• Proceedings of the Korean Society of Computer Information Conference
• /
• 2018.01a
• /
• pp.93-94
• /
• 2018

Software Defined Networking(SDN)은 데이터 부와 컨트롤 부를 나눠 관리하는 혁신적인 방식이다. SDN 환경에서가 아닌 기존의 IP 네트워크에서의 트래픽 분류는 많은 연구가 진행되어 왔다. 트래픽 분류 방법에는 Port 번호를 이용한 트래픽 분류 방법, Payload를 이용한 트래픽 분류 방법, Machine Learning을 이용한 트래픽 분류 방법 등이 있다. 본 논문에서는 Port 번호, Payload, Machine Learning을 이용한 트래픽 분류 방법들을 소개 및 장단점을 설명하고 SDN 환경에서 Machine Learning을 이용한 좀 더 정확한 트래픽 분류 방법을 제안한다.

• The KIPS Transactions:PartC
• /
• v.13C no.2 s.105
• /
• pp.177-184
• /
• 2006

A handover is a technology that enables data transmission and receipt seamlessly while a mobile station moves from the current base station to another base station. The handover is basically classified into two types; a horizontal handover which changes a radio link only without changing a network link, and a vertical handover which changes both in heterogeneous networks. In this paper, we propose a vertical handover protocol in a dual base station which supports both of W-CDMA and WiBro networks based on SDR (Software Defined Radio), verify the rightness using a state transition diagram and a Petri-net, and evaluate the performance of the proposed protocol using NS-2 simulator.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.8
• /
• pp.3946-3965
• /
• 2018

Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2243-2257
• /
• 2019

A heterogeneous cellular network (HCN) is useful to increase the spectral and energy efficiency of wireless networks and to reduce the traffic load from the macro cell. The performance of the secondary user equipment (SUE) is affected by interference from the eNodeB (eNB) in a macro cell. To decrease the interference between the macro cell and the small cell, allocating resources properly is essential to an HCN. This study considers the scenario of a software-defined heterogeneous cellular network and performs the resource allocation process. First, we show the system model of HCN and formulate the optimization problem. The optimization problem is a complex process including power and frequency resource allocation, which imposes an extremely high complexity to the HCN. Therefore, a hierarchical resource allocation scheme is proposed, which including subchannel selection and a particle swarm optimization (PSO)-based power allocation algorithm. Simulation results show that the proposed hierarchical scheme is effective in improving the system capacity and energy efficiency.

• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1223-1232
• /
• 2016

A virtual network technology can provide a network reflecting the requirements of various services. The virtual network can distribute resources of the physical network to each virtual slice. An efficient resource distribution technique is needed to reflect the requirements of various services. Existing bandwidth distribution techniques can only control downlink traffic without taking traffic conditions on the network into account. Downlink and uplink share the same resources in a wireless network. The existing bandwidth distribution techniques assumed that all stations generate saturated traffic. Therefore, the existing bandwidth distribution technique cannot make traffic isolation in a virtual wireless network. In this paper, we proposed a traffic-based bandwidth control techniques to solve these problems. We applied Software-Defined Networking(SDN) to the virtual wireless network, monitored the traffic at each station, and searched for stations that generated unsaturated traffic. We also controlled both uplink and downlink traffics dynamically based on monitoring information. Our system can be implemented with legasy 802.11 clients and SDN-enabled APs. After the actual test bed configuration, it was compared to existing techniques. As a result, the distribution performance of the proposed technique was improved by 14% in maximum.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.397-405
• /
• 2014

Software-Defined Networking (SDN), which separates the control plane from the data plane and manages data planes in a centralized way, is now considered as a future networking technology, and many researchers and practitioners have dived into this area to devise new network applications, such new routing methods. Likewise, network security applications could be redesigned with SDN, and some pioneers have proposed several interesting network security applications with SDN. However, most approaches have just reimplemented some well-known network security applications, although SDN provides many interesting features, They didn't effectively use them. To investigate if we can use SDN in realizing sophisticated network security applications, we have designed and implemented an advanced network security application, Reflectornet, which redirects malicious or suspicious network trials to other security monitoring points (e.g., honeypot). In addition, we have tested its performance and practicability in diverse angles. Our findings and some insights will encourage other researchers to design better or intelligent network security applications with SDN.

• Journal of Internet Computing and Services
• /
• v.23 no.2
• /
• pp.1-7
• /
• 2022

Machine learning (ML) algorithms have been intended to seamlessly collaborate for enabling intelligent networking in terms of massive service differentiation, prediction, and provides high-accuracy recommendation systems. Mobile edge computing (MEC) servers are located close to the edge networks to overcome the responsibility for massive requests from user devices and perform local service offloading. Moreover, there are required lightweight methods for handling real-time Internet of Things (IoT) communication perspectives, especially for ultra-reliable low-latency communication (URLLC) and optimal resource utilization. To overcome the abovementioned issues, this paper proposed an intelligent scheme for traffic steering based on the integration of MEC and lightweight ML, namely support vector machine (SVM) for effectively routing for lightweight and resource constraint networks. The scheme provides dynamic resource handling for the real-time IoT user systems based on the awareness of obvious network statues. The system evaluations were conducted by utillizing computer software simulations, and the proposed approach is remarkably outperformed the conventional schemes in terms of significant QoS metrics, including communication latency, reliability, and communication throughput.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.7
• /
• pp.1817-1839
• /
• 2024

To solve the problem of insufficient recognition of key nodes in the existing software defect detection process, this paper proposes a key node recognition algorithm based on node expansion degree and improved K-shell position, shortened as SDD_KNR. Firstly, the calculation formula of node expansion degree is designed to improve the degree that can measure the local defect propagation capability of nodes in the software network. Secondly, the concept of improved K-shell position of node is proposed to obtain the improved K-shell position of each node. Finally, the measurement of node defect propagation capability is defined, and the key node recognition algorithm is designed to identify the key function nodes with large defect impact range in the process of software defect detection. Using real software systems such as Nano, Cflow and Tar to design three sets of experiments. The corresponding directed weighted software function invoke networks are built to simulate intentional attack and defect source infection. The proposed SDD_KNR algorithm is compared with the BC algorithm, K-shell algorithm, KNMWSG algorithm and NMNC algorithm. The changing trend of network efficiency and the strength of node propagation force are analyzed to verify the effectiveness of the proposed SDD_KNR algorithm.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.5
• /
• pp.479-485
• /
• 2013

In this paper, we propose a smart farming system using the visible light communication based on the software defined radio (SDR) technology and the conventional RF radio. The proposed system can continuously monitor growth environments of the LED plant factory and automatically control the LED plant factory to keep optimal growth environments. Furthermore, by creating a database from various growth factors, the LED plant factory can be efficiently managed.

• The Journal of the Korea Contents Association
• /
• v.19 no.12
• /
• pp.407-415
• /
• 2019

As the IT environment changes with cloud computing and smart work, the existing perimeter security model is showing its limitations and Software Defined Perimeter is being discussed as an alternative. However, SDP Spec 1.0 does not specify the device registration procedure, policy distribution process and authentication key generation and sharing process.In this paper, we propose a method to solve the problem of SDP access control by improving the operation procedure of Single Packet Authentication. This paper suggests that the proposed method can implement a consistent and automated integrated access control policy compared to the existing access control methods.