Global ETD Search

71	GNN-based End-to-end Delay Prediction in Software Defined Networking Ge, Zhun 12 August 2022 (has links) Nowadays, computer networks have always been complicated deployment for both the scientific and industry groups as they attempt to comprehend and analyze network performance as well as design efficient procedures for their operation. In software-defined networking (SDN), predicting latency (delay) is essential for enhancing performance, power consumption and resource utilization in meeting its significant latency requirements. In this thesis, we present a graph-based formulation of Abilene Network and other topologies and apply a Graph Neural Network (GNN)-based model, Spatial-Temporal Graph Convolutional Network (STGCN), to predict end-to-end packet delay on this formulation. The evaluation uses STGCN to compare with other machine learning methods: Multiple Linear Regression (MLR), Extreme Gradient Boosting (XGBOOST), Random Forest (RF), and Neural Network (NN). Datasets in use include Abilene, 15-node scale-free, 24-node GEANT2, and 50-node networks. Notably, our GNN-based methodology can achieve 97.0%, 95.9%, 96.1%, and 63.1% less root mean square error (RMSE) in the most complex network situation than the baseline predictor, MLR, XGBOOST and RF, respectively. All the experiments show that STGCN has good prediction performance with small and stable prediction errors. This thesis illustrates the feasibility and benefits of a GNN approach in predicting end-to-end delay in software-defined networks. GNN SDN End-to-end Delay Estimation STGCN
72	Datainsamling i mininet med ONOS och sFlow : Utveckla laboration kopplad till datainsamling Pettersson, Josefine January 2022 (has links) Ett projekt kopplat till SDN och skapande av utbildningsmaterial. SDN utbildning ONOS mininet sFlow iPerf Computer Engineering Datorteknik
73	Impact of using cloud-based SDNcontrollers on the networkperformance Henriksson, Johannes, Magnusson, Alexander January 2019 (has links) Software-Defined Networking (SDN) is a network architecture that differs from traditionalnetwork planes. SDN has tree layers: infrastructure, controller, and application. Thegoal of SDN is to simplify management of larger networks by centralizing control into thecontroller layer instead of having it in the infrastructure. Given the known advantages ofSDN networks, and the flexibility of cloud computing. We are interested if this combinationof SDN and cloud services affects network performance, and what affect the cloud providersphysical location have on the network performance. These points are important whenSDN becomes more popular in enterprise networks. This seems like a logical next step inSDN, centralizing branch networks into one cloud-based SDN controller. These questionswere created with a literature studies and answered with an experimentation method. Theexperiments consist of two network topologies both locally hosted SDN (baseline) and cloudhosted SDN. The topology used Zodiac FX switches and Linux hosts. The following metricswas measured: throughput, latency, jitter, packet loss, and time to add new hosts. Theconclusion is that SDN as a cloud service is possible and does not significantly affect networkperformance. One limitation with this thesis was the hardware, resulting in big fluctuationin throughput and packet loss. SDN Software-Defined Networking Cloud Cloud SDN network performance OpenDayLight OpenFlow Zodiac FX Communication Systems Kommunikationssystem Telecommunications Telekommunikation
74	A secure design of WoT services for smart cities / Conception sécurisée de services IoT pour les villes connectées El jaouhari, Saad 13 December 2018 (has links) WebRTC est une technologie récente de communication qui permet d’établir des échanges multimédia conversationnels directement entre navigateurs. Nous nous intéressons dans cette thèse à des locuteurs dans un Smart Space (SS) défini comme un environnement centré-utilisateur instrumenté par unensemble de capteurs et d’actionneurs connectés. Nous analysons les capacités nécessaires pour permettre à un participant d’une session WebRTC d’impliquer dans cette même session, les flux induits par les objets connectés appartenant au SS d’un utilisateur quelconque de la session. Cette approche recèle un gisement de nombreux nouveaux usages. Nous limitons notre analyse à ceux concernant l’exercice distant d’une expertise et d’un savoir-faire. Techniquement, il s’agit d’articuler de façon contrôlée WebRTC et IoT/WoT. Nous procédons à une extension de WebRTC par WoT pour fournir à tout utilisateur d’une session WebRTC, un accès aux objets connectés du SS de tout autre participant à la session, en mettant l’accent sur la sécurisation de cet accès ainsi que sur sa conformité aux exigences de respect de la vie privée (RGPD) de l’utilisateur concerné. Le positionnement de notre approche dans le contexte des services de communication opérant dans les villes connectées, impose la prise en compte de SSs multiples et variés induisant chacun ses propres politiques de routage et de sécurité. Pour répondre à nos objectifs, il