QoS Aware and Fault Tolerance Based Software-Defined Vehicular Networks Using Cloud-Fog Computing

Software-defined network (SDN) and vehicular ad-hoc network (VANET) combined provided a software-defined vehicular network (SDVN). To increase the quality of service (QoS) of vehicle communication and to make the overall process efficient, researchers are working on VANET communication systems. Current research work has made many strides, but due to the following limitations, it needs further investigation and research: Cloud computing is used for messages/tasks execution instead of fog computing, which increases response time. Furthermore, a fault tolerance mechanism is used to reduce the tasks/messages failure ratio. We proposed QoS aware and fault tolerance-based software-defined V vehicular networks using Cloud-fog computing (QAFT-SDVN) to address the above issues. We provided heuristic algorithms to solve the above limitations. The proposed model gets vehicle messages through SDN nodes which are placed on fog nodes. SDN controllers receive messages from nearby SDN units and prioritize the messages in two different ways. One is the message nature way, while the other one is deadline and size way of messages prioritization. SDN controller categorized in safety and non-safety messages and forward to the destination. After sending messages to their destination, we check their acknowledgment; if the destination receives the messages, then no action is taken; otherwise, we use a fault tolerance mechanism. We send the messages again. The proposed model is implemented in CloudSIm and iFogSim, and compared with the latest models. The results show that our proposed model decreased response time by 50% of the safety and non-safety messages by using fog nodes for the SDN controller. Furthermore, we reduced the execution time of the safety and non-safety messages by up to 4%. Similarly, compared with the latest model, we reduced the task failure ratio by 20%, 15%, 23.3%, and 22.5%.

Securing SDN-Enabled Smart Power Grids

Software-defined networking (SDN) provides flexibility in controlling, managing, and dynamically reconfiguring the distributed heterogeneous smart grid networks. Considerably less attention has been received to provide security in SDN-enabled smart grids. Centralized SDN controller protects smart grid networks against outside attacks only. Furthermore, centralized SDN controller suffers from a single point of compromise and failure which is detrimental to security and reliability. This chapter presents a framework with multiple SDN controllers and security controllers that provides a secure and robust smart grid architecture. The proposed framework deploys a local IDS to provide security in a substation. Whereas a global IDS is deployed to provide security in control center and overall smart grid network, it further verifies the consequences of control-commands issued by SDN controller and SCADA master. Performance comparison and simulation result show that the proposed framework is efficient as compared to existing security frameworks for SDN-enabled smart grids.

Design and Implementation of Distributed Controller Clustering for Solving the Issue of Single Failure in SDN Networks

Software-Defined Networks (SDN) It is a centralized control structure in the network that opens up new possibilities that did not exist before. The significant characteristic of this innovative approach is the focus on the capability of proposing networks of high dynamicity and programmability to transform the intelligence of underlying systems to the networks via controllers. The main issue of the SDN approach is found in its security, mainly due to its central-controlling architecture since the entire network is controlled from a central point. This makes it very vulnerable to single-point failure. In this paper, a fully Distributed SDN controller is proposed for solving the one point failure which exists within the single SDN controller. In general, the concept involves forming cluster of distributed controllers whereby each controller controls its domain and can thereby share the load within the network. The experimental results of the proposed system show an increase and enhancement in the performance of the network. The single-point failure issues have been overcome. The throughput of the proposed system increased with 20% while the packet loss rate was minimize with 33%.

Towards Countering the Insider Reconnaissance Using a Combination of Shuffling and Diversity Moving Target Defense Techniques

Moving Target Defense (MTD) has recently emerged as a significant cybersecurity technique. Software-Defined Networking (SDN) has the capability to design efficient network architecture due to its programmability and centralized control management. In this paper, a mechanism for the protection against insider reconnaissance has been proposed using a combination of diversity and a shuffling-based approach of MTD. In order to implement the shuffling technique, IP shuffling is used in the insider network. The IP addresses of internal hosts are mapped via real to virtual IP mapping through random IP generation from a pseudo-random mechanism. For the diversity, a multiple servers’ platform is incorporated for different critical LAN services like Domain Name System (DNS), internal web services, etc. This combined diversity and shuffling approach significantly counters the insider reconnaissance targeting critical LAN services. The proposed scheme also exploited open-source IDS to block insider reconnaissance. The proposed solution was implemented using ONOS SDN controller, Mininet simulator, Snort IDS systems. The experimental results substantiate effective protection against insider network reconnaissance at a low computational cost.

