failed to anticipate the zoonotic viruses which led to pandemics in 2009 and 2020. The morbidity, mortality, and economic costs of these pandemics have been staggering. We desperately need a more targeted, cost-efficient, and sustainable strategy to detect and mitigate future zoonotic respiratory virus threats. Evidence suggests that the transition from an animal virus to a human pathogen is incremental and requires a considerable number of spillover events and considerable time before a pandemic variant emerges. This evolutionary view argues for the refocusing of public health resources on novel respiratory virus surveillance at human–animal interfaces in geographical hotspots for emerging infectious diseases. Where human–animal interface surveillance is not possible, a secondary high-yield, cost-efficient strategy is to conduct novel respiratory virus surveillance among pneumonia patients in these same hotspots. When novel pathogens are discovered, they must be quickly assessed for their human risk and, if indicated, mitigation strategies initiated. In this review, we discuss the most common respiratory virus threats, current efforts at early emerging pathogen detection, and propose and defend new molecular pathogen discovery strategies with the goal of preempting future pandemics.

Download Full-text

Implementation of Network Traffic Monitoring using Software Defined Networking Ryu Controller

WSEAS TRANSACTIONS ON SYSTEMS AND CONTROL ◽

10.37394/23203.2021.16.23 ◽

2021 ◽

Vol 16 ◽

pp. 270-277

Author(s):

Omran M. A. Alssaheli ◽

Z. Zainal Abidin ◽

N. A. Zakaria ◽

Z. Abal Abas

Keyword(s):

Network Traffic ◽

Network Architecture ◽

Network Performance ◽

Software Defined Networking ◽

Traffic Monitoring ◽

Cloud Services ◽

Future Research ◽

Mesh Topology ◽

Network Controller ◽

Network Traffic Monitoring

Network traffic monitoring is vital for enhancing the overall network performance and for optimizing the traffic flows. However, an emerging growth of use in cloud services, internet-of-things, block-chain and data analytics, demand the hardware-based-network-controller to provide more features for expanding network architecture. Therefore, Software Defined Networking (SDN) offers a new solution in terms of scalability, usability and programmable software-based-network-controller for the legacy network infrastructure. In fact, SDN provides a dynamic platform for the network traffic monitoring using international standard. In this study, SDN setup and installation method uses a Mininet emulator containing a controller Ryu with switching hub component, OpenFlow switches, and nodes. The number of nodes is adding until reaches to 16 nodes and evaluated through different network scenarios (single, linear and tree topology). Findings show that the single topology gives a winning criterion compared to other topologies. SDN implementation is measured with performance parameters such as Throughput, Jitter, Bandwidth and Round-Trip Time between scenarios using the Ryu controller. Future research explores on the performance of SDN in larger network and investigates the efficiency and effectiveness of SDN implementation in mesh topology.

Download Full-text

Reducing the Seismic Vulnerability of Existing Buildings: Assessment and Retrofit

Buildings ◽

10.3390/buildings9060148 ◽

2019 ◽

Vol 9 (6) ◽

pp. 148

Author(s):

Tiago Miguel Ferreira ◽

Nuno Mendes ◽

Rui Silva

Keyword(s):

Seismic Vulnerability ◽

Risk Mitigation ◽

Mitigation Strategies ◽

Seismic Events ◽

Existing Buildings ◽

Seismic Risk Mitigation ◽

Risk Mitigation Strategies ◽

Scientific Technical ◽

Cost Efficient ◽

Political Communities

Devastating seismic events occurring all over the world keep raising the awareness of the scientific, technical and political communities to the need of identifying assets at risk and developing more effective and cost-efficient seismic risk mitigation strategies [...]