devient nécessaire au cours d’une session WebRTC, d’identifier, sélectionner, déployer et appliquer les règles de routage et de sécurité de façon à garantir un accès rapide et sécurisé aux différents SSs concernés et distribués sur tout le réseau. Nous développons une architecture originale répondant à ces besoins et intégrant un contrôleur SDN du fait de l’étroite imbrication entre les problématiques de routage et de sécurité. Un prototype illustrant notre approche a été mis en oeuvre et testé afin d’évaluer la performance et la sécurité du système. Nous illustrons finalement notre approche dans le domaine de la santé en démontrant son apport pour gérer une infrastructure de grande taille telle qu’un hôpital. / The richness and the versatility of WebRTC, a new peer-to-peer, real-time and browser based communication technology, allowed the imagination of new and innovative services. In this thesis, we analyzed the capabilities required to allow a participant in a WebRTC session to access the smart Things belonging to his own environment as well as those of any other participant in the same session. The access to such environment, which we call “SmartSpace (SS)”, can be either passive, for example by monitoring the contextual information provided by the sensors, or active by requesting the execution of commands by the actuators, or a mixture of both. This approach deserves attention because it allows solving in an original way various issues such as allowing experts to remotely exercise and provide their expertise and/or knowing how. From a technical point of view the issue is not trivial because it requires a smooth and mastered articulation between two different technologies: WebRTC and the Internet of Things (IoT) /Web of Things (WoT). Hence, the first part of the problem studied in this thesis, consists in analyzing the possibilities of extending WebRTC capabilities with theWoT. So as to provide a secure and privacy-respectful access to the various smart objects located in the immediate environment of a participant to any otherend-user involved in the same ongoing WebRTC session. This approach is then illustrated in the ehealth domain and tested in a real smart home (a typical example of a smart space). Moreover,positioning our approach in the context of communication services operating in smart cities requires the ability to support a multiplicity of SSs,each with its own network and security policy. Hence,in order to allow a participant to access one of his own SSs or one of another participant (through a delegation of access process), it becomes necessary to dynamically identify, select, deploy, and enforce the SS’s specific routing and security rules, so as to have an effective, fast and secure access. Therefore, the second part of the problem studied in this Ph.D.consists in defining an efficient management of the routing and security issues regarding the possibility of having multiple SSs distributed over the entire network. WebRTC WoT Sécurité Respect de la vie privée SDN Maison intelligente Santé numérique WebRTC WoT Security Privacy SDN Smart home E-Health 004
75	Software Datapaths for Multi-Tenant Packet Processing / Plans de données logiciels pour les traitements réseaux en environnements partagés Chaignon, Paul 07 May 2019 (has links) En environnement multi-tenant, les réseaux s'appuient sur un ensemble de ressources matérielles partagées pour permettre à des applications isolés de communiquer avec leurs clients. Cette isolation est garantie par un ensemble de mécanismes à la bordure des réseaux: les mêmes serveurs hébergeant les machines virtuelles doivent notamment déterminer le destinataire approprié pour chaque paquet réseau, copier ces derniers entre zones mémoires isolées et supporter les tunnels permettant l'isolation du trafic lors de son transit sur le coeur de réseau. Ces différentes tâches doivent être accomplies avec aussi peu de ressources matérielles que possible, ces dernières étant tout d'abord destinées aux machines virtuelles. Dans un contexte d'intensification de la demande en haute performance sur les réseaux, les acteurs de l'informatique en nuage ont souvent recours à des équipements matériels spécialisés mais inflexibles, leur permettant d'atteindre les performances requises. Néanmoins, dans cette thèse, nous défendons la possibilité d'améliorer les performances significativement sans avoir recours à de tels équipements. Nous prônons, d'une part, une consolidation des fonctions réseaux au niveau de la couche de virtualisation et, d'autre part, une relocalisation de certaines fonctions réseaux hors des machines virtuelles. À cette fin, nous proposons Oko, un commutateur logiciel extensible qui facilite la consolidation des fonctions réseaux dans la couche de virtualisation. Oko étend les mécanismes de l'état de l'art permettant une mise en cache des règles de commutateurs, ceci afin de permettre une exécution des fonctions réseaux sous forme d'extensions au commutateur. De plus, les extensions sont isolées du coeur du commutateur afin d'empêcher des fautes dans les extensions d'impacter le reste du