Journal articles on the topic 'Programmable networking hardware'
To see the other types of publications on this topic, follow the link: Programmable networking hardware.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 45 journal articles for your research on the topic 'Programmable networking hardware.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Nagarjuna Reddy, Tella, and K. Annapurani Panaiyappan. "Intrusion Detection on Software Defined Networking." International Journal of Engineering & Technology 7, no. 3.12 (July 20, 2018): 330. http://dx.doi.org/10.14419/ijet.v7i3.12.16052.
Full textAbstract:
Software Defined Networking and programmability on network have established themselves as current trends in IT by bringing autonomous operation with dynamic flow to network. Networks must be programmable, and it must be aware of the application in order to operate autonomously. Networks need to evolve to catch up with the current trends without losing their current status and operation, reliability, robustness, or security, and without distorting current investments. SDN is a transpiring network architecture where network control plane is distinguished from data plane and by that the network is directly programmable. This control, was initially bound in every network devices, enabled in the network to be abstracted for applications and services. Security is a major challenge for organizational and campus networks. The future of Internet depends on virtualization which is to provide numerous networks hosted the same physical hardware. This proposal takes a great advantage of the programmability provided by SDN to utilize Intrusion Detection System.
2
Jepsen, Theo, Alberto Lerner, Fernando Pedone, Robert Soulé, and Philippe Cudré-Mauroux. "In-network support for transaction triaging." Proceedings of the VLDB Endowment 14, no. 9 (May 2021): 1626–39. http://dx.doi.org/10.14778/3461535.3461551.
Full textAbstract:
We introduce Transaction Triaging, a set of techniques that manipulate streams of transaction requests and responses while they travel to and from a database server. Compared to normal transaction streams, the triaged ones execute faster once they reach the database. The triaging algorithms do not interfere with the transaction execution nor require adherence to any particular concurrency control method, making them easy to port across database systems. Transaction Triaging leverages recent programmable networking hardware that can perform computations on in-flight data. We evaluate our techniques on an in-memory database system using an actual programmable hardware network switch. Our experimental results show that triaging brings enough performance gains to compensate for almost all networking overheads. In high-overhead network stacks such as UDP/IP, we see throughput improvements from 2.05X to 7.95X. In an RDMA stack, the gains range from 1.08X to 1.90X without introducing significant latency.
3
Jaziri, Ibtihel, Lotfi Charaabi, and Khaled Jelassi. "Remote web-based control laboratories using embedded Linux and field-programmable gate array." Proceedings of the Institution of Mechanical Engineers, Part I: Journal of Systems and Control Engineering 232, no. 9 (May 28, 2018): 1146–54. http://dx.doi.org/10.1177/0959651818776542.
Full textAbstract:
In this article, the authors present a new approach based on the hardware and software architecture using embedded Linux and field-programmable gate array for implementation of remote laboratories. It combines a set of software and hardware resources in the interest of offering a multidisciplinary low-cost open platform for engineering education. Thus, the proposed approach allows students to develop low-cost and easily programmable prototypes of electrical systems control, robotics, and other embedded devices that feature Internet connectivity, Input/output, networking, and operating systems. In the proposed work, the authors present a codesign solution with flexible hardware devices, providing characteristics of multipurpose use with many experimental devices, and fully configurable graphical user interface. The physical setup and communication principles of hardware architecture are based on two types of devices: the Beaglebone running embedded Linux operating system and the field-programmable logic gate array. The graphical user interface is designed as a web page based on HTML and PHP programming languages; this allows the teachers/students to control the system easily, parameterize, and observe the behavior of the controller/system remotely.
4
Fernández, Carolina, Sergio Giménez, Eduard Grasa, and Steve Bunch. "A P4-Enabled RINA Interior Router for Software-Defined Data Centers." Computers 9, no. 3 (September 2, 2020): 70. http://dx.doi.org/10.3390/computers9030070.
Full textAbstract:
The lack of high-performance RINA (Recursive InterNetwork Architecture) implementations to date makes it hard to experiment with RINA as an underlay networking fabric solution for different types of networks, and to assess RINA’s benefits in practice on scenarios with high traffic loads. High-performance router implementations typically require dedicated hardware support, such as FPGAs (Field Programmable Gate Arrays) or specialized ASICs (Application Specific Integrated Circuit). With the advance of hardware programmability in recent years, new possibilities unfold to prototype novel networking technologies. In particular, the use of the P4 programming language for programmable ASICs holds great promise for developing a RINA router. This paper details the design and part of the implementation of the first P4-based RINA interior router, which reuses the layer management components of the IRATI Linux-based RINA implementation and implements the data-transfer components using a P4 program. We also describe the configuration and testing of our initial deployment scenarios, using ancillary open-source tools such as the P4 reference test software switch (BMv2) or the P4Runtime API.
5
Reinehr Gobatto, Leonardo, Pablo Rodrigues, Mateus Saquetti Pereira de Carvalho Tirone, Weverton Luis da Costa Cordeiro, and José Rodrigo Furlanetto Azambuja. "Programmable Data Planes meets In-Network Computing: A Review of the State of the Art and Prospective Directions." Journal of Integrated Circuits and Systems 16, no. 2 (August 17, 2021): 1–8. http://dx.doi.org/10.29292/jics.v16i2.497.
