A Method for the Stateful Data-Plane Algorithm State Synchronization in the Network Processing Unit

2021 ◽  
Vol 33 (4) ◽  
pp. 69-76
Author(s):  
Yaroslav Konstantinovich Kuzmin ◽  
Dmitry Yuryevitch Volkanov ◽  
Julia Alexandrovna Skobtsova
Keyword(s):  
Processing Unit ◽  
Software Defined Networks ◽  
Packet Processing ◽  
Control Plane ◽  
Hardware Support ◽  
Control Information ◽  
Data Plane ◽  
Network Switches ◽  
Network Processing

This work presents a network processing unit based on specialized computational cores that is used for packet processing in network devices (e.g. in network switches). Nowadays stateful data-plane algorithms are developing in software-defined networks. The idea of stateful data-plane algorithms is to move a part of control information from control plane to data plane. But these algorithms require hardware support because they need resources for state handling. This work presents the network processing unit architecture modifications that allow to use stateful data-plane algorithms that require state synchronization between the NPU processing pipelines.

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

scholarly journals A critical review based on Fault Tolerance in Software Defined Networks

2021 ◽  
Vol 12 (2) ◽  
pp. 456-461
Author(s):  
Ms. Shailly
Keyword(s):  
Fault Tolerant ◽  
Decoupling Control ◽  
Critical Survey ◽  
Software Defined Networks ◽  
Control Plane ◽  
Tabular Data ◽  
Plane Failure ◽  
Failure Handling ◽  
Data Plane ◽  
And Control

SDN (Software-Defined Networks) is an incipient architecture of decoupling control plane and data plane involved in dynamic management of network. SDN is being installed in production based networks which ultimately lead to the need of secure and fault tolerant SDN. In the present investigation, we     are discussing about the kind of failures with label happen in SDN. A critical survey based on the recently proposed mechanisms for handling failures in SDN. Initially, we discussed with the help of tabular data involving mechanism of data plane failure. We also discussed the various mechanisms for handling misconfiguration of drift able of switches and control plane failure handling mechanisms. We also epitomize issues with both data and control plane mechanism that are discussed earlier. In the end, we are stating that there is need of build much efficient and secure mechanism for SDN networks.

scholarly journals Performance Evaluation of Pox Controller for Software Defined Networks

2019 ◽  
Vol 8 (9S2) ◽  
pp. 679-684
Keyword(s):  
Performance Metrics ◽  
Network Control ◽  
Network Services ◽  
Software Defined Network ◽  
Software Defined Networks ◽  
Control Plane ◽  
Data Plane ◽  
Pox Controller ◽  
New Challenges ◽  
And Control

In traditional network the coupling of data plane and control plane makes the data forwarding, processing and managing of the network hard and complex. Here each switch takes its own decision, makes the network logically decentralized. To overcome the limitations in traditional network the Engineers developed a new model network known as Software Defined Network (SDN). This network the control plane is decoupled from the data plane making it less complex. It moreover has a logically centralized approach unlike the existing network. This separation enables the network control to be directly programmable and the architecture to be abstracted for applications and network services. SDN platform provides advantages like programmability, task virtualization and easy management of the network. However, it faces new challenges towards scalability and performances. It is a must to understand and analyze the performances of SDN for implementation and deployment in live network environments. SDN working with POX is studied. This paper analyses the working of POX controller and evaluates the performance metrics of POX controller for SDN environment. The emulation is done using the Emulation software

Dynamical Traffic Engineering in Software-Defined Network

2014 ◽  
Vol 610 ◽  
pp. 954-958 ◽  
Author(s):  
Yi Fan Yu ◽  
Yong Li ◽  
De Peng Jin
Keyword(s):  
Linear Programming ◽  
Real Time ◽  
Traffic Engineering ◽  
Network Architecture ◽  
Optimal Solution ◽  
Software Defined Network ◽  
Software Defined Networks ◽  
Control Plane ◽  
Two Stage ◽  
Data Plane

