Spelling suggestions: "subject:"softwaredefined betworks"" "subject:"softwaredefined conetworks""
21 |
Dynamic allocation of resources using machine learning and quantile regression by harnessing the power of software defined networksAlutaibi, Ahmed 02 May 2022 (has links)
In the last decade, data networks have shifted from the static deployment of resources to a dynamic approach. With the help of Software Defined Networks (SDN) and Network Function Visualization (NFV), information and data about the network can be collected. Also, deployment and allocation of resources can be delegated to a central controller. In this thesis we investigate the power of SDN and how central management of resources can help produce better and efficient data networks. It begins with an introduction to SDN and its capabilities. The added benefits of SDN over traditional network frameworks and topics that SDN contributed most to. We show the power of collecting data using SDN and how it enables different approaches to accomplish the needed task. This was facilitated by the programmability and the separation of the control and data planes. We tackle the simple task of measuring the delay between two communicating devices in the network. The results show that SDN is capable of providing a rich infrastructure to build future networks. Also, it illustrates that using SDN to measure the delay between devices in the network can give accurate results. The differences between the tested techniques is shown and evaluated. After collecting the data from the network, the next step is getting an insight on that data. Next we used collected network bandwidth data to predict future bandwidth usage. We used various prediction models to establish prediction intervals. We created a state of the art metric that evaluates and compares the performance of each model. We show that the network bandwidth is highly predictable and that dynamic allocation of network bandwidth is attainable. The next logical step is to act upon those insight which is investigated next. We establish the same prediction models investigated but instead of prediction intervals we establish upper quantiles. Prediction is done on data center resources data set. The results show that using quantile prediction can give guarantees on resources usage boundaries which implies a guarantee on service level agreements. Allocating just the needed resources, produce a more efficient data center and in turn cuts a lot of the needed energy. Our estimate show that upto 56% of power can be saved without violating the service level agreement. / Graduate
|
22 |
Design and Analysis of Anomaly Detection and Mitigation Schemes for Distributed Denial of Service Attacks in Software Defined Network. An Investigation into the Security Vulnerabilities of Software Defined Network and the Design of Efficient Detection and Mitigation Techniques for DDoS Attack using Machine Learning TechniquesSangodoyin, Abimbola O. January 2019 (has links)
Software Defined Networks (SDN) has created great potential and hope to
overcome the need for secure, reliable and well managed next generation
networks to drive effective service delivery on the go and meet the demand
for high data rate and seamless connectivity expected by users. Thus, it
is a network technology that is set to enhance our day-to-day activities.
As network usage and reliance on computer technology are increasing
and popular, users with bad intentions exploit the inherent weakness of
this technology to render targeted services unavailable to legitimate users.
Among the security weaknesses of SDN is Distributed Denial of Service
(DDoS) attacks.
Even though DDoS attack strategy is known, the number of successful
DDoS attacks launched has seen an increment at an alarming rate over
the last decade. Existing detection mechanisms depend on signatures of
known attacks which has not been successful in detecting unknown or
different shades of DDoS attacks. Therefore, a novel detection mechanism
that relies on deviation from confidence interval obtained from the normal
distribution of throughput polled without attack from the server. Furthermore, sensitivity analysis to determine which of the network metrics (jitter, throughput and response time) is more sensitive to attack by
introducing white Gaussian noise and evaluating the local sensitivity using feed-forward artificial neural network is evaluated. All metrics are sensitive in detecting DDoS attacks. However, jitter appears to be the most sensitive to attack. As a result, the developed framework provides
an avenue to make the SDN technology more robust and secure to DDoS
attacks.