Full textAbstract:
Improving network traffic in networks is one of the concerns between networking researchers and network operators since the architecture of modern networks still faces challenges to process large data traffic without the cost of consuming a significant amount of resources not related to computing specifically. On the other hand, network programmability has enabled the development of new applications and network services, from software-defined networking to domain-specific languages created to program network devices and specify their behavior. The development of programmable hardware and hardware accelerators like FPGAs, GPUs, and CPUs help this new paradigm go one step further. Use the artifact of programmability of these devices to solve problems, such as improve the processing of data traffic is the key of in-network computing. It offers the opportunity to execute programs typically running on end-hosts within programmable network devices already incorporated on the network, thus being capable of provides a reduction on the in-network processing load and requires no extra cost, since operations can be concluded using a fewer amount of devices of the network and no extra device are needed. In this paper, we survey in-network computing, as well as we suggest classifying related works to in-network computing according to the hardware accelerator used. Also, we discuss challenges and research directions.
6
Jipping, Michael J., Agata Bugaj, Liliyana Mihalkova, and Donald E. Porter. "Using Java to teach networking concepts with a programmable network sniffer." ACM SIGCSE Bulletin 35, no. 1 (January 11, 2003): 120–24. http://dx.doi.org/10.1145/792548.611948.
Full text
7
Tsai, Pang Wei, Hou Yi Chou, Mon Yen Luo, and Chu Sing Yang. "Design a Flexible Software Development Environment on NetFPGA Platform." Applied Mechanics and Materials 411-414 (September 2013): 1665–69. http://dx.doi.org/10.4028/www.scientific.net/amm.411-414.1665.
Full textAbstract:
Among numerous embedded platforms, NetFPGA provides developers with a freely programmable FPGA component to design custom functionalities in networking. However, most hardware projects are developed based on reference designs without embedded operating system. For hybrid developments on multi-layers, there will be some difficulties to apply. On the other hand, due to the limited resources on embedded platform, both performance and flexibility need to be concerned on implementation. And for networking processing, it is quite difficult to adjust control parameters without software environment. Therefore, this paper proposes an integrated architecture using PowerPC processor on NetFPGA and embedded Linux operating system on NetFPGA platform. This not only provides developers with an environment for software execution which added more flexibility, but also enhanced the system to provide more applied possibilities on development.
8
LY, SUNG, and ABBAS BIGDELI. "EXTENDABLE AND DYNAMICALLY RECONFIGURABLE MULTI-PROTOCOL FIREWALL." International Journal of Software Engineering and Knowledge Engineering 15, no. 02 (April 2005): 363–71. http://dx.doi.org/10.1142/s0218194005001926.
Full textAbstract:
Security issues within a networking environment are critical, as attacks or intrusions can come from many different sources. Firewalls are an effective tool used for intrusion detection and provide protection against attacks on a system or network. In the past, protection barriers for a local network have been provided using software solutions. Emerging multi-gigabit networking technology and the high uptake of gigabit Ethernet has rendered these solutions inefficient as it cannot cope with the high data rate. In this paper, a new approach using reconfigurable hardware such as Field Programmable Gate Arrays is proposed to provide the flexibility and performance required for a gigabit firewall. The solution is extendable, has low cost and is capable of scanning multiple protocols. The design approach will allow it to be easily ported over to another family of chips with no or minor modification.
9
Huang, LinYun, Young-Pil Lee, Yong-Seon Moon, and Young-Chul Bae. "Noble Implementation of Motor Driver with All Programmable SoC for Humanoid Robot or Industrial Device." International Journal of Humanoid Robotics 14, no. 04 (November 16, 2017): 1750028. http://dx.doi.org/10.1142/s0219843617500281.
Full textAbstract:
Currently, as the requirements for simple implementations in the motor control technologies increase, System-on-Chip (SoC) device such as Zynq All Programmable SoC was devised to meet those requirements. Because this CPU and FPGA can be assembled into one SoC device, we can consolidate motor-control functions and additional processing tasks into a single SoC device. The control algorithms, networking and other tasks, are off-loaded to the programmable logic that can include multiple control cores and multiple control system. This SoC system with a single chip can allow the hardware design with a single chip, hence, we can implement to control the motor to be simpler, more reliable, and less expensive. In this paper, in order to implement motor controller, we apply latest All Programmable SoC technologies for humanoid robot or industrial device that is integrated with FPGA technologies and embedded processor technologies. We also propose the structure of motor controller that decentralizes the function of motor driver from previous typical motor driver into FPGA and level of embedded processor by using All Programmable SoC for humanoid robot or industrial device. We verify the possibilities of applying the novel implemented motor controller in Zynq EPP (Extensible Processing Platform) which is one kind of All Programmable SoC made by Xilinx. To do this, we perform velocity control and position control with digital PI controller on the BLDC motor.