Achieving Effective Resource Management in Distributed SDN Controller Architectures

<p>As an emerging computer networking paradigm, Software-Defined Networking (SDN) empowers network operators with simplified network configuration and centralized network management. Recently, distributed controller architectures have become a notable invention where multiple controllers are jointly deployed in the network for request processing. One major research challenge for distributed controller architectures is to effectively manage the controller resources including allocating sufficient controllers to the suitable network locations and making the best use of the given controller resources. In general, existing approaches for managing the controller resources in the literature can be classified into three main directions. Designing new controller architectures belongs to the first direction, where the focus is on enabling workload shifting among controllers using switch migration. Designing controller placement algorithms to identify the number and locations of controllers is the second direction. Given the controller placement solution, the third direction is controller scheduling which aims to make the best use of the shared controllers by properly distributing requests among them. However, existing approaches have three major limitations. First, existing controller architectures feature a switch-controller binding which restricts the requests generated by a switch to only be processed by a predefined controller. Since each switch comes with different workload and the workload can be time-variant, the binding renders the bound controller susceptible to either being overloaded or underloaded. Second, existing placement algorithms have consistently underestimated the importance of controller scheduling. Due to the NP-hardness of the placement problem, Genetic Algorithm (GA) is a promising candidate. However, as a population-based approach, GA can be computationally expensive. Especially in a large network, the corresponding search space becomes too large for GA to handle effectively. Third, existing approaches for controller scheduling are mostly designed under the switch-controller binding constraint. When the scheduling is performed at a per-request level, the scheduling complexity increases significantly, rendering the efficiency and effectiveness of existing algorithms questionable. Apart from that, existing studies mainly focus on manually designing request dispatching policy which strongly relies on domain knowledge and involves a time-consuming fine-tuning process. The overall goal of this thesis is to effectively manage the controller resources in distributed SDN controller architectures. To address the three major limitations, three research objectives are established. First, this thesis aims to propose a new controller architecture to enable flexible controller placement and scheduling. Second, the thesis focuses on effectively and scalably identifying suitable controller placement while jointly taking the controller scheduling problem into consideration. Third, the thesis seeks to incorporate machine learning techniques in the request dispatching policy design to automatically learn adaptive and effective policies. To achieve the first objective, this thesis proposes a new BindingLess Architecture for distributed Controllers (BLAC) which features bindingless association between switches and controllers. With the newly introduced scheduling layer, requests can be transparently and flexibly dispatched among multiple controllers without invoking the time-consuming and complicated switch migration. Experiments conducted in this thesis show that BLAC significantly reduces the average response time and improves the throughput compared to existing SDN architectures. To achieve the second objective, this thesis proposes a Clustering-based Genetic Algorithm with Cooperative Clusters (CGA-CC) to tackle the controller placement problem. Particularly, CGA-CC partitions a large network into non-overlapping sub-networks to substantially reduce the search space of GA. Within each sub-network, GA is applied to identifying the placement solution. The quality of any given placement solution is evaluated by a gradient-descent-based scheduling algorithm which is developed to optimize the probability distribution of requests among all controllers. Moreover, a greedy load re-distribution mechanism is developed to handle unexpected demand variations by dynamically forwarding indigestible requests to adjacent sub-networks. Extensive simulations show that our algorithms can significantly outperform several existing and state-of-the-art algorithms and is more robust in handling unexpected traffic bursts. To achieve the third objective, this thesis proposes a Multi-Agent (MA) deep-reinforcement-learning-based approach with the aim to automatically learn adaptive, effective, and efficient policies used by each switch. In particular, a new adaptive policy representation is proposed to support networks with a changing number of controllers. To enable the training of an adaptive policy, a new policy gradient calculation technique is developed. Then the policy design problem is formulated as an MA Markov Decision Processing and a new MA training algorithm is proposed. The results show that the policy designed by our algorithm can easily adapt to networks with a changing number of controllers. Moreover, our policy can achieve significantly better performance compared with existing policies including the man-made policy (e.g., weighted round-robin), the model-based policy (e.g., the gradient-descent-based scheduling algorithm), and policies designed by other reinforcement learning algorithms (e.g., the proximal policy optimization algorithm).</p>