|
23 |
Security Analysis and Access Control Enforcement through Software Defined Networks / Analyse de sécurité et renforcement de control d’accès à travers les réseaux programmablesZerkane, Salaheddine 05 November 2018 (has links)
Les réseaux programmables (SDN) sont un paradigme émergent qui promet de résoudre les limitations de l'architecture du réseau conventionnel. Dans cette thèse, nous étudions et explorons deux aspects de la relation entre la cybersécurité et les réseaux programmables. D'une part, nous étudions la sécurité pour les réseaux programmables en effectuant une analyse de leurs vulnérabilités. Une telle analyse de sécurité est un processus crucial pour identifier les failles de sécurité des réseaux programmables et pour mesurer leurs impacts. D'autre part, nous explorons l'apport des réseaux programmables à la sécurité. La thèse conçoit et implémente un pare-feu programmable qui transforme la machine à états finis des protocoles réseaux, en une machine à états équivalente pour les réseaux programmables. En outre, la thèse évalue le pare-feu implémenté avec NetFilter dans les aspects de performances et de résistance aux attaques d’inondation par paquets de synchronisation. De plus, la thèse utilise l'orchestration apportée par les réseaux programmables pour renforcer la politique de sécurité dans le Cloud. Elle propose un Framework pour exprimer, évaluer, négocier et déployer les politiques de pare-feu dans le contexte des réseaux programmables sous forme de service dans le Cloud. / Software Defined Networking (SDN) is an emerging paradigm that promises to resolve the limitations of the conventional network architecture.SDN and cyber security have a reciprocal relationship. In this thesis, we study and explore two aspects of this relationship. On the one hand, we study security for SDN by performing a vulnerability analysis of SDN. Such security analysis is a crucial process in identifying SDN security flaws and in measuring their impacts. It is necessary for improving SDN security and for understanding its weaknesses.On the other hand, we explore SDN for security. Such an aspect of the relationship between SDN and security focusses on the advantages that SDN brings into security.The thesis designs and implements an SDN stateful firewall that transforms the Finite State Machine of network protocols to an SDN Equivalent State Machine. Besides, the thesis evaluates SDN stateful firewall and NetFilter regarding their performance and their resistance to Syn Flooding attacks.Furthermore, the thesis uses SDN orchestration for policy enforcement. It proposes a firewall policy framework to express, assess, negotiate and deploy firewall policies in the context of SDN as a Service in the cloud.
|
24 |
Security challenges within Software Defined NetworksSund, Gabriel, Ahmed, Haroon January 2014 (has links)
A large amount of today's communication occurs within data centers where a large number of virtual servers (running one or more virtual machines) provide service providers with the infrastructure needed for their applications and services. In this thesis, we will look at the next step in the virtualization revolution, the virtualized network. Software-defined networking (SDN) is a relatively new concept that is moving the field towards a more software-based solution to networking. Today when a packet is forwarded through a network of routers, decisions are made at each router as to which router is the next hop destination for the packet. With SDN these decisions are made by a centralized SDN controller that decides upon the best path and instructs the devices along this path as to what action each should perform. Taking SDN to its extreme minimizes the physical network components and increases the number of virtualized components. The reasons behind this trend are several, although the most prominent are simplified processing and network administration, a greater degree of automation, increased flexibility, and shorter provisioning times. This in turn leads to a reduction in operating expenditures and capital expenditures for data center owners, which both drive the further development of this technology. Virtualization has been gaining ground in the last decade. However, the initial introduction of virtualization began in the 1970s with server virtualization offering the ability to create several virtual server instances on one physical server. Today we already have taken small steps towards a virtualized network by virtualization of network equipment such as switches, routers, and firewalls. Common to virtualization is that it is in early stages all of the technologies have encountered trust issues and general concerns related to whether software-based solutions are as rugged and reliable as hardware-based solutions. SDN has also encountered these issues, and discussion of these issues continues among both believers and skeptics. Concerns about trust remain a problem for the growing number of cloud-based services where multitenant deployments may lead to loss of personal integrity and other security risks. As a relatively new technology, SDN is still immature and has a number of vulnerabilities. As with most software-based solutions, the