réseau et de faciliter une mise en place rapide et sûre de nouvelles fonctions réseaux. En permettant aux fonctions réseaux de s'exécuter au sein du commutateur logiciel, sans redirections vers des processus distincts, Oko diminue de moitié le coût lié à l'exécution des fonctions réseaux en moyenne. Notre seconde contribution vise à permettre une exécution de certaines fonctions réseaux en amont des machines virtuelles, au sein de la couche de virtualisation. L'exécution de ces fonctions réseaux hors des machines virtuelles permet d'importants gains de performance, mais lèvent des problématiques d'isolation. Nous réutilisons et améliorons la technique utilisé dans Oko pour isoler les fonctions réseaux et l'étendons avec un mécanisme de partage équitable du temps CPU entre les différentes fonctions réseaux relocalisées. / Multi-tenant networks enable applications from multiple, isolated tenants to communicate over a shared set of underlying hardware resources. The isolation provided by these networks is enforced at the edge: end hosts demultiplex packets to the appropriate virtual machine, copy data across memory isolation boundaries, and encapsulate packets in tunnels to isolate traffic over the datacenter's physical network. Over the last few years, the growing demand for high performance network interfaces has pressured cloud providers to build more efficient multi-tenant networks. While many turn to specialized, hard-to-upgrade hardware devices to achieve high performance, in this thesis, we argue that significant performance improvements are attainable in end-host multi-tenant networks, using commodity hardware. We advocate for a consolidation of network functions on the host and an offload of specific tenant network functions to the host. To that end, we design Oko, an extensible software switch that eases the consolidation of network functions. Oko includes an extended flow caching algorithm to support its runtime extension with limited overhead. Extensions are isolated from the software switch to prevent failures on the path of packets. By avoiding costly redirections to separate processes and virtual machines, Oko halves the running cost of network functions on average. We then design a framework to enable tenants to offload network functions to the host. Executing tenant network functions on the host promises large performance improvements, but raises evident isolation concerns. We extend the technique used in Oko to provide memory isolation and devise a mechanism to fairly share the CPU among offloaded network functions with limited interruptions. Réseau programmable Informatique des nuages Traitement des paquets NFV SDN Programmable network Cloud Packet processing NFV SDN 004.678 2
76	Gestion d'une architecture hétérogène distribuée à l'aide du SDN / Management of a heterogeneous distributed architecture with the SDN Gonzalez santamaria, Carlos 19 December 2017 (has links) Les acteurs majeurs d'Internet ont mis en place dans leurs datacenters de plus en plus de virtualisation pour permettre de faire fonctionner plusieurs systèmes d'exploitation simultanément sur un même serveur physique. Cette technologie a permis de faire des économies énergétiques et financières importantes. Elle utilise également au niveau de la recherche depuis peu de temps, en particulier dans le domaine des réseaux. Traditionnellement, ce sont des équipements physiques tels que des commutateurs ou des routeurs qui se chargent du transfert de l'information, à la suite d'une programmation effectuée par les administrateurs. Dorénavant, ces équipements sont également virtualisés et la décision prise pour l'acheminement de l'information se fait de manière logiciel. Des expérimentations de cette technologie de virtualisation du réseau, aussi appelé Software-Defined Network (SDN), ont été mise en place par Google pour relier ses principaux datacenters [1], au travers le monde.Dans le cadre de ce projet, nous présentons une nouvelle architecture basée sur les concepts du SDN, pour les réseaux avec ou sans infrastructure. Cette architecture est composée de réseaux filaires, sans fil et ad-hoc. Elle est ensuite proposée pour intégrer des objets communicants dans un domaine du réseau SDN. Différents domaines sont alors interconnectés pour que la gestion du réseau soit distribuée, sans toutefois réduire le niveau de sécurité. Cette étude propose une nouvelle architecture sécurisée et distribuée pour l'IoT (Internet des Objets). / Recently, the giants of the Internet are adopting every day more and more the benefits of virtualization within the data center. Each virtualized application and its operating system can run simultaneously from one physical device. This technology reduces significantly power consumption, energy consumption, as well as operational cost. Furthermore, not long ago, this promising solution is studied by the research communities to be extended for network virtualization deployment. In traditional network physical device like routers and/or switches are responsible to transfer the information from one point to another, following the instructions