Achieving Effective Resource Management in Distributed SDN Controller Architectures

<p>As an emerging computer networking paradigm, Software-Defined Networking (SDN) empowers network operators with simplified network configuration and centralized network management. Recently, distributed controller architectures have become a notable invention where multiple controllers are jointly deployed in the network for request processing. One major research challenge for distributed controller architectures is to effectively manage the controller resources including allocating sufficient controllers to the suitable network locations and making the best use of the given controller resources. In general, existing approaches for managing the controller resources in the literature can be classified into three main directions. Designing new controller architectures belongs to the first direction, where the focus is on enabling workload shifting among controllers using switch migration. Designing controller placement algorithms to identify the number and locations of controllers is the second direction. Given the controller placement solution, the third direction is controller scheduling which aims to make the best use of the shared controllers by properly distributing requests among them. However, existing approaches have three major limitations. First, existing controller architectures feature a switch-controller binding which restricts the requests generated by a switch to only be processed by a predefined controller. Since each switch comes with different workload and the workload can be time-variant, the binding renders the bound controller susceptible to either being overloaded or underloaded. Second, existing placement algorithms have consistently underestimated the importance of controller scheduling. Due to the NP-hardness of the placement problem, Genetic Algorithm (GA) is a promising candidate. However, as a population-based approach, GA can be computationally expensive. Especially in a large network, the corresponding search space becomes too large for GA to handle effectively. Third, existing approaches for controller scheduling are mostly designed under the switch-controller binding constraint. When the scheduling is performed at a per-request level, the scheduling complexity increases significantly, rendering the efficiency and effectiveness of existing algorithms questionable. Apart from that, existing studies mainly focus on manually designing request dispatching policy which strongly relies on domain knowledge and involves a time-consuming fine-tuning process. The overall goal of this thesis is to effectively manage the controller resources in distributed SDN controller architectures. To address the three major limitations, three research objectives are established. First, this thesis aims to propose a new controller architecture to enable flexible controller placement and scheduling. Second, the thesis focuses on effectively and scalably identifying suitable controller placement while jointly taking the controller scheduling problem into consideration. Third, the thesis seeks to incorporate machine learning techniques in the request dispatching policy design to automatically learn adaptive and effective policies. To achieve the first objective, this thesis proposes a new BindingLess Architecture for distributed Controllers (BLAC) which features bindingless association between switches and controllers. With the newly introduced scheduling layer, requests can be transparently and flexibly dispatched among multiple controllers without invoking the time-consuming and complicated switch migration. Experiments conducted in this thesis show that BLAC significantly reduces the average response time and improves the throughput compared to existing SDN architectures. To achieve the second objective, this thesis proposes a Clustering-based Genetic Algorithm with Cooperative Clusters (CGA-CC) to tackle the controller placement problem. Particularly, CGA-CC partitions a large network into non-overlapping sub-networks to substantially reduce the search space of GA. Within each sub-network, GA is applied to identifying the placement solution. The quality of any given placement solution is evaluated by a gradient-descent-based scheduling algorithm which is developed to optimize the probability distribution of requests among all controllers. Moreover, a greedy load re-distribution mechanism is developed to handle unexpected demand variations by dynamically forwarding indigestible requests to adjacent sub-networks. Extensive simulations show that our algorithms can significantly outperform several existing and state-of-the-art algorithms and is more robust in handling unexpected traffic bursts. To achieve the third objective, this thesis proposes a Multi-Agent (MA) deep-reinforcement-learning-based approach with the aim to automatically learn adaptive, effective, and efficient policies used by each switch. In particular, a new adaptive policy representation is proposed to support networks with a changing number of controllers. To enable the training of an adaptive policy, a new policy gradient calculation technique is developed. Then the policy design problem is formulated as an MA Markov Decision Processing and a new MA training algorithm is proposed. The results show that the policy designed by our algorithm can easily adapt to networks with a changing number of controllers. Moreover, our policy can achieve significantly better performance compared with existing policies including the man-made policy (e.g., weighted round-robin), the model-based policy (e.g., the gradient-descent-based scheduling algorithm), and policies designed by other reinforcement learning algorithms (e.g., the proximal policy optimization algorithm).</p>