potential for security risks increases. This thesis investigates how denial-of-service (DoS) attacks affect an SDN environment and a single-threaded controller, described by text and via simulations. The results of our investigations concerning trust in a multi-tenancy environment in SDN suggest that standardization and clear service level agreements are necessary to consolidate customers’ confidence. Attracting small groups of customers to participate in user cases in the initial stages of implementation can generate valuable support for a broader implementation of SDN in the underlying infrastructure. With regard to denial-of-service attacks, our conclusion is that hackers can by target the centralized SDN controller, thus negatively affect most of the network infrastructure (because the entire infrastructure directly depends upon a functioning SDN controller). SDN introduces new vulnerabilities, which is natural as SDN is a relatively new technology. Therefore, SDN needs to be thoroughly tested and examined before making a widespread deployment. / Dagens kommunikation sker till stor del via serverhallar där till stor grad virtualiserade servermiljöer förser serviceleverantörer med infrastukturen som krävs för att driva dess applikationer och tjänster. I vårt arbete kommer vi titta på nästa steg i denna virtualiseringsrevolution, den om virtualiserade nätverk. mjukvarudefinierat nätverk (eng. Software-defined network, eller SDN) kallas detta förhållandevis nya begrepp som syftar till mjukvarubaserade nätverk. När ett paket idag transporteras genom ett nätverk tas beslut lokalt vid varje router vilken router som är nästa destination för paketet, skillnaden i ett SDN nätverk är att besluten istället tas utifrån ett fågelperspektiv där den bästa vägen beslutas i en centraliserad mjukvaruprocess med överblick över hela nätverket och inte bara tom nästa router, denna process är även kallad SDN kontroll. Drar man uttrycket SDN till sin spets handlar det om att ersätta befintlig nätverksutrustning med virtualiserade dito. Anledningen till stegen mot denna utveckling är flera, de mest framträdande torde vara; förenklade processer samt nätverksadministration, större grad av automation, ökad flexibilitet och kortare provisionstider. Detta i sin tur leder till en sänkning av löpande kostnader samt anläggningskostnader för serverhallsinnehavare, något som driver på utvecklingen. Virtualisering har sedan början på 2000-talet varit på stark frammarsch, det började med servervirtualisering och förmågan att skapa flertalet virtualiserade servrar på en fysisk server. Idag har vi virtualisering av nätverksutrustning, såsom switchar, routrar och brandväggar. Gemensamt för all denna utveckling är att den har i tidigt stadie stött på förtroendefrågor och överlag problem kopplade till huruvida mjukvarubaserade lösningar är likvärdigt robusta och pålitliga som traditionella hårdvarubaserade lösningar. Detta problem är även något som SDN stött på och det diskuteras idag flitigt bland förespråkare och skeptiker. Dessa förtroendefrågor går på tvären mot det ökande antalet molnbaserade tjänster, typiska tjänster där säkerheten och den personliga integriten är vital. Vidare räknar man med att SDN, liksom annan ny teknik medför vissa barnsjukdomar såsom kryphål i säkerheten. Vi kommer i detta arbete att undersöka hur överbelastningsattacker (eng. Denial-of-Service, eller DoS-attacker) påverkar en SDN miljö och en singel-trådig kontroller, i text och genom simulering. Resultatet av våra undersökningar i ämnet SDN i en multitenans miljö är att standardisering och tydliga servicenivåavtal behövs för att befästa förtroendet bland kunder. Att attrahera kunder för att delta i mindre användningsfall (eng. user cases) i ett inledningsskede är också värdefullt i argumenteringen för en bredare implementering av SDN i underliggande infrastruktur. Vad gäller DoS-attacker kom vi fram till att det som hackare går att manipulera en SDN infrastruktur på ett sätt som inte är möjligt med dagens lösningar. Till exempel riktade attacker mot den centraliserade SDN kontrollen, slår man denna kontroll ur funktion påverkas stora delar av infrastrukturen eftersom de är i ett direkt beroende av en fungerande SDN kontroll. I och med att SDN är en ny teknik så öppnas också upp nya möjligheter för angrepp, med det i åtanke är det viktigt att SDN genomgår rigorösa tester innan större implementation.
|
25 |
Solução de redundância múltipla de servidores DHCP utilizando redes definidas por softwareTrombeta, Lucas January 2016 (has links)
Orientador : Prof. Dr. Nunzio Marco Torrisi / Dissertação (mestrado) - Universidade Federal do ABC, Programa de Pós-Graduação em Ciência da Computação, 2016. / As redes de computadores estão sofrendo mudanças ao longo dos últimos anos e várias tecnologias vem sendo implementadas com o intuito de renovar a forma de comunicação
entre os dispositivos, quer sejam mudanças em meio físico (como aumento largura de banda devido a tecnologia de fibra ótica e novas tecnologias de comunicação wireless), quer sejam
mudanças no modo de comunicação (diminuição do overhead de cabeçalhos, novos protocolos de comunicação(HTTP2), utilização de software para definir comportamento de rede.