10
Kang, Liyi, Xiao Chen, and Jun Chen. "Design and Implementation of Enhanced Programmable Data Plane Supporting ICN Mobility." Electronics 11, no. 16 (August 12, 2022): 2524. http://dx.doi.org/10.3390/electronics11162524.
Full textAbstract:
Information-centric networking (ICN) separates the identifier and locator of network entities, providing a natural advantage in supporting mobility. To gain the advantage of ICN to support mobility, an urgent challenge is the problem of practical implementation with performance optimization. Software-defined networking (SDN) can be regarded as infrastructure to implement ICN mobility. However, it is difficult for the centralized SDN controller to quickly process mobile signaling. Therefore, this paper proposes enhanced programmable data plane supporting ICN mobility. By offloading mobility-related control plane functions from the controller to the data plane, the data plane can locally process mobile signaling without interacting with the controller. We propose an offloading mechanism for control plane functions, based on a rule table, where the controller authorizes the data plane to process the mobile signaling by loading the programmable rule table to data plane’s control element, and the control element intercepts the mobile signaling, matches the predefined rule table, and executes a series of application logic actions. In addition, we propose an improved SmartSplit algorithm to manage the rule table and speed up packets matching the rule table. Based on Intel’s Data Plane Development Kit (DPDK), we implement the enhanced programmable data plane. Our experimental results prove that the proposed enhanced programmable data plane has a stronger ability to process mobile signaling and reduce latency.
11
Lamonaca, Francesco, Domenico Luca Carnì, and Domenico Grimaldi. "Time coordination of standalone measurement instruments by synchronized triggering." ACTA IMEKO 4, no. 3 (September 27, 2015): 23. http://dx.doi.org/10.21014/acta_imeko.v4i3.259.
Full textAbstract:
<p>A Hardware Interface (HI) to synchronize the operations of standalone Measurement Instruments (MIs) in the absence of networking has been proposed in the recent literature. The synchronization accuracy achieved is one period of the clock equipping the HI. To improve the synchronization accuracy two solutions can be argued on the basis of the mathematical model of the delay between HIs. The first involves increasing the clock frequency; the second concerns the compensation of the phase delay between HI clocks. In this paper the second solution is adopted in order to: (i) reduce the energy consumption, and (ii) not increase the complexity of the hardware architecture. The phase delay compensation is obtained by introducing a programmable delay line after the HI clocks. The phase delay evaluation and the successive tuning of the delay line are performed in the synchronization phase of the HIs. Once synchronized, each HI is moved to the standalone MI to trigger it according to the common sense of time. During the execution of the measurement procedure, networking is not necessary. Experimental tests validate the correct operation of the upgraded HI architecture and indicate that the achievable synchronization accuracy is a low percentage of the HI clock period.</p>
12
Aras, Emekcan, Stéphane Delbruel, Fan Yang, Wouter Joosen, and Danny Hughes. "Chimera." ACM Transactions on Internet of Things 2, no. 2 (May 2021): 1–25. http://dx.doi.org/10.1145/3440995.
Full textAbstract:
The Internet of Things (IoT) is being deployed in an ever-growing range of applications, from industrial monitoring to smart buildings to wearable devices. Each of these applications has specific computational requirements arising from their networking, system security, and edge analytics functionality. This diversity in requirements motivates the need for adaptable end-devices, which can be re-configured and re-used throughout their lifetime to handle computation-intensive tasks without sacrificing battery lifetime. To tackle this problem, this article presents Chimera, a low-power platform for research and experimentation with reconfigurable hardware for the IoT end-devices. Chimera achieves flexibility and re-usability through an architecture based on a Flash Field Programmable Gate Array (FPGA) with a reconfigurable software stack that enables over-the-air hardware and software evolution at runtime. This adaptability enables low-cost hardware/software upgrades on the end-devices and an increased ability to handle computationally-intensive tasks. This article describes the design of the Chimera hardware platform and software stack, evaluates it through three application scenarios, and reviews the factors that have thus far prevented FPGAs from being utilized in IoT end-devices.
13
Alssaheli, Omran M. A., Z. Zainal Abidin, N. A. Zakaria, and Z. Abal Abas. "Implementation of Network Traffic Monitoring using Software Defined Networking Ryu Controller." WSEAS TRANSACTIONS ON SYSTEMS AND CONTROL 16 (May 25, 2021): 270–77. http://dx.doi.org/10.37394/23203.2021.16.23.
Full textAbstract:
Network traffic monitoring is vital for enhancing the overall network performance and for optimizing the traffic flows. However, an emerging growth of use in cloud services, internet-of-things, block-chain and data analytics, demand the hardware-based-network-controller to provide more features for expanding network architecture. Therefore, Software Defined Networking (SDN) offers a new solution in terms of scalability, usability and programmable software-based-network-controller for the legacy network infrastructure. In fact, SDN provides a dynamic platform for the network traffic monitoring using international standard. In this study, SDN setup and installation method uses a Mininet emulator containing a controller Ryu with switching hub component, OpenFlow switches, and nodes. The number of nodes is adding until reaches to 16 nodes and evaluated through different network scenarios (single, linear and tree topology). Findings show that the single topology gives a winning criterion compared to other topologies. SDN implementation is measured with performance parameters such as Throughput, Jitter, Bandwidth and Round-Trip Time between scenarios using the Ryu controller. Future research explores on the performance of SDN in larger network and investigates the efficiency and effectiveness of SDN implementation in mesh topology.
