• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.735-746
• /
• 2024

The rapid advancement of computer technology has necessitated a safer user environment, prompting the adoption of the zero trust model, which verifies all internal and external network activities. This paper proposes an efficient network traffic data-based dynamic access control method leveraging Software-Defined Perimeter (SDP) capabilities to implement zero trust and address latency issues. According to the performance evaluation results, the detection performance of the proposed scheme is similar to that of conventional schemes, but the dataset size was reduced by 62.47%. Additionally, by proposing an adaptive zero trust verification approach, the dataset size and verification time were reduced by 83.9% and 9.1%, respectively, while maintaining similar detection performance to conventional methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5200-5222
• /
• 2017

The separation of control plane and data plane in Software Defined Network (SDN) makes it flexible to control the network behavior, while also causes some inconveniences to the link failure recovery due to the delay between fail point and the controller. To avoid delay and packet loss, pre-defined backup paths are used to reroute the disrupted flows when failure occurs. However, it may introduce large overhead to build and maintain these backup paths and is hard to dynamically construct backup paths according to the network status so as to avoid congestion during rerouting process. In order to realize congestion aware fast link failure recovery, this paper proposes a novel method which installs multi backup paths for every link via source routing and per-hop-tags and spread flows into different paths at fail point to avoid congestion. We carry out experiments and simulations to evaluate the performance of the method and the results demonstrate that our method can achieve congestion aware fast link failure recovery in SDN with a very low overhead.

• Journal of information and communication convergence engineering
• /
• v.17 no.2
• /
• pp.97-104
• /
• 2019

Distributed mobility management (DMM) does not use a centralized device. Its mobility functions are distributed among routers; therefore, the mobility services are not limited to the performance and reliability of specific mobility management equipment. The DMM scheme has been studied as a partially distributed architecture, which distributes only a packet delivery domain in combination with the software defined network (SDN) technology that separates the packet delivery and control areas. Particularly, a separated control area is advantageous in introducing a new service, thereby optimizing the network by recognizing the entire network situation and taking an optimal decision. The SDN-based mobility management scheme is studied as a method to optimize the packet delivery path whenever a mobile node moves; however, it results in excessive signaling processing cost. To reduce the high signaling cost, we propose a hybrid distributed mobility management method and analyze its performance mathematically.

• Journal of Information Processing Systems
• /
• v.13 no.2
• /
• pp.236-255
• /
• 2017

The rapid growth of smart devices demands an enhanced throughput for network connection sustainability during mobility. However, traditional wireless network architecture suffers from mobility management issues. In order to resolve the traditional mobility management issues, we propose a novel architecture for future wireless access network based on software-defined network (SDN) by using the advantage of network function virtualization (NFV). In this paper, network selection approach (NSA) has been introduced for mobility management that comprises of acquiring the information of the underlying networking devices through the OpenFlow controller, percepts the current network behavior and later the selection of an appropriate action or network. Furthermore, mobility-related scenarios and use cases to analyze the implementation aspects of the proposed architecture are provided. The simulation results confirm that the proposed scenarios have obtained a seamless mobility with enhanced throughput at minimum packet loss as compared to the existing IEEE 802.11 wireless network.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.18 no.6
• /
• pp.1081-1086
• /
• 2023

The rapid growth and increasing complexity of modern networks have highlighted the limitations of traditional network architectures. The emergence of SDN (Software-Defined Network) in response to these challenges has changed the existing network environment. The SDN separates the control unit and the data unit, and adjusts the network operation using a centralized controller. However, this structure has also recently caused a huge amount of traffic due to the rapid spread of numerous Internet of Things (IoT) devices, which has not only slowed the transmission speed of the network but also made it difficult to ensure quality of service (QoS). Therefore, this paper proposes a method of load distribution by switching the IP and any server (processor) from the existing data processing scheduling technique, RR (Round-Robin), to mapping when a large amount of data flows in from a specific IP, that is, server overload and data loss.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.8
• /
• pp.3701-3727
• /
• 2016

