• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.4
• /
• pp.13-19
• /
• 2019

SDN is one of the most actively researched topics to solve traffic problems in communication. SDN implements multiple networks in a single physical network by virtualizing network resources through an advanced API. Network Function Virtualized (NFV) distributes network functions from hardware using software instant, virtualization technology to VNF. These features make network management easier and improve performance by virtualizing IP, routers, and so on. In this paper, we propose a method to control the traffic and provide the distributed controller effect of SDN through SDN distribution in the virtualized industrial network. It is expected that SDN distribution will be able to manage traffic more efficiently when using the proposed scheme.

• Journal of IKEEE
• /
• v.22 no.1
• /
• pp.136-142
• /
• 2018

Recently, as the development system has become larger, sequential simulation methods have become impossible to verify systems that take a long time or require real time results. Therefore, a study of a distributed simulation system that simulates several processes has been conducted. In order to simulate real-time systems, efficient data exchange between distributed systems is required. Data Distribution Service is a data-oriented communication middleware proposed by Object Management Group and provides efficient data exchange and various QoS. However, in a large-scale distributed simulation environment distributed over a wide area, there is a problem of Participant Discovery and QoS guarantee due to domain separation in data exchange. Therefore, in this paper, we propose a DDS/SDN architecture that can guaranteed QoS and effective Participant Discovery in an SDN-based network.

• Journal of information and communication convergence engineering
• /
• v.17 no.2
• /
• pp.97-104
• /
• 2019

Distributed mobility management (DMM) does not use a centralized device. Its mobility functions are distributed among routers; therefore, the mobility services are not limited to the performance and reliability of specific mobility management equipment. The DMM scheme has been studied as a partially distributed architecture, which distributes only a packet delivery domain in combination with the software defined network (SDN) technology that separates the packet delivery and control areas. Particularly, a separated control area is advantageous in introducing a new service, thereby optimizing the network by recognizing the entire network situation and taking an optimal decision. The SDN-based mobility management scheme is studied as a method to optimize the packet delivery path whenever a mobile node moves; however, it results in excessive signaling processing cost. To reduce the high signaling cost, we propose a hybrid distributed mobility management method and analyze its performance mathematically.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.8
• /
• pp.19-24
• /
• 2018

The IP Multimedia Subsystem(IMS) is an architectural framework for delivering IP multimedia services to mobile users. In order to guarantee the reliability and Quality of Service(QoS) of a variety of multimedia services, we need a new evolutionary approach that maintains the IMS based signaling platform which can perform the processing of flow through distributed controllers. Software Defined Network(SDN) is an architecture purporting to be distributed, dynamic, cost-effectives as well as adapting and seeking to be suitable for the high-bandwidth, dynamic nature of today's applications. It requires some methods for the control plane to communication with the data plane. One of such mechanisms is OpenFlow which is a prominent standard protocol and interface that is responsible for managing the network resources by using the remote SDN controller. In this paper, we propose a straightforward approach for integrating SDN technology together with the IMS architecture. Therefore we propose and construct a combined architecture model that performs flow processing using OpenFlow via the IMS based signaling platform, which maintains the existing telecom call service. Additionally, we describe some relevant experimentation results from the proposed architecture.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.374-386
• /
• 2022

Nowadays, research in deep learning leveraged automated computing and networking paradigm evidenced rapid contributions in terms of Software Defined Networking (SDN) and its diverse security applications while handling cybercrimes. SDN plays a vital role in sniffing information related to network usage in large-scale data centers that simultaneously support an improved algorithm design for automated detection of network intrusions. Despite its security protocols, SDN is considered contradictory towards DDoS attacks (Distributed Denial of Service). Several research studies developed machine learning-based network intrusion detection systems addressing detection and mitigation of DDoS attacks in SDN-based networks due to dynamic changes in various features and behavioral patterns. Addressing this problem, this research study focuses on effectively designing a multistage hybrid and intelligent deep learning classifier based on modified deep forest classification to detect DDoS attacks in SDN networks. Experimental results depict that the performance accuracy of the proposed classifier is improved when evaluated with standard parameters.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.1
• /
• pp.81-87
• /
• 2020