Um dos poucos pontos em que essas mudanças tecnológicas não interferiram foi no modo com o qual os dispositivos recebem seu endereço de rede, que ainda é através de um servidor DHCP. Dado este fato e a evolução do modelo tradicional de rede para redes definidas por software, este trabalho foi desenvolvido utilizando as funções presentes tanto no protocolo
DHCP quanto nas Redes Definidas por Software criando uma solução de redundância múltipla do serviço de DHCP. / Computer networks are changing over the last few years, many technologies are being implemented as a way to renew how hosts should communicate between themselves. Some physical changes: increase of bandwidth through fiber optics technology, new wireless protocol; some software changes: decreasing protocol header overhead, new communication protocols(HTTP2), use of software to define network behavior. On the other hand, the way of network devices gets their IP address inside a network is one of the few features that those technology changes did not interfere, devices¿ IP addresses are still delivered by a DHCP server. Through these facts and the evolution of traditional computer networks to software defined networks, this work was developed merging some software defined network functions with DHCP functions in order to raise a new multiple redundancy DHCP service solution.
|
26 |
Conception et gestion de réseaux efficaces en énergie / Design and management of networks with low power consumptionPhan, Truong Khoa 25 September 2014 (has links)
Dans cette thèse, nous étudions plusieurs modèles de routage efficaces en énergie. Pour chaque modèle, nous présentons une formulation en programmation linéaire mixte permettant de trouver une solution exacte. En outre, comme il s’agit de problèmes NP-Difficiles, nous proposons des heuristiques efficaces pour des réseaux de grande taille. Dans la première partie de cette thèse, nous étudions une solution de routage efficace en énergie dans laquelle nous ajoutons la possibilité d’éliminer des redondances dans les paquets transmis sur le réseau. Nous montrons premièrement que l’ajout de l’élimination des redondances permet d’améliorer l’efficacité énergétique des réseaux en éteignant plus de liens. Ensuite, nous étendons le modèle afin qu’il prenne en compte un certain niveau d’incertitudes dans le volume de trafic et le taux de redondances. La deuxième partie de cette thèse est consacrée aux problèmes qui se posent lors du déploiement de tels protocoles dans les réseaux. Plus particulièrement, nous proposons de minimiser les changements entre deux configurations réseaux consécutives lorsque plusieurs matrices de trafic sont considérées. Le routage des demandes étant alors assuré avec le protocole de routage OSPF (Open Shortest Path First). Ensuite, nous abordons le problème de la limitation du nombre de règles de routage dans les routeurs en utilisant une technologie de type SDN (Software Defined Networks). Enfin, nous présentons en annexe des travaux complémentaires réalisés au cours de cette thèse concernant le routage multicast et le contrôle de congestion TCP. / In this thesis, we study several models of energy-Aware routing. For each model, we present a linear programming formulation to find the exact solution. Moreover, since energy-Aware routing is NP-Hard problem, we also propose efficient heuristic algorithms for large scale networks. In the first part of this thesis, we deal with GreenRE - a new energy-Aware routing model with the support of redundancy elimination. We first present a deterministic model in which we show how to combine energy-Aware routing and redundancy elimination to improve energy efficiency for backbone networks. Then, we extend the model in order to take into account uncertainties in traffic volumes and redundancy rates. The second part of this thesis is devoted to the deployment issues of energy- aware routing in practice. In detail, to avoid service deterioration for end-Users, we limit changes of network configurations in multi-Period traffic matrices in Open Shortest Path First (OSPF) protocol. Next, we address the problem of limited rule space in OpenFlow switches when installing energy-Aware routing configurations. Finally, we present in the appendix other works developed during this thesis: multicast network protocol and TCP congestion control algorithm.