Download Full-text

The State of the Art of Software Defined Networking (SDN)

International Journal of Information Communication Technologies and Human Development ◽

10.4018/ijicthd.2018100104 ◽

2018 ◽

Vol 10 (4) ◽

pp. 44-60 ◽

Cited By ~ 2

Author(s):

Emilia Rosa Jimson ◽

Kashif Nisar ◽

Mohd Hanafi Ahmad Hijazi

Keyword(s):

Real Time ◽

Network Architecture ◽

Software Defined Networking ◽

Centralized Control ◽

Network Resources ◽

Limited Bandwidth ◽

Network Bandwidth ◽

Real Time Traffic ◽

Complex Design ◽

Proposed Model

The complex design of the current network architecture, which has inevitably resulted in poor network resources management, has triggered researchers to propose a Software Defined Networking (SDN)-based network model to simplify the management of the limited bandwidth of a network. The key idea of the SDN-based model is to simplify network management by introducing a centralized control through which the dynamic update of forwarding rules, the simplification of network devices tasks, and flow abstractions can be realized. This proposed model utilizes the limited network bandwidth systematically by giving real-time traffic higher priority than non-real-time traffic to access limited resources. The experimental results showed that the proposed model helped ensure real-time traffic would be given greater priority to access the limited bandwidth, where the major portion of the limited bandwidth was allocated to the real-time traffic.

Download Full-text

Rapid real-time tracking of non-pharmaceutical interventions and their association with SARS-CoV-2 positivity: The COVID-19 Pandemic Pulse Study

10.1101/2020.07.29.20164665 ◽

2020 ◽

Cited By ~ 2

Author(s):

Steven J. Clipman ◽

Amy P. Wesolowski ◽

Dustin G. Gibson ◽

Smisha Agarwal ◽

Anastasia S. Lambrou ◽

...

Keyword(s):

Public Transport ◽

Multivariable Analysis ◽

Mitigation Strategies ◽

Transmission Risk ◽

Older Individuals ◽

Related Services ◽

Social Distancing ◽

History Of ◽

Cost Efficient ◽

Pharmaceutical Interventions

Background: Current mitigation strategies for severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) rely on population-wide adoption of non-pharmaceutical interventions (NPIs). Collecting demographically and geographically resolved data on NPIs and their association with SARS-CoV-2 infection history can provide critical information related to reopening geographies. Methods: We sampled 1,030 individuals in Maryland from June 17 - June 28, 2020 to capture socio-demographically and geographically resolved information about NPI adoption, access to SARS-CoV-2 testing, and examine associations with self-reported SARS-CoV-2 positivity. Results: Median age of the sample was 43 years and 45% were men; Whites and Blacks/African Americans represented 60% and 23%, respectively. Overall, 96% of the sample reported traveling outside their home for non-employment related services: most commonly cited reasons were essential services (92%) and visiting friends/family (66%). Use of public transport was reported by 18% of respondents. 68% reported always social distancing indoors and 53% always wearing masks indoors; indoor social distancing was significantly less common among younger vs. older individuals, and race/ethnicity and income were significantly associated with mask use (p<0.05 for all). 55 participants (5.3%) self-reported ever testing positive for SARS-CoV-2 with strong dose-response relationships between movement frequency and SARS-CoV-2 positivity that were significantly attenuated by social distancing. In multivariable analysis, history of SARS-CoV-2 infection was negatively associated with the practice of social distancing (adjusted Odd Ratio [aOR]: 0.10; 95% Confidence Interval: 0.03 - 0.33); the only travel associated with higher likelihood of SARS-CoV-2 infection was use of public transport (aOR for 7 or more times vs. never: 4.29) and visiting a place of worship (aOR for 3 or more times vs. never: 16.0) after adjusting for social distancing. Conclusions: Using a rapid cost-efficient approach, we highlight the role of movement and social distancing on SARS-CoV-2 transmission risk. Continued monitoring of NPI uptake, access to testing, and the subsequent impact on SARS-CoV-2 transmission will be critical for pandemic control and decisions about reopening geographies.