previously programmed by a network administrator. At this time, the physical networking devices can be virtualized, providing an intelligent abstraction via virtual network software that makes easy to deploy and manage network resources. The search giant Google has deployed SDN to experiment with the inter-connection between their data center around the world [1].With the exponential growth of devices connected to the Internet, security network is one of the hardest challenge for network managers. Maintaining and securing such large scale and heterogeneous network is a challenging task. In this context, the new networking paradigm, the Software Defined Networking (SDN), introduces many opportunities and provides the potential to overcome those challenges. In our approach, we first propose a new SDN based architecture for networking with or without infrastructure, that we call an SDN domain. This domain includes wired network, wireless network and Ad-Hoc networks. Next, a second architecture includes sensor networks in an SDN-based network and in a domain. Third, interconnecting multiple domains and we describe how we can enhance the security of each domain and how to distribute the security rules in order not to compromise the security of one domain. Finally, we present a new secure and distributed architecture for ad-hoc networks and IoT (Internet of Things). Réseaux ad-Hoc Sdn Openflow Sécurité informatique Cluster Routage Sdn Openflow Grid of Security Network ad-Hoc Cluster Routing 004.6
77	Rede de acesso virtualizada: alocação e posicionamento de recursos / Virtualized radio access networks: centralization, allocation, and positioning of resources Souza, Phelipe Alves de 05 October 2018 (has links) Submitted by Luciana Ferreira (lucgeral@gmail.com) on 2018-11-05T14:23:30Z No. of bitstreams: 2 Dissertação - Phelipe Alves de Souza - 2018.pdf: 2593287 bytes, checksum: 75272a4ac609ad844ce539216911cb72 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2018-11-05T14:30:42Z (GMT) No. of bitstreams: 2 Dissertação - Phelipe Alves de Souza - 2018.pdf: 2593287 bytes, checksum: 75272a4ac609ad844ce539216911cb72 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Made available in DSpace on 2018-11-05T14:30:42Z (GMT). No. of bitstreams: 2 Dissertação - Phelipe Alves de Souza - 2018.pdf: 2593287 bytes, checksum: 75272a4ac609ad844ce539216911cb72 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2018-10-05 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / There are great expectations in CRAN and network virtualization (NFV) technologies, and especially in view of the potential they have to accelerate the deployment of new services while lowering the costs of network operators. Several papers discussed the benefits of deploying a new network infrastructure with such technologies, but only a few investigated how the transition from a legacy network could be. In this context, there is a relevant problem that involves three main issues: 1) which network locations should be updated; 2) how to update the selected location, \ie, to fully virtualized or not; and 3) who should attend virtualized sites. These issues are influenced by the level of centralization employed in a given access network (RAN). Here we propose two optimization models and two heuristics that allow the decision maker to define the desired level of centralization and to evaluate its impact on some metrics such as the investment needed and the level of centralization actually achieved. The models show how the investment should be applied according to the level of centralization and the relative cost between the different resources. Our heuristics present similar performance to the exact approach for relatively small scenarios of the problem, but are able to solve topologies of networks with large number of vertices and maintain a satisfactory solution close to the ideal. / Existem grandes expectativas nas tecnologias de centralização (CRAN) e de virtualização de rede (NFV), e especialmente diante do potencial que têm de acelerar a implantação de novos serviços e, ao mesmo tempo, diminuir os custos das operadoras de redes. Vários trabalhos discutiram os benefícios de se implantar uma nova infraestrutura de rede, com tais tecnologias, mas apenas alguns investigaram como poderia ser a transição a partir de uma rede legada. Nesse contexto, existe um problema relevante que envolve três questões principais: 1) quais locais da rede devem ser atualizados; 2) como atualizar o local selecionado, \ie, para totalmente virtualizado ou não; e 3) quem deve atender aos locais virtualizados. Essas questões são influenciadas pelo nível de centralização empregado em uma determinada rede de acesso (RAN). Aqui, propomos dois modelos de otimização e duas heurísticas que permitem ao tomador de decisão definir o nível de centralização desejado e avaliar seu impacto em algumas métricas, tais como o investimento necessário e o nível de centralização efetivamente alcançado. Os modelos mostram como o investimento deve ser aplicado de acordo com o nível de centralização e o custo relativo entre os diferentes recursos. Nossas heurísticas apresentam desempenho semelhante à abordagem exata para cenários relativamente pequenos do problema, mas são capazes de resolver topologias de redes com grande número de vértices e manter uma solução satisfatória próxima ao ideal. CRAN NFV RAN LTE SDN Virtualização Alocação de recurso CRAN NFV RAN LTE SDN Virtualization Resource allocation