|
27 |
Upravljanje komunikacionom mrežom elektroenergetske pametne mreže sa promenljivim komunikacionim zahtevima / Smart grid communication network management with variable communication requirementsČokić Mita 07 October 2020 (has links)
<p>Pametna elektroenergetska mreža predstavlja mrežu nove generacije koja treba da bude efikasna, proširiva, pouzdana i jednostavna za upravljanje. Pametnu mrežu karakteriše veliki broj uređaja i dvosmerna komunikacija sa njima. Ovi uređaji će generisati ogromne količine podataka koje je potrebno pročitati i transportovati do kontrolnog centra, za šta je neophodna odgovarajuća komunikaciona infrastruktura koja obezbeđuje adekvatan kvalitet usluge. U ovoj disertaciji je prikazano rešenje za obezbeđivanje kvaliteta usluge sabraćaja sa dinamičkim promenama prioriteta i propusnog opsega bazirano na programabilnim računarskim mrežama. Takođe je razvijena platforma za evaluaciju komunikacione infrastrukture pametnih mreža kako bi se omogućilo jednostavnije emuliranje različitih mrežnih topologija za potrebe razvoja novih algoritama upravljanja. Performanse rešenja su potvrđene putem šest testnih scenarija i pokazano je da predstavljeno rešenje daje bolje rezultate za sve scenarije sa aspekta obezbeđivanja propusnog opsega i mrežnog kašnjenja.</p> / <p>Smart grid represents the next generation power network which should be efficient, extensible, reliable and easy to manage. The smart grid will have a great number of devices with two-way communication. These devices will generate large amount of data that needs to be read and transported to utility control center, which further requires adequate communication infrastructure with appropriate quality of service. This dissertation presents a solution for providing quality of service for traffic with dynamic priority and bandwidth requirements, based on software defined networks. The platform for smart grid communication infrastructure evaluation is developed to enable easy emulation of different network topologies for the purpose of developing new control algorithms. Solution performance is verified using six test scenarios and it is shown that the proposed solution gives better results for all scenarios from the aspect of bandwidth provision and network latency.</p>
|
28 |
Adaptive Resizing of Deadline-Driven Requests for Provisioning Traffic in Elastic Optical NetworksMorell, Jared Anthony 20 August 2013 (has links)
No description available.
|
29 |
<b>SECURE AUTHENTICATION AND PRIVACY-PRESERVING TECHNIQUES IN VEHICULAR AD-HOC NETWORKS</b>Aala Oqab Alsalem (17075812) 28 April 2024 (has links)
<p dir="ltr">VANET is formed by vehicles, road units, infrastructure components, and various con- nected objects.It aims mainly to ensure public safety and traffic control. New emerging applications include value-added and user-oriented services. While this technological ad- vancement promises ubiquitous deployment of the VANET, security and privacy challenges must be addressed. Thence, vehicle authentication is a vital process to detect malicious users and prevent them from harming legitimate communications. Hover, the authentication pro- cess uses sensitive information to check the vehicle’s identity. Sharing this information will harm vehicle privacy. In this thesis, we aim to deal with this issues:</p><ul><li>How can we ensure vehicle authentication and avoid sensitive and identity information leaks simultaneously?</li><li>When nodes are asked to provide identity proof, how can we ensure that the shared information is only used by an authorized entity?</li><li>Can we define an effective scheme to distinguish between legitimate and malicious network nodes?This dissertation aims to address the preservation of vehicle private information used within the authentication mechanism in VANET communications.The VANET characteristics are thoroughly presented and analyzed. Security require- ments and challenges are identified. Additionally, we review the proposed authentication techniques and the most well-known security attacks while focusing on the privacy preser- vation need and its challenges.To fulfill, the privacy preservation requirements, we proposed a new solution called Active Bundle AUthentication Solution based on SDN for Vehicular Networks (ABAUS). We intro- duce the Software Defined Networks (SDN) as an authentication infrastructure to guarantee the authenticity of each participant. Furthermore, we enhance the preservation of sensitive data by the use of an active data Bundle (ADB) as a self-protecting security mechanism. It ensures data protection throughout the whole data life cycle. ABAUS defines a dedicated registration protocol to verify and validate the different members of the network.</li></ul><p dir="ltr">first solution focused on legitimate vehicle identification and sensitive data pro- tection. A second scheme is designed to recognize and eliminate malicious users called BEhaviour-based REPutation scheme for privacy preservation in VANET using blockchain technology (BEREP). Dedicated public blockchains are used by a central trust authority to register vehicles and store their behavior evaluation and a trust scoring system allows nodes to evaluate the behavior of their communicators and detect malicious infiltrated users.</p><p dir="ltr">By enhancing sensitive data preservation during the authentication process and detect- ing malicious attempts, our proposed work helps to tackle serious challenges in VANET communications.</p>
|
30 |
Gerenciamento autônomo de redes na Internet do futuroQueiróz, Alexandre Passito de 04 December 2012 (has links)
Made available in DSpace on 2015-04-29T15:10:48Z (GMT). No. of bitstreams: 1
ALEXANDRE PASSITO.pdf: 3822416 bytes, checksum: 4f278e2830ed590e916983c979c90872 (MD5)
Previous issue date: 2012-12-04 / CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Autonomous networking research to applies intelligent agent and multiagent systems theory to
network controlling mechanisms. Deploying such autonomous and rational entities in the network
can improve its behavior in the presence of very dynamic and complex control scenarios.