Download Full-text

Detection of malicious consumer interest packet with dynamic threshold values

PeerJ Computer Science ◽

10.7717/peerj-cs.435 ◽

2021 ◽

Vol 7 ◽

pp. e435

Author(s):

Adnan Mahmood Qureshi ◽

Nadeem Anjum ◽

Rao Naveed Bin Rais ◽

Masood Ur-Rehman ◽

Amir Qayyum

Keyword(s):

Network Architecture ◽

Threshold Value ◽

Mitigation Strategies ◽

Specific Work ◽

The Past ◽

Generation Network ◽

Attack Surface ◽

The Cost ◽

Attack Mitigation ◽

Cache Miss

As a promising next-generation network architecture, named data networking (NDN) supports name-based routing and in-network caching to retrieve content in an efficient, fast, and reliable manner. Most of the studies on NDN have proposed innovative and efficient caching mechanisms and retrieval of content via efficient routing. However, very few studies have targeted addressing the vulnerabilities in NDN architecture, which a malicious node can exploit to perform a content poisoning attack (CPA). This potentially results in polluting the in-network caches, the routing of content, and consequently isolates the legitimate content in the network. In the past, several efforts have been made to propose the mitigation strategies for the content poisoning attack, but to the best of our knowledge, no specific work has been done to address an emerging attack-surface in NDN, which we call an interest flooding attack. Handling this attack-surface can potentially make content poisoning attack mitigation schemes more effective, secure, and robust. Hence, in this article, we propose the addition of a security mechanism in the CPA mitigation scheme that is, Name-Key Based Forwarding and Multipath Forwarding Based Inband Probe, in which we block the malicious face of compromised consumers by monitoring the Cache-Miss Ratio values and the Queue Capacity at the Edge Routers. The malicious face is blocked when the cache-miss ratio hits the threshold value, which is adjusted dynamically through monitoring the cache-miss ratio and queue capacity values. The experimental results show that we are successful in mitigating the vulnerability of the CPA mitigation scheme by detecting and blocking the flooding interface, at the cost of very little verification overhead at the NDN Routers.

Download Full-text

Cost-Efficient and Scalable Multicast Tree in Software Defined Networking

Algorithms and Architectures for Parallel Processing - Lecture Notes in Computer Science ◽

10.1007/978-3-319-27122-4_41 ◽

2015 ◽

pp. 592-605 ◽

Cited By ~ 2

Author(s):

Shanshan Zhou ◽

Hua Wang ◽

Shanwen Yi ◽

Fangjin Zhu

Keyword(s):

Software Defined Networking ◽

Multicast Tree ◽

Cost Efficient

Download Full-text

Two Optimization Algorithms for Name-Resolution Server Placement in Information-Centric Networking

Applied Sciences ◽

10.3390/app10103588 ◽

2020 ◽

Vol 10 (10) ◽

pp. 3588 ◽

Cited By ~ 1

Author(s):

Jiaqi Li ◽

Yiqiang Sheng ◽

Haojiang Deng

Keyword(s):

Network Architecture ◽

Information Transfer ◽

Overlay Networks ◽

Efficient Solutions ◽

Placement Problem ◽

Information Centric Networking ◽

Fifth Generation ◽

Server Placement ◽

Cost Efficient ◽

The Internet Of Things

Information-centric networking (ICN) is an emerging network architecture that has the potential to address demands related to transmission latency and reliability in fifth-generation (5G) communication technology and the Internet of Things (IoT). As an essential component of ICN, name resolution provides the capability to translate identifiers into locators. Applications have different demands on name-resolution latency. To meet the demands, deploying name-resolution servers at the edge of the network by dividing it into multilayer overlay networks is effective. Moreover, optimization of the deployment of distributed name-resolution servers in such networks to minimize deployment costs is significant. In this paper, we first study the placement problem of the name-resolution server in ICN. Then, two algorithms called IIT-DOWN and IIT-UP are developed based on the heuristic ideas of inter-layer information transfer (IIT) and server reuse. They transfer server placement information and latency information between adjacent layers from different directions. Finally, experiments are conducted on both simulation networks and a real-world dataset. The experimental results reveal that the proposed algorithms outperform state-of-the-art algorithms such as the latency-aware hierarchical elastic area partitioning (LHP) algorithm in finding more cost-efficient solutions with a shorter execution time.

Download Full-text