78	Cognitive management of SLA in software-based networks / Gestion cognitive de SLA dans un contexte NFV Bendriss, Jaafar 14 June 2018 (has links) L’objectif de la thèse est d’étudier la gestion de bout en bout des architectures à la SDN, et comment nos briques OSS (Operation Support System) doivent évoluer: cela implique d’étudier les processus métier associés, leurs implémentations ainsi que l’outillage nécessaire. Les objectifs de la thèse sont donc de répondre aux verrous suivants:1. Identifier les changements impliqués par l’émergence de ces réseaux programmables sur les architectures de gestions en termes d’exigences ou "requirements". L’étude peut être focalisée sur un type de réseau, mobile par exemple. 2. Identifier l’évolution à apporter aux interfaces de gestions actuelles: quelles alternatives aux FCAPS (fault, configuration, accounting, performance, and security) ? Quels changements à apporter aux couches de gestions allant du gestionnaire d’équipement ou "Element Management System" jusqu’au OSS ? / The main goal of the PhD activities is to define and develop architecture and mechanisms to ensure consistency and continuity of the operations and behaviors in mixed physical/virtual environments, characterized by a high level of dynamicity, elasticity and heterogeneity by applying a cognitive approach to the architecture where applicable. The target is then to avoid the "build it first, manage it later" paradigm. The research questions targeted by the PhD are the following: 1. Identify the changes on Network Operation Support Systems implementation when using SDN as a design approach for future networks. The study could be restricted to mobile networks for example, or sub-part of it (CORE networks, RAN, data centers, etc); 2.Identify the needed evolution at the management interfaces level: a. Shall we need alternative to the well-known FCAPS and do we still need the element management system? b. What will change to provision an SDN based service? c. How to ensure resiliency of SDN based networks? SDN NFV Réseau de neurones artificiels Gestion de réseaux Niveau de service (SLA) SDN NFV Artificial neural networks Network management Service level agreement
79	Trusted Execution Environments for Open vSwitch : A security enabler for the 5G mobile network Elbashir, Khalid January 2017 (has links) The advent of virtualization introduced the need for virtual switches to interconnect virtual machines deployed in a cloud infrastructure. With Software Defined Networking (SDN), a central controller can configure these virtual switches. Virtual switches execute on commodity operating systems. Open vSwitch is an open source project that is widely used in production cloud environments. If an adversary gains access with full privileges to the operating system hosting the virtual switch, then Open vSwitch becomes vulnerable to a variety of different attacks that could compromise the whole network. The purpose of this thesis project is to improve the security of Open vSwitch implementations in order to ensure that only authenticated switches and controllers can communicate with each other, while maintaining code integrity and confidentiality of keys and certificates. The thesis project proposes a design and shows an implementation that leverages Intel® Safe Guard Extensions (SGX) technology. A new library, TLSonSGX, is implemented. This library replaces the use of the OpenSSL library in Open vSwitch. In addition to implementing standard Transport Level Security (TLS) connectivity, TLSonSGX confines TLS communication in the protected memory enclave and hence protects TLS sensitive components necessary to provide confidentiality and integrity, such as private keys and negotiated symmetric keys. Moreover, TLSonSGX introduces new, secure, and automatic means to generate keys and obtain signed certificates from a central Certificate Authority that validates using Linux Integrity Measurements Architecture (IMA) that the Open vSwitch binaries have not been tampered with before issuing a signed certificate. The generated keys and obtained certificates are stored in the memory enclave and hence never exposed as plaintext outside the enclave. This new mechanism is a replacement for the existing manual and unsecure procedures (as described in Open vSwitch project). A security analysis of the system is provided as well as an examination of performance impact of the use of a trusted execution environment. Results show that generating keys and certificates using TLSonSGX takes less than 0.5 seconds while adding 30% latency overhead for the first packet in a flow compared to using OpenSSL when both are executed on Intel® CoreTM i7-6600U processor clocked at 2.6 GHz. These results show that