14
Wang, Shen, Jun Wu, Wu Yang, and Long-hua Guo. "Novel architectures and security solutions of programmable software-defined networking: a comprehensive survey." Frontiers of Information Technology & Electronic Engineering 19, no. 12 (December 2018): 1500–1521. http://dx.doi.org/10.1631/fitee.1800575.
Full text
15
Saleh, Zahraa, and Qahhar Qadir. "The Downside of Software-Defined Networking in Wireless Network." UKH Journal of Science and Engineering 4, no. 2 (December 31, 2020): 147–56. http://dx.doi.org/10.25079/ukhjse.v4n2y2020.pp147-156.
Full textAbstract:
Mobile traffic volumes have grown exponentially because of the increase in services and applications. Traditional networks are complex to manage because the forwarding, control, and management planes are all bundled together and, thus, administrators are supposed to deploy high-level policies, as each vendor has its own configuration methods. Software-Defined Networking (SDN) is considered the future paradigm of communication networks. It decouples control logic from its underlying hardware, thereby promoting logically centralized network control and making the network more programmable and easy to configure. Low-power wireless technologies are moving toward a multitenant and multiapplication Internet of Things (IoT), which requires an architecture with scalable, reliable, and configured solutions. However, employing an SDN-based centralized architecture in the environment of a low-power wireless IoT network introduces significant challenges, such as difficult-to-control traffic, unreliable links, network contention, and high associated overheads that can significantly affect the performance of the network. This paper is a contribution toward a performance evaluation for the use of SDN in wireless networking by evaluating the latency, packet drop ratio (PDR), data extraction rate (DER), and overheads. The results show that SDN adds a high percentage of overheads to the network, which is about 43% of the 57% user packets, and the DER drops when the number of mesh nodes are increased, in addition to the high loss that was observed for packets that traveled over more hops.
16
Laki, Sándor, Radostin Stoyanov, Dávid Kis, Robert Soulé, Péter Vörös, and Noa Zilberman. "P4Pi." ACM SIGCOMM Computer Communication Review 51, no. 3 (July 11, 2021): 17–21. http://dx.doi.org/10.1145/3477482.3477486.
Full textAbstract:
High level, network programming languages, like P4, enable students to gain hands-on experience in the structure of a switch or router. Students can implement the packet processing pipeline themselves, without prior knowledge of circuit design. However, when choosing a P4 programmable target for use in the classroom, instructors face a lack of options. On the one hand, software solutions, such as the behavioral model (BMv2) switch, are overly simplified and offer low performance. On the other hand, existing hardware solutions are closed source and expensive. In this paper, we present P4Pi, a new, low-cost, open-source hardware platform intended for networking education. P4Pi allows students to design and deploy P4-based network devices using the Raspberry Pi board, which has a price tag of less than many academic textbooks. We describe the high-level design of the P4Pi platform, offer some suggestions for how P4Pi could be used in the classroom, and present some additional use-cases for applications and functionality that could be developed using P4Pi.
17
Butun, Ismail, Yusuf Kursat Tuncel, and Kasim Oztoprak. "Application Layer Packet Processing Using PISA Switches." Sensors 21, no. 23 (November 30, 2021): 8010. http://dx.doi.org/10.3390/s21238010.
Full textAbstract:
This paper investigates and proposes a solution for Protocol Independent Switch Architecture (PISA) to process application layer data, enabling the inspection of application content. PISA is a novel approach in networking where the switch does not run any embedded binary code but rather an interpreted code written in a domain-specific language. The main motivation behind this approach is that telecommunication operators do not want to be locked in by a vendor for any type of networking equipment, develop their own networking code in a hardware environment that is not governed by a single equipment manufacturer. This approach also eases the modeling of equipment in a simulation environment as all of the components of a hardware switch run the same compatible code in a software modeled switch. The novel techniques in this paper exploit the main functions of a programmable switch and combine the streaming data processor to create the desired effect from a telecommunication operator perspective to lower the costs and govern the network in a comprehensive manner. The results indicate that the proposed solution using PISA switches enables application visibility in an outstanding performance. This ability helps the operators to remove a fundamental gap between flexibility and scalability by making the best use of limited compute resources in application identification and the response to them. The experimental study indicates that, without any optimization, the proposed solution increases the performance of application identification systems 5.5 to 47.0 times. This study promises that DPI, NGFW (Next-Generation Firewall), and such application layer systems which have quite high costs per unit traffic volume and could not scale to a Tbps level, can be combined with PISA to overcome the cost and scalability issues.