When Digital Twin Meets Network Softwarization in the Industrial IoT: Real-Time Requirements Case Study

The Industrial Internet of Things (IIoT) is known to be a complex system because of its severe constraints as it controls critical applications. It is difficult to manage such networks and keep control of all the variables impacting their operation during their whole lifecycle. Meanwhile, Digital Twinning technology has been increasingly used to optimize the performances of industrial systems and has been ranked as one of the top ten most promising technological trends in the next decade. Many Digital Twins of industrial systems exist nowadays but only few are destined to networks. In this paper, we propose a holistic digital twinning architecture for the IIoT where the network is integrated along with the other industrial components of the system. To do so, the concept of Network Digital Twin is introduced. The main motivation is to permit a closed-loop network management across the whole network lifecycle, from the design to the service phase. Our architecture leverages the Software Defined Networking (SDN) paradigm as an expression of network softwarization. Mainly, the SDN controller allows for setting up the connection between each Digital Twin of the industrial system and its physical counterpart. We validate the feasibility of the proposed architecture in the process of choosing the most suitable communication mechanism that satisfies the real-time requirements of a Flexible Production System.

Distributed Denial of Service Attacks Detection and Mitigation in Software Defined Mesh Networks

Networks configured in Mesh topology provide Network security in the form of redundancy of communication links. But redundancy also contributes to complexity in configuration and subsequent troubleshooting. Critical networks like Backbone Networks (used in Cloud Computing) deploy the Mesh topology which provides additional security in terms of redundancy to ensure availability of services. Distributed Denial of Service attacks are one of the most prominent attacks that cause an immense amount of loss of data as well as monetary losses to service providers. This paper proposes a method by which using SDN capabilities and sFlow-RT application, Distributed Denial of Service (DDoS) attacks is detected and consequently mitigated by using REST API to implement Policy Based Flow Management through the SDN Controller which will help in ensuring uninterrupted services in scenarios of such attacks and also further simply and enhance the management of Mesh architecture-based networks.

Detecting Malicious Switches for a Secure Software-defined Tactile Internet

The rapid development of the Internet of Things has led to demand for high-speed data transformation. Serving this purpose is the Tactile Internet, which facilitates data transfer in extra-low latency. In particular, a Tactile Internet based on software-defined networking (SDN) has been broadly deployed because of the proven benefits of SDN in flexible and programmable network management. However, the vulnerabilities of SDN also threaten the security of the Tactile Internet. Specifically, an SDN controller relies on the network status (provided by the underlying switches) to make network decisions, e.g., calculating a routing path to deliver data in the Tactile Internet. Hence, the attackers can compromise the switches to jeopardize the SDN and further attack Tactile Internet systems. For example, an attacker can compromise switches to launch distributed denial-of-service attacks to overwhelm the SDN controller, which will disrupt all the applications in the Tactile Internet. In pursuit of a more secure Tactile Internet, the problem of abnormal SDN switches in the Tactile Internet is analyzed in this article, including the cause of abnormal switches and their influences on different network layers. Then we propose an approach that leverages the messages sent by all switches to identify abnormal switches, which adopts a linear structure to store historical messages at a relatively low cost. By mapping each flow message to the flow establishment model, our method can effectively identify malicious SDN switches in the Tactile Internet and thus enhance its security.

Pro-Edge: A Programmable Edge Network Architecture for Industrial Internet of Things

Internet of Things (IoT) with edge computation enhances efficiency, safety, and availability of an industrial automation system. However, there is a continued effort to increase the reliability of the system with minimal downtime. This can be achieved through a modular, re-configurable, and integrable system design approach. In this paper, we propose Pro-Edge, a programmable edge network to reconfigure different services associated with industrial applications and networks. Pro-Edge employs programmable layers at the edge for re-configuring the sensor/actuator network and applications. The lowermost layer allows to reconfigure the communication related parameters and the middle layer consists of a Software-Defined Network (SDN) controller that can dynamically program different modules, handling actuation decisions from the edge. An interfacing protocol between the layers is proposed to provide reliability by considering the optimal configuration parameters among the layers. As a top-layer, a priority forwarding mechanism is designed for SDN core communication in case the sensor and actuator are in different edges. Pro-Edge significantly improves the actuation-latency and is highly energy efficient compared to the existing state-of-the-art.