TLSonSGX can enhance Open vSwitch security and reduce its TLS configuration overhead. / Framkomsten av virtualisering införde behovet av virtuella växlar för att koppla tillsammans virtuella maskiner placerade i molninfrastruktur. Med mjukvarubaserad nätverksteknik (SDN), kan ett centralt styrenhet konfigurera dessa virtuella växlar. Virtuella växlar kör på standardoperativsystem. Open vSwitch är ett open-source projekt som ofta används i molntjänster. Om en motståndare får tillgång med fullständiga privilegier till operativsystemet där Open vSwitch körs, blir Open vSwitch utsatt för olika attacker som kan kompromettera hela nätverket. Syftet med detta examensarbete är att förbättra säkerheten hos Open vSwitch för att garantera att endast autentiserade växlar och styrenheter kan kommunicera med varandra, samtidigt som att upprätthålla kod integritet och konfidentialitet av nycklar och certifikat. Detta examensarbete föreslår en design och visar en implementation som andvändar Intel®s Safe Guard Extensions (SGX) teknologi. Ett nytt bibliotek, TLSonSGX, är implementerat. Detta bibliotek ersätter biblioteket OpenSSL i Open vSwitch. Utöver att det implementerar ett standard “Transport Layer Security” (TLS) anslutning, TLSonSGX begränsar TLS kommunikation i den skyddade minnes enklaven och skyddar därför TLS känsliga komponenter som är nödvändiga för att ge sekretess och integritet, såsom privata nycklar och förhandlade symmetriska nycklar. Dessutom introducerar TLSonSGX nya, säkra och automatiska medel för att generera nycklar och få signerade certifikat från en central certifikatmyndighet som validerar, med hjälp av Linux Integrity Measurements Architecture (IMA), att Open vSwitch-binärerna inte har manipulerats innan de utfärdade ett signerat certifikat. De genererade nycklarna och erhållna certifikat lagras i minnes enklaven och är därför aldrig utsatta utanför enklaven. Denna nya mekanism ersätter de manuella och osäkra procedurerna som beskrivs i Open vSwitch projektet. En säkerhetsanalys av systemet ges såväl som en granskning av prestandaffekten av användningen av en pålitlig exekveringsmiljö. Resultaten visar att använda TLSonSGX för att generera nycklar och certifikat tar mindre än 0,5 sekunder medan det lägger 30% latens overhead för det första paketet i ett flöde jämfört med att använda OpenSSL när båda exekveras på Intel® Core TM processor i7-6600U klockad vid 2,6 GHz. Dessa resultat visar att TLSonSGX kan förbättra Open vSwitch säkerhet och minska TLS konfigurationskostnaden. Open vSwitch SDN Trusted Execution Environment SGX Cloud Computing Open vSwitch SDN mjukvarudefinierade nätverk SGX molntjänster Communication Systems Kommunikationssystem
80	Simulative Evaluation of Security Monitoring Systems based on SDN Stagkopoulou, Alexandra January 2016 (has links) Software Defined Networks (SDN) constitute the new communication paradigm ofprogrammable computer networks. By decoupling the control and date plane the networkmanagement is easier and more flexible. However, the new architecture is vulnerable to anumber of security threats, which are able to harm the network. Network monitoringsystems are pivotal in order to protect the network. To this end, the evaluation of a networkmonitoring system is crucial before the deployment of it in the real environment. Networksimulators are the complementary part of the process as they are necessary during theevaluation of the new system’s performance at the design time. This work focuses on providing a complete simulation framework which is able to(i) support SDN architectures and the OpenFlow protocol, (ii) reproduce the impact ofcyber and physical attacks against the network and (iii) provide detection and mitigationtechniques to address Denial-of-Service (DoS) attacks. The performance of the designedmonitoring system will be evaluated in terms of accuracy, reactiveness and effectiveness.The work is an extension of INET framework of OMNeT++ network simulator. / Software Defined Networks (SDN) utgör den nya kommunikationsmodellen av programmerbara datornätverk. Genom separation av kontroll- och dataplanet blir administrativ hantering av datornätverk enklare och flexiblare. Arkitekturen öppnar emellertid upp nya säkerthets hot, övervakningssystem är därför väsentliga för att skydda datornätverk. Till följd av detta är utvärdering av övervakningssystem kritiskt innan driftsättning i produktionsmiljö. Nätverkssimulatorer är den kompletterande delen i processen då de är nödvändiga för utvärdering av systemets prestanda under design fasen. Detta arbete fokuserar på att tillföra ett komplettet simulations ramverk vilket är kapabelet till; (i) ge stöd för SDN arkitekturer och OpenFlow protokollet, (ii) reproducera skadegörelsen av cyber- och fysiska attacker mot datornäterk och (iii) förse sätt att upptäcka och mildra Denial-of-Service (DoS) attacker. Prestanda av det designade övervakningssystemet är utvärderat i form av exakthet, responstid och effektivitet. Arbetet är en utvidgning av INET ramverket, som är del av OMNeT++ network simulator. Communication Systems Kommunikationssystem

Search results