18
Bandura, K., A. N. Bender, J. F. Cliche, T. de Haan, M. A. Dobbs, A. J. Gilbert, S. Griffin, et al. "ICE: A Scalable, Low-Cost FPGA-Based Telescope Signal Processing and Networking System." Journal of Astronomical Instrumentation 05, no. 04 (December 2016): 1641005. http://dx.doi.org/10.1142/s2251171716410051.
Full textAbstract:
We present an overview of the ‘ICE’ hardware and software framework that implements large arrays of interconnected field-programmable gate array (FPGA)-based data acquisition, signal processing and networking nodes economically. The system was conceived for application to radio, millimeter and sub-millimeter telescope readout systems that have requirements beyond typical off-the-shelf processing systems, such as careful control of interference signals produced by the digital electronics, and clocking of all elements in the system from a single precise observatory-derived oscillator. A new generation of telescopes operating at these frequency bands and designed with a vastly increased emphasis on digital signal processing to support their detector multiplexing technology or high-bandwidth correlators — data rates exceeding a terabyte per second — are becoming common. The ICE system is built around a custom FPGA motherboard that makes use of an Xilinx Kintex-7 FPGA and ARM-based co-processor. The system is specialized for specific applications through software, firmware and custom mezzanine daughter boards that interface to the FPGA through the industry-standard FPGA mezzanine card (FMC) specifications. For high density applications, the motherboards are packaged in 16-slot crates with ICE backplanes that implement a low-cost passive full-mesh network between the motherboards in a crate, allow high bandwidth interconnection between crates and enable data offload to a computer cluster. A Python-based control software library automatically detects and operates the hardware in the array. Examples of specific telescope applications of the ICE framework are presented, namely the frequency-multiplexed bolometer readout systems used for the South Pole Telescope (SPT) and Simons Array and the digitizer, F-engine, and networking engine for the Canadian Hydrogen Intensity Mapping Experiment (CHIME) and Hydrogen Intensity and Real-time Analysis eXperiment (HIRAX) radio interferometers.
19
Jalowski, Łukasz, Marek Zmuda, and Mariusz Rawski. "A Survey on Moving Target Defense for Networks: A Practical View." Electronics 11, no. 18 (September 12, 2022): 2886. http://dx.doi.org/10.3390/electronics11182886.
Full textAbstract:
The static nature of many of currently used network systems has multiple practical benefits, including cost optimization and ease of deployment, but it makes them vulnerable to attackers who can observe from the shadows to gain insight before launching a devastating attack against the infrastructure. Moving target defense (MTD) is one of the emerging areas that promises to protect against this kind of attack by continuously shifting system parameters and changing the attack surface of protected systems. The emergence of network functions virtualization (NFV) and software-defined networking (SDN) technology allows for the implementation of very sophisticated MTD techniques. Furthermore, the introduction of such solutions as field-programmable gate array (FPGA) programmable acceleration cards makes it possible to take the MTD concept to the next level. Applying hardware acceleration to existing concepts or developing new, dedicated methods will offer more robust, efficient, and secure solutions. However, to the best of the authors’ knowledge, there are still no major implementations of MTD schemes inside large-scale networks. This survey aims to understand why, by analyzing research made in the field of MTD to show current pitfalls and possible improvements that need to be addressed in future proposals to make MTD a viable solution to address current cybersecurity threats in real-life scenarios.
20
Al-Aqrabi, Hussain, Anju P. Johnson, Richard Hill, Phil Lane, and Tariq Alsboui. "Hardware-Intrinsic Multi-Layer Security: A New Frontier for 5G Enabled IIoT." Sensors 20, no. 7 (March 31, 2020): 1963. http://dx.doi.org/10.3390/s20071963.
Full textAbstract:
The introduction of 5G communication capabilities presents additional challenges for the development of products and services that can fully exploit the opportunities offered by high bandwidth, low latency networking. This is particularly relevant to an emerging interest in the Industrial Internet of Things (IIoT), which is a foundation stone of recent technological revolutions such as Digital Manufacturing. A crucial aspect of this is to securely authenticate complex transactions between IIoT devices, whilst marshalling adversarial requests for system authorisation, without the need for a centralised authentication mechanism which cannot scale to the size needed. In this article we combine Physically Unclonable Function (PUF) hardware (using Field Programmable Gate Arrays—FPGAs), together with a multi-layer approach to cloud computing from the National Institute of Standards and Technology (NIST). Through this, we demonstrate an approach to facilitate the development of improved multi-layer authentication mechanisms. We extend prior work to utilise hardware security primitives for adversarial trojan detection, which is inspired by a biological approach to parameter analysis. This approach is an effective demonstration of attack prevention, both from internal and external adversaries. The security is further hardened through observation of the device parameters of connected IIoT equipment. We demonstrate that the proposed architecture can service a significantly high load of device authentication requests using a multi-layer architecture in an arbitrarily acceptable time of less than 1 second.
21
Jing, Linan, Xiao Chen, and Jinlin Wang. "Design and Implementation of Programmable Data Plane Supporting Multiple Data Types." Electronics 10, no. 21 (October 28, 2021): 2639. http://dx.doi.org/10.3390/electronics10212639.
