• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3671-3689
• /
• 2019

Software defined networking brings unique security risks such as control plane saturation attack while enhancing the performance of wireless sensor networks. The attack is a new type of distributed denial of service (DDoS) attack, which is easy to launch. However, it is difficult to detect and hard to defend. In response to this, the attack threat model is discussed firstly, and then a DDoS attack prevention extension, called FuzzyGuard, is proposed. In FuzzyGuard, a control network with both the protection of data flow and the convergence of attack flow is constructed in the data plane by using the idea of independent routing control flow. Then, the attack detection is implemented by fuzzy inference method to output the current security state of the network. Different probabilistic suppression modes are adopted subsequently to deal with the attack flow to cost-effectively reduce the impact of the attack on the network. The prototype is implemented on SDN-WISE and the simulation experiment is carried out. The evaluation results show that FuzzyGuard could effectively protect the normal forwarding of data flow in the attacked state and has a good defensive effect on the control plane saturation attack with lower resource requirements.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.3
• /
• pp.874-890
• /
• 2021

With the widespread deployment of the fifth-generation (5G) communication networks, various real-time applications are rapidly increasing and generating massive traffic on backhaul network environments. In this scenario, network congestion will occur when the communication and computation resources exceed the maximum available capacity, which severely degrades the network performance. To alleviate this problem, this paper proposed an intelligent resource allocation (IRA) to integrate with the extant resource adjustment (ERA) approach mainly based on the convergence of support vector machine (SVM) algorithm, software-defined networking (SDN), and mobile edge computing (MEC) paradigms. The proposed scheme acquires predictable schedules to adapt the downlink (DL) transmission towards off-peak hour intervals as a predominant priority. Accordingly, the peak hour bandwidth resources for serving real-time uplink (UL) transmission enlarge its capacity for a variety of mission-critical applications. Furthermore, to advance and boost gateway computation resources, MEC servers are implemented and integrated with the proposed scheme in this study. In the conclusive simulation results, the performance evaluation analyzes and compares the proposed scheme with the conventional approach over a variety of QoS metrics including network delay, jitter, packet drop ratio, packet delivery ratio, and throughput.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.6
• /
• pp.1114-1116
• /
• 2015

In this paper, we propose a load distribution scheme in SDN utilizing load redirection, enabling incoming messages to be migrated to another controller. Specifically, when the capacity of a controller reaches a threshold, the controller makes incoming packets be migrated to a less-loaded controller to prevent them from being blocked. Analytical result shows that our scheme has lower blocking probability than the conventional scheme.

• ETRI Journal
• /
• v.41 no.2
• /
• pp.197-206
• /
• 2019

Software-defined networking (SDN) is a modern approach for current computer and data networks. The increase in the number of business websites has resulted in an exponential growth in web traffic. To cope with the increased demands, multiple web servers with a front-end load balancer are widely used by organizations and businesses as a viable solution to improve the performance. In this paper, we propose a load-balancing mechanism for SDN. Our approach allocates web requests to each server according to its response time and the traffic volume of the corresponding switch port. The centralized SDN controller periodically collects this information to maintain an up-to-date view of the load distribution among the servers, and incoming user requests are redirected to the most appropriate server. The simulation results confirm the superiority of our approach compared to several other techniques. Compared to LBBSRT, round robin, and random selection methods, our mechanism improves the average response time by 19.58%, 33.94%, and 57.41%, respectively. Furthermore, the average improvement of throughput in comparison with these algorithms is 16.52%, 29.72%, and 58.27%, respectively.

• Information and Communications Magazine
• /
• v.31 no.9
• /
• pp.46-51
• /
• 2014

미래지향적 네트워크 및 서비스 인프라의 구축을 위해 네트워크의 개방화와 가상화에 대한 관심이 높아졌다. 이를 지원하는 기술로서 SDN (Software-defined Networking) 및 NFV(Network Function Virtualisation) 기술이 소개되었다. 특히 트래픽에 따라 필요한 네트워크 기능들을 선택적으로 조합 및 실행하여 하나의 네트워크 서비스를 구현하는 서비스 체이닝(Service Chaining 혹은 Service Function Chaining) 기술이 높은 관심을 받고 있다. 이를 통해 컴포넌트 서비스들로 이루어진 경로를 정의함으로써 네트워크 서비스를 적시에 구성 및 능동적으로 제어할 수 있다. 본 고에서는 서비스 체이닝 기술의 기본 개념및 기능에 대해 간략히 소개하고, 주요 기능의 표준화를 담당하는 IETF SFC WG 의 주요 표준화 이슈에 대한 분석 및 향후 전망을 기술한다.