Recently, the network configuration is being rapidly changed to enable easy and free network service configuration based on SDN/NFV. Despite the many advantages and applications of SDN, many security issues such as Distributed Denial of Service (DDoS) attacks are being constantly raised as research issues. In particular, the effectiveness of DDoS attacks is much faster, SDN is causing more and more fatal damage. In this paper, we propose an entropy-based technique to detect and mitigate DDoS attacks in SDN, and prove it through experiments. The proposed scheme is designed to mitigate these attacks by detecting DDoS attacks on single and multiple victim systems and using time - specific techniques. We confirmed the effectiveness of the proposed scheme to reduce packet loss rate by 20(19.86)% while generating 3.21% network congestion.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1913-1920
• /
• 2017

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.6
• /
• pp.1070-1080
• /
• 2015

In this paper, we introduce an SDN-based intrusion prevention system for more secure Science DMZ with no performance limits. The proposed system is structured with intrusion-prevention, intrusion-detection, and prevention-decision subsystems which are physically distributed but informationally connected by an SDN interface. The functional distribution and the application of SDN technology increase the flexibility and extensibility of the proposed system and prevent performance degradation possibly caused by network security equipments on Science DMZ. We verified the feasibility and performance of the proposed system over a testbed set up at KREONET.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.426-429
• /
• 2015

최근 급격히 증가한 모바일 기기로 인하여 발생되는 데이터/제어 트래픽은 LTE/EPC 네트워크에서 중앙에 과다한 트래픽 수용문제가 중요 이슈로 부각되고 있다. 기존의 Centralized Mobility Management(CMM) 기반의 LTE/EPC 네트워크에서 Mobility Anchor 역할을 수행하는 Packet Data Network Gateway (P-GW)에서는 데이터 트래픽 과부하가 발생한다. 또한 Distributed Mobility Management (DMM) 기반의 LTE/EPC 네트워크에서 분산된 Mobility Anchor 역할을 수행하는 PDN Edge Gateway (P-EGW)에서는 제어 트래픽의 과부하가 발생한다. 본 논문에서는 이러한 문제를 해결하기 위하여 CMM 기반과 DMM 기반을 결합한 새로운 Software Defined Network (SDN) 기반의 LTE/EPC 네트워크 이동성 관리 기법을 제안한다. 이를 위하여, P-EGW를 네트워크 내에 분산 배치하고 중앙에 P-GW를 배치한다. SDN 컨트롤러는 EPC의 역할도 수행하며 UE의 이동성에 따라 적절한 CMM 기법과 DMM 기법을 이용하도록 하는 기법을 제안한다. 또한, 제안하는 새로운 LTE/EPC 네트워크 구조와 기존의 CMM기반의 LTE/EPC 네트워크 구조, DMM 기반의 LTE/EPC 네트워크 구조를 핸드오버 지연시간과 데이터 전송시간 측면에서 성능 비교 분석을 한다.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.15 no.4
• /
• pp.80-88
• /
• 2019

Software Defined Networking (SDN) is the future network paradigm of decoupling control and data functions. In SDN structure, it is hard to address scalability in case of large-scale networks because single controller managed thousands of switches in a centralized fashion. Most of previous studies have focused on horizontal scalability, where distributed controllers are assigned to network devices. However, they have abstracted the control plane and the application plane into a single controller. The layer of the common SDN architecture is divided into data plane, control plane, and application plane, but the control plane and application plane have been modeled as a single controller although they are logically separated. In this paper, we propose a analytical traffic model considering the both application plane and control plane based on queuing theory. This model can be used to address scalability issues such as controller placement problem without complicated simulations.