Full textAbstract:
Software-defined networking (SDN) separates the control plane and the data plane, which provides network applications with global network topology and the flexibility to customize packet forwarding rules. SDN has a wide range of innovative applications in 5G, Internet of Things, and information center networks. However, the match-action programming model represented by OpenFlow/Protocol Oblivious Forwarding (POF) in SDN can only process limited types of data such as packets and metadata, making it hard to fulfill future network applications. In this paper, data type and data location are added in the matching fields and actions to make the match-action table (MAT) compatible with multiple types of data, hence improving the data plane’s programmability. Data type helps the MAT to perceive multiple types of data, allowing them to be processed by a single MAT. Data location allows MAT to be decoupled from data meaning, quickly locating specific data in the switch. Based on Intel’s Data Plane Development Kit (DPDK), we design and implement a pipeline that is compatible with multiple types of data processing. Protocol and data type oblivious match-action tables and atomic instructions are included in the pipeline. Experiments show that representing data with data type and data location makes the pipeline compatible with multiple types of data without sacrificing forwarding performance, fulfilling the needs of network applications to handle a variety of types of data while avoiding repeating hardware design.
22
Kamel, Hasan, and Mahmood Zaki Abdullah. "A new approach of extremely randomized trees for attacks detection in software defined network." Indonesian Journal of Electrical Engineering and Computer Science 28, no. 3 (October 7, 2022): 1613. http://dx.doi.org/10.11591/ijeecs.v28.i3.pp1613-1620.
Full textAbstract:
Software defined networking (SDN) is the networking model which has completely changed the network through attempting to make devices of network programmable. SDN enables network engineers to manage networks more quickly, control networks from a centralized location, detect abnormal traffic, and distinguish link failures in efficient way. Aside from the flexibility introduced by SDN, also it is prone to attacks like distributed denial of service attacks (DDoS), that could bring the entire network to a halt. To reduce this threat, the paper introduces machine learning model to distinguish legitimate traffic from DDoS traffic. After preprocessing phase to dataset, the traffic is classified into one of the classes. We achieved an accuracy score of 99.95% by employing an optimized extremely randomized trees (ERT) classifier, as described in the paper. As a result, the goal of traffic flow classification using machine learning techniques was achieved.
23
Loehr, Devon, and David Walker. "Safe, modular packet pipeline programming." Proceedings of the ACM on Programming Languages 6, POPL (January 16, 2022): 1–28. http://dx.doi.org/10.1145/3498699.
Full textAbstract:
The P4 language and programmable switch hardware, like the Intel Tofino, have made it possible for network engineers to write new programs that customize operation of computer networks, thereby improving performance, fault-tolerance, energy use, and security. Unfortunately, possible does not mean easy —there are many implicit constraints that programmers must obey if they wish their programs to compile to specialized networking hardware. In particular, all computations on the same switch must access data structures in a consistent order, or it will not be possible to lay that data out along the switch’s packet-processing pipeline. In this paper, we define Lucid 2.0, a new language and type system that guarantees programs access data in a consistent order and hence are pipeline-safe . Lucid 2.0 builds on top of the original Lucid language, which is also pipeline-safe, but lacks the features needed for modular construction of data structure libraries. Hence, Lucid 2.0 adds (1) polymorphism and ordering constraints for code reuse; (2) abstract, hierarchical pipeline locations and data types to support information hiding; (3) compile-time constructors, vectors and loops to allow for construction of flexible data structures; and (4) type inference to lessen the burden of program annotations. We develop the meta-theory of Lucid 2.0, prove soundness, and show how to encode constraint checking as an SMT problem. We demonstrate the utility of Lucid 2.0 by developing a suite of useful networking libraries and applications that exploit our new language features, including Bloom filters, sketches, cuckoo hash tables, distributed firewalls, DNS reflection defenses, network address translators (NATs) and a probabilistic traffic monitoring service.
24
Lee, Kyungwoon, Chiyoung Lee, Cheol-Ho Hong, and Chuck Yoo. "Enhancing the Isolation and Performance of Control Planes for Fog Computing." Sensors 18, no. 10 (September 28, 2018): 3267. http://dx.doi.org/10.3390/s18103267.
Full textAbstract:
Fog computing, which places computing resources close to IoT devices, can offer low latency data processing for IoT applications. With software-defined networking (SDN), fog computing can enable network control logics to become programmable and run on a decoupled control plane, rather than on a physical switch. Therefore, network switches are controlled via the control plane. However, existing control planes have limitations in providing isolation and high performance, which are crucial to support multi-tenancy and scalability in fog computing. In this paper, we present optimization techniques for Linux to provide isolation and high performance for the control plane of SDN. The new techniques are (1) separate execution environment (SE2), which separates the execution environments between multiple control planes, and (2) separate packet processing (SP2), which reduces the complexity of the existing network stack in Linux. We evaluate the proposed techniques on commodity hardware and show that the maximum performance of a control plane increases by four times compared to the native Linux while providing strong isolation.