Unfortunately, building agent-based mechanisms for networks is not an easy task. The main
difficulty is to create concise knowledge representations about network domains and reasoning
mechanisms to deal with them. Furthermore, the Internet makes the design of multiagent
systems for network controlling a challenging activity involving the modeling of different participants
with diverse beliefs and intentions. Such type of system often poses scalability problems
due to the lack of incentives for cooperation between administrative domains. Finally, as the
current structure of the Internet often prevents innovation, constructed autonomous networking
mechanisms are not fully deployed in large scale scenarios.
The Software-Defined Networking (SDN) paradigm is in the realm of Future Internet efforts.
In the SDN paradigm, packet forwarding hardware is controlled by software running as a
separated control plane. Management software uses an open protocol to program the
owtables
in different switches and routers.
This work presents a general discussion about the integration of autonomous networks and
software-defined networks. Based on the knowledge offered by this discussion, it presents a
framework that provides autonomy to SDN domains allowing them to act cooperatively when
deployed in scenarios with distributed management.
Two case studies are presented for important open issues in the Internet: (1) the problem of
mitigating DDoS attacks when thousands of attackers perform malicious packet
ooding and
SDN domains must cooperate to cope with packet filtering at the source; (2) the problem
of network traffic management when multiple domains must cooperate and modify routing
primitives. / A pesquisa em redes autônomas aplica a teoria de agentes inteligentes e sistemas multiagente
em mecanismos de controle de redes. Implantar esse mecanismos autônomos e racionais na
rede pode melhorar seu comportamento na presença de cenários de controle muito complexos
e dinâmicos. Infelizmente, a construção de mecanismos baseados em agentes para redes não é
uma tarefa fácil. A principal dificuldade é criar representações concisas de conhecimento sobre
os domínios de redes e mecanismos de raciocínio para lidar com elas. Além disso, a Internet
faz com que o projeto de sistemas multiagente para o controle da rede seja uma atividade intrincada
envolvendo a modelagem de diferentes participantes com diversas crenças e intenções.
Esses tipos de sistemas geralmente apresentam problemas de escalabilidade devido à falta de
incentivos para cooperação entre domínios administrativos. Finalmente, como a estrutura corrente
da Internet geralmente impede inovações, mecanismos de redes autônomas construídos
não são totalmente implantados em cenários de larga escala.
O paradigma das redes definidas por software (SDN) está na esfera dos esforços da Internet
do Futuro. No paradigma SDN, o hardware de repasse de pacotes é controlado por software
sendo executado como um plano de controle separado. Softwares de gerenciamento utilizam um
protocolo aberto que programa as tabelas de
uxo em diferentes switches e roteadores.
Este trabalho apresenta uma discussão geral sobre a integração de redes autônomas e redes
definidas por software. Baseado no conhecimento oferecido por essa discussão, é apresentado
um arcabouço que provê autonomia para domínios SDN, permitindo que eles atuem cooperativamente
quando implantados em cenários com gerenciamento distribuído.
Dois estudos de caso são apresentados para importantes questões em aberto na Internet: (1) o
problema da mitigação de ataques DDoS quando milhares de atacantes realizam inundação por
pacotes e os domínios SDN precisam cooperar para lidar com o filtro de pacotes na origem; (2)
o problema do gerenciamento de tráfego da rede quando múltiplos domínios devem cooperar e
realizar modificações nas primitivas de roteamento de redes.
|
Page generated in 0.0421 seconds