Software-Defined Networks (SDN), as newly proposed network architecture, has a great potential in optimizing network traffics. In SDN, the control plane is separated from the data plane. With the help of the centralized controller, we can gather information of the network in real time. In this work, we propose a practical two-stage approach for traffic engineering that takes advantages of SDN. The approach not only assures every newly injected flow gets a suitable route that does not have too much payload on it, but also schedules the overall flows so that they are distributed more equally in the network. Furthermore, we demonstrate its efficiency in terms of port speed and compared it with port speed under the default routing decision. We also use linear programming to find the optimal solution and compare it with our result.

scholarly journals Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

2021 ◽  
Author(s):  
Md. Rayhan Ahmed ◽  
salekul Islam ◽  
Swakkhar Shatabda ◽  
A. K. M. Muzahidul Islam ◽  
Md. Towhidul Islam Robin
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Software Defined Networks ◽  
Control Plane ◽  
Data Plane ◽  
Benchmark Datasets ◽  
Comprehensive Survey

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

scholarly journals Resource Management in SDN-Based Cloud and SDN-Based Fog Computing: Taxonomy Study

Symmetry ◽  
2021 ◽  
Vol 13 (5) ◽  
pp. 734
Author(s):  
Amirah Alomari ◽  
Shamala K. Subramaniam ◽  
Normalia Samian ◽  
Rohaya Latip ◽  
Zuriati Zukarnain
Keyword(s):  
Resource Management ◽  
Power Consumption ◽  
State Of The Art ◽  
Fog Computing ◽  
Energy Optimization ◽  
Simulation Tool ◽  
Software Defined Networks ◽  
Control Plane ◽  
Data Plane ◽  
Open Issues

Software-defined networks (SDN) is an evolution in networking field where the data plane is separated from the control plane and all the controlling and management tasks are deployed in a centralized controller. Due to its features regarding ease management, it is emerged in other fields such as cloud and fog computing in order to manage asymmetric communication across nodes, thus improving the performance and reducing the power consumption. This study focused on research that were conducted in SDN-based clouds and SDN-based fogs. It overviewed the important contributions in SDN clouds in terms of improving network performances and energy optimization. Moreover, state-of-the-art studies in SDN fogs are presented. The features, methods, environment, dataset, simulation tool and main contributions are highlighted. Finally, the open issues related to both SDN clouds and SDN fogs are defined and discussed.

scholarly journals ABS-TrustSDN: An Agent-Based Simulator of Trust Strategies in Software-Defined Networks

2017 ◽  
Vol 2017 ◽  
pp. 1-9 ◽  
Author(s):  
Iván García-Magariño ◽  
Raquel Lacuesta
Keyword(s):  
Adaptive Systems ◽  
Current Work ◽  
Software Defined Networks ◽  
Control Plane ◽  
Network Resources ◽  
Agent Based ◽  
Trust And Reputation ◽  
Data Plane ◽  
Trust Models ◽  
Novel Agent

Software-defined networks (SDNs) have become a mechanism to separate the control plane and the data plane in the communication in networks. SDNs involve several challenges around their security and their confidentiality. Ideally, SDNs should incorporate autonomous and adaptive systems for controlling the routing to be able to isolate network resources that may be malfunctioning or whose security has been compromised with malware. The current work introduces a novel agent-based framework that simulates SDN isolation protocols by means of trust and reputation models. This way, SDN programmers may estimate the repercussions of certain isolation protocols based on trust models before actually deploying the protocol into the network.

scholarly journals A REVIEW OF FLOW CONFLICTS AND SOLUTIONS IN SOFTWARE DEFINED NETWORKS (SDN)