25
Manzanares-Lopez, Pilar, Juan Pedro Muñoz-Gea, and Josemaria Malgosa-Sanahuja. "P4-KBR: A Key-Based Routing System for P4-Programmable Networks." Electronics 10, no. 13 (June 25, 2021): 1543. http://dx.doi.org/10.3390/electronics10131543.
Full textAbstract:
Software-defined networking (SDN) architecture has provided well-known advantages in terms of network programmability, initially offering a standard, open, and vendor-agnostic interface (e.g., OpenFlow) to instruct the forwarding behavior of network devices from different vendors. However, in the last few years, data plane programmability has emerged as a promising approach to extend the network management allowing the definition and programming of customized and non-standardized protocols, as well as specific packet processing pipelines. In this paper, we propose an in-network key-based routing protocol called P4-KBR, in which end-points (hosts, contents or services) are identified by virtual identifiers (keys) instead of IP addresses, and where P4 network elements are programmed to be able to route the packets adequately. The proposal was implemented and evaluated using bmv2 P4 switches, verifying how data plane programmability offers a powerful tool to overcome continuing challenges that appear in SDN networks.
26
Cao, Zhuang, Huiguo Zhang, Junnan Li, Mei Wen, and Chunyuan Zhang. "A Fast Approach for Generating Efficient Parsers on FPGAs." Symmetry 11, no. 10 (October 10, 2019): 1265. http://dx.doi.org/10.3390/sym11101265.
Full textAbstract:
The development of modern networking requires that high-performance network processors be designed quickly and efficiently to support new protocols. As a very important part of the processor, the parser parses the headers of the packets—this is the precondition for further processing and finally forwarding these packets. This paper presents a framework designed to transform P4 programs to VHDL and to generate parsers on Field Programmable Gate Arrays (FPGAs). The framework includes a pipeline-based hardware architecture and a back-end compiler. The hardware architecture comprises many components with varying functionality, each of which has its own optimized VHDL template. By using the output of a standard frontend P4 compiler, our proposed compiler extracts the parameters and relationships from within the used components, which can then be mapped to corresponding templates by configuring, optimizing, and instantiating them. Finally, these templates are connected to output VHDL code. When a prototype of this framework is implemented and evaluated, the results demonstrate that the throughputs of the generated parsers achieve nearly 320 Gbps at a clock rate of around 300 MHz. Compared with state-of-the-art solutions, our proposed parsers achieve an average of twice the throughput when similar amounts of resources are being used.
27
Jasem Altamemi, Abbas, Aladdin Abdulhassan, and Nawfal Turki Obeis. "DDoS attack detection in software defined networking controller using machine learning techniques." Bulletin of Electrical Engineering and Informatics 11, no. 5 (October 1, 2022): 2836–44. http://dx.doi.org/10.11591/eei.v11i5.4155.
Full textAbstract:
The term software defined networking (SDN) is a network model that contributes to redefining the network characteristics by making the components of this network programmable, monitoring the network faster and larger, operating with the networks from a central location, as well as the possibility of detecting fraudulent traffic and detecting special malfunctions in a simple and effective way. In addition, it is the land of many security threats that lead to the complete suspension of this network. To mitigate this attack this paper based on the use of machine learning techniques contribute to the rapid detection of these attacks and methods were evaluated detecting DDoS attacks and choosing the optimum accuracy for classifying these types within the SDN, the results showed that the proposed system provides the better results of accuracy to detect the DDos attack in SDN network as 99.90% accuracy of Decision Tree (DT) algorithm.
28
Zha, Yuli, Pengshuai Cui, Yuxiang Hu, Lei Xue, Julong Lan, and Yu Wang. "An NDN Cache-Optimization Strategy Based on Dynamic Popularity and Replacement Value." Electronics 11, no. 19 (September 22, 2022): 3014. http://dx.doi.org/10.3390/electronics11193014.
Full textAbstract:
Aiming at examining the problems of the low cache hit ratio and high-average routing hops in named data networking (NDN), this paper proposes a cache-optimization strategy based on dynamic popularity and replacement value. When the requested content arrives at the routing node, the latest popularity is calculated based on the number of requests in the current cycle and the popularity of the previous cycle. We adjust the node cache threshold according to the occupation of the node cache space and cache the content with a higher popularity than the threshold. When the cache is complete, the cache-optimization strategy considers the last request time, popularity, and transmission cost of cached content to calculate the replacement value of cached content. We move the content with the lowest replacement value out of the cache, and keep the content with a high replacement value. We deploy the proposed cache-optimization strategy by using a programmable language in a real network with programmable devices. The experimental results illustrate that the strategy proposed in this paper can effectively improve the cache hit ratio and reduce the average routing hops for user request responses compared with other traditional NDN caching strategies.
29
Kareem, Mohammed Ibrahim, and Mahdi Nsaif Jasim. "Entropy-based distributed denial of service attack detection in software-defined networking." Indonesian Journal of Electrical Engineering and Computer Science 27, no. 3 (September 1, 2022): 1542. http://dx.doi.org/10.11591/ijeecs.v27.i3.pp1542-1549.
Full textAbstract:
Software defined networking (SDN) is a new network architecture that allows for centralized network control. The separation of the data plane from the control plane, which establishes a programmable network environment, is the key breakthrough underpinning SDN. The controller facilitates the deployment of services that specify control policies and delivers these rules to the data plane using a common protocol such as OpenFlow at the control plane. Despite the many advantages of this design, SDN security remains a worry because the aforementioned chapter expands the network's attack surface. In fact, denial of service (DoS) assaults pose a significant threat to SDN settings in a variety of ways, owing to flaws in the data and control layers. This work shows how distributed denial of service (DDoS) attack detection is based on the entropy variation of the destination IP address. The study takes advantage of the OpenFlow protocol's (OFP) flexibility and an OpenFlow controller (POX) to apply the proposed method. An entropy computation to determine the distributed features of DDoS traffic is developed and it is capable of detecting a user datagram protocol (UDP) flood attack after 0.445 seconds this type of attack occurred.
30
Jiménez-Lázaro, Manuel, Juan Luis Herrera, Javier Berrocal, and Jaime Galán-Jiménez. "Improving the Energy Efficiency of Software-Defined Networks through the Prediction of Network Configurations." Electronics 11, no. 17 (August 31, 2022): 2739. http://dx.doi.org/10.3390/electronics11172739.
Full textAbstract:
During the last years, huge efforts have been conducted to reduce the Information and Communication Technology (ICT) sector energy consumption due to its impact on the carbon footprint, in particular, the one coming from networking equipment. Although the irruption of programmable and softwarized networks has opened new perspectives to improve the energy-efficient solutions already defined for traditional IP networks, the centralized control of the Software-Defined Networking (SDN) paradigm entails an increase in the time required to compute a change in the network configuration and the corresponding actions to be carried out (e.g., installing/removing rules, putting links to sleep, etc.). In this paper, a Machine Learning solution based on Logistic Regression is proposed to predict energy-efficient network configurations in SDN. This solution does not require executing optimal or heuristic solutions at the SDN controller, which otherwise would result in higher computation times. Experimental results over a realistic network topology show that our solution is able to predict network configurations with a high feasibility (>95%), hence improving the energy savings achieved by a benchmark heuristic based on Genetic Algorithms. Moreover, the time required for computation is reduced by a factor of more than 500,000 times.
31
Algarni, Sultan, Fathy Eassa, Khalid Almarhabi, Abdullah Algarni, and Aiiad Albeshri. "BCNBI: A Blockchain-Based Security Framework for Northbound Interface in Software-Defined Networking." Electronics 11, no. 7 (March 23, 2022): 996. http://dx.doi.org/10.3390/electronics11070996.
Full textAbstract:
Software-defined networking (SDN) has emerged as a flexible and programmable network architecture that takes advantage of the benefits of global visibility and centralized control over a network. One of the main properties of the SDN architecture is the ability to offer a northbound interface (NBI), which enables network applications to access the SDN controller resources. However, the NBI can be compromised by a malicious application due to the lack of standardization and security aspects in the most current NBI designs. Therefore, in this paper, we propose a novel comprehensive security solution for securing the application–controller interface, named BCNBI. We propose a controller-independent lightweight blockchain architecture and exploit the security features of blockchain while limiting the blockchain’s computational overhead. BCNBI automatically verifies application and SDN controller credentials through token-based authentication. The proposed solution enforces fine-grained access control for each application’s API request and classifies the permission set into strict and normal policies, in order to add an extra level of security. In addition, the trustworthiness of applications is evaluated in order to prevent malicious activities. We implemented our blockchain-based solution to analyze its security, based on the confidentiality–integrity–availability model criteria, and evaluated the introduced overhead in terms of processing time and packet overhead. The experimental results demonstrate that the BCNBI can effectively secure the NBI, based on the fundamental security goals, while introducing insignificant overhead.
32
Bandura, K., J. F. Cliche, M. A. Dobbs, A. J. Gilbert, D. Ittah, J. Mena Parra, and G. Smecher. "ICE-Based Custom Full-Mesh Network for the CHIME High Bandwidth Radio Astronomy Correlator." Journal of Astronomical Instrumentation 05, no. 04 (December 2016): 1641004. http://dx.doi.org/10.1142/s225117171641004x.
Full textAbstract:
New generation radio interferometers encode signals from thousands of antenna feeds across large bandwidth. Channelizing and correlating this data requires networking capabilities that can handle unprecedented data rates with reasonable cost. The Canadian Hydrogen Intensity Mapping Experiment (CHIME) correlator processes 8-bits from [Formula: see text] digitizer inputs across 400[Formula: see text]MHz of bandwidth. Measured in [Formula: see text] bandwidth, it is the largest radio correlator that is currently commissioning. Its digital back-end must exchange and reorganize the 6.6[Formula: see text]terabit/s produced by its 128 digitizing and channelizing nodes, and feed it to the 256 graphics processing unit (GPU) node spatial correlator in a way that each node obtains data from all digitizer inputs but across a small fraction of the bandwidth (i.e. ‘corner-turn’). In order to maximize performance and reliability of the corner-turn system while minimizing cost, a custom networking solution