• Information and Communications Magazine
• /
• v.31 no.9
• /
• pp.3-8
• /
• 2014

본고에서는 분산형 이동성 관리 기법(Distributed Mobility Management, DMM)에 대한 표준화 연구 동향 및 이를 통한 모바일 네트워크에서의 적용 방안에 대한 연구 동향을 소개한다. 특히, 국제 표준화 단체인 IETF에서 논의되고 있는 분산형 이동성 관리 기법의 방향과 함께 최근 활발하게 논의되는 소프트웨어 정의 네트워크(Software-Defined Networking, SDN) 및 네트워크 기능 가상화(Network Function Virtualization, NFV)기술과의 접목을 통한 연구들을 소개하고 다양한 기술의 접목에 따른 이슈들을 분석한다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.17 no.6
• /
• pp.1047-1054
• /
• 2022

With the advent of SDN, a next-generation network technology that separates the hardware and software areas of network equipment and defines the network using open source-based software, it solves the problems of complexity and scalability of the existing network system. It is now possible to configure a custom network according to the requirements. However, it has a structural disadvantage that a load on the network may occur due to a lot of control communication occurring between the controller and the switch, and many studies on network load distribution to effectively solve this have been preceded. In particular, in previous studies of load balancing techniques related to flow tables, many studies were conducted without consideration of flow entries, and as the number of flows increased, the packet processing speed decreased and the load was increased. To this end, we propose a new network load balancing technique that monitors flows in real time and applies dynamic flow management techniques to control the number of flows to an appropriate level while maintaining high packet processing speed.

• Journal of Information Processing Systems
• /
• v.13 no.2
• /
• pp.236-255
• /
• 2017

The rapid growth of smart devices demands an enhanced throughput for network connection sustainability during mobility. However, traditional wireless network architecture suffers from mobility management issues. In order to resolve the traditional mobility management issues, we propose a novel architecture for future wireless access network based on software-defined network (SDN) by using the advantage of network function virtualization (NFV). In this paper, network selection approach (NSA) has been introduced for mobility management that comprises of acquiring the information of the underlying networking devices through the OpenFlow controller, percepts the current network behavior and later the selection of an appropriate action or network. Furthermore, mobility-related scenarios and use cases to analyze the implementation aspects of the proposed architecture are provided. The simulation results confirm that the proposed scenarios have obtained a seamless mobility with enhanced throughput at minimum packet loss as compared to the existing IEEE 802.11 wireless network.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.13 no.6
• /
• pp.605-610
• /
• 2020

Software Defined Networking (SDN) is setting the standard for the management of networks due to its scalability, flexibility and functionality to program the network. The Distributed Denial of Service (DDoS) attack is most widely used to attack the SDN controller to bring down the network. Different methodologies have been utilized to detect DDoS attack previously. In this paper, first the dataset is obtained by Kaggle with 84 features, and then according to the rank, the 20 highest rank features are selected using Permutation Importance Algorithm. Then, the datasets are trained and tested with Convolution Neural Network (CNN) classifier model by utilizing deep learning techniques. Our proposed solution has achieved the best results, which will allow the critical systems which need more security to adopt and take full advantage of the SDN paradigm without compromising their security.

• KNOM Review
• /
• v.22 no.3
• /
• pp.31-39
• /
• 2019

This paper introduces our research results of SDN/SON-based emergeny communications system for nuclear power plant under extreme natural diaster like Fukusima nuclear power plant incident. In such a extreme situation, nuclear power plant operational staffs which do not have technical knowledge of network provisioning and operations have to deploy the emergency network. Thus our proposed system provides capabilities to provision an emergency network autonomically and enable voice and data services. It also describes our PoC system developed based on the proposed core technology and architecture with the results of system verification testing.