2021 ◽  
Vol 22 (2) ◽  
pp. 178-187
Author(s):  
Mutaz Hamed Hussien Khairi ◽  
PM. IR. DR. Sharifah Hafizah Syed Ariffin ◽  
PROF. MADYA DR. Nurul Muazzah Abdul Latiff ◽  
DR. Kamaludin Mohamad Yusof ◽  
Mohamed Khalalfalla Hassan
Keyword(s):  
Plane Layer ◽  
Traffic Load ◽  
Detection Methods ◽  
Software Defined Networks ◽  
Security Model ◽  
Control Plane ◽  
Open Flow ◽  
Data Plane ◽  
And Control ◽  
Networking Technology

 Software Defined Networks (SDN) are a modern networking technology introduced to simplify network management via the separation of the data and control planes. Characteristically, flow entries are propagated between the control plane layer and application or data plane layers respectively while following flow table instructions through open flow protocol. More often than not, conflicts in flows occur as a result of traffic load and priority of instructions in the data plane. Several research works have been conducted on flow conflicts in SDN to reduce the effect of conflict. The flow conflict solutions in SDN have three main limitations. First, the OpenFlow table may still cause a defect in the security module according to the priority and action matching in the open flow in the control plane. Second, flow conflict detection requires more time for flow tracking and incremental update, whereas in such a case, delay affects the efficiency of SDN. Besides, the SDN algorithm and mechanism have substantially high memory requirement for instruction and proper functioning. Third, most of the available algorithms and detection methods used to avoid flow conflicts have not fully covered the security model policy. This study reviews these limitations and suggest solutions as future open research directions. ABSTRAK: Rangkaian Perisian Tertentu (SDN) adalah teknologi rangkaian moden yang diperkenalkan bagi memudahkan pengurusan rangkaian melalui pecahan data dan kawalan permukaan. Seperti biasa, aliran kemasukan disebar luas antara lapisan permukaan kawalan dan aplikasi atau lapisan permukaan data masing-masing, sambil mengikuti arahan meja melebar melalui protokol aliran terbuka. Kebiasaannya konflik dalam aliran berlaku disebabkan oleh beban trafik dan keutamaan arahan pada permukaan data. Beberapa kajian dibuat terhadap konflik aliran SDN bagi mengurangkan kesan konflik. Solusi konflik aliran dalam SDN mempunyai tiga kekurangan besar. Pertama, jadual Aliran Terbuka mungkin masih menyebabkan  kekurangan dalam modul keselamatan berdasarkan keutamaan dan tindakan persamaan dalam aliran terbuka permukaan kawalan. Kedua, pengesanan aliran konflik memerlukan lebih masa bagi pengesanan aliran dan peningkatan kemaskini, kerana setiap penangguhan memberi kesan terhadap kecekapan SDN. Selain itu, algoritma SDN dan mekanisme memerlukan memori yang agak besar bagi memproses arahan dan berfungsi dengan baik. Ketiga, kebanyakan algoritma dan kaedah pengesanan yang digunakan bagi mengelak konflik pengaliran tidak sepenuhnya dilindungi polisi model keselamatan. Oleh itu, kajian ini meneliti kekurangan dan memberi cadangan penambahbaikan bagi arah tuju kajian masa depan yang terbuka.

scholarly journals Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

2021 ◽  
Author(s):  
Md. Rayhan Ahmed ◽  
salekul Islam ◽  
Swakkhar Shatabda ◽  
A. K. M. Muzahidul Islam ◽  
Md. Towhidul Islam Robin
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Software Defined Networks ◽  
Control Plane ◽  
Data Plane ◽  
Benchmark Datasets ◽  
Comprehensive Survey

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier

2020 ◽  
pp. 1-20
Author(s):  
K. Muthamil Sudar ◽  
P. Deepalakshmi
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Network Architecture ◽  
Detection System ◽  
Software Defined Networking ◽  
Control Plane ◽  
Control Logic ◽  
Data Plane

Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.

Sign in / Sign up

Export Citation Format

Share Document