Recently Service Function Chaining (SFC) is promising to innovate the network service mode in modern networks. However, a feasible implementation of SFC is still difficult due to the need to achieve functional equivalence with traditional modes without sacrificing performance or increasing network complexity. In this paper, we present a configurable network service chaining (CNSC) mechanism to provide services for network traffics in a flexible and optimal way. Firstly, we formulate the problem of network service chaining and design an effective service chain construction framework based on integrating software-defined networking (SDN) with network functions virtualization (NFV). Then, we model the service path computation problem as an integer liner optimization problem and propose an algorithm named SPCM to cooperatively combine service function instances with a network utility maximum policy. In the procedure of SPCM, we achieve the service node mapping by defining a service capacity matrix for substrate nodes, and work out the optimal link mapping policies with segment routing. Finally, the simulation results indicate that the average request acceptance ratio and resources utilization ratio can reach above 85% and 75% by our SPCM algorithm, respectively. Upon the prototype system, it is demonstrated that CNSC outperforms other approaches and can provide flexible and scalable network services.

• Proceedings of the IEEK Conference
• /
• 2004.06a
• /
• pp.257-260
• /
• 2004

This paper describes the software download framework for SDR(Software Defined Radio). SDR is expected to solve the compatibility problem among various mobile communication standards so that people can use the same device for different wireless network. We integrated the SDR software download process into Jini architecture, and modified Jini's several functions. We implemented this proposed framework on a Linux and windows operating systems with Java programming language. With Java platform, we can easily transfer this framework into hand-held devices.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12
• /
• pp.9-20
• /
• 2021

Abstraction applied in computer networking hides network details behind a well-defined representation by building a model that captures an essential aspect of the network system. Two current methods of representation are available, one based on graph theory, where a network node is reduced to a point in a graph, and the other the use of non-methodological iconic depictions such as human heads, walls, towers or computer racks. In this paper, we adopt an abstract representation methodology, the thinging machine (TM), proposed in software engineering to model computer networks. TM defines a single coherent network architecture and topology that is constituted from only five generic actions with two types of arrows. Without loss of generality, this paper applies TM to model the area of network monitoring in packet-mode transmission. Complex network documents are difficult to maintain and are not guaranteed to mirror actual situations. Network monitoring is constant monitoring for and alerting of malfunctions, failures, stoppages or suspicious activities in a network system. Current monitoring systems are built on ad hoc descriptions that lack systemization. The TM model of monitoring presents a theoretical foundation integrated with events and behavior descriptions. To investigate TM modeling's feasibility, we apply it to an existing computer network in a Kuwaiti enterprise to create an integrated network system that includes hardware, software and communication facilities. The final specifications point to TM modeling's viability in the computer networking field.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37B no.10
• /
• pp.877-888
• /
• 2012

Network virtualization technology is a crucial research issue of Future Internet which pursues a service-oriented architecture so-called NaaS (Network as a Service) or SDN (Software Defined Network). Network virtualization is expected to play an important role in Future Internet researches as a network testbed technology which enables innovative protocols to be experimented independently on a common testbed environment. We propose a control framework in order to provide user defined topology and bandwidth services with network virtualization and to separate and manage multiple-user traffics in a small and medium scale - single domain research network. The proposed framework (VIMS; Virtual network Integrated control and Management System) supports testbed expansions without any changes of heterogeneous virtual network support equipments through accommodation of each equipment's control plane. The framework shows a feasibility through applied to KOREN and we describe the differences and further study directions for improvement the framework comparing with GENI control framework.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.644-645
• /
• 2014

This paper proposes a software defined storaging method to converge the network virtualization techique and the RAID of distributed storage environment. The proposed method designs software based storage which it apply a flexible control and maintenance of storages. In addition, the method overcomes the restricted of physical storage cpapcity and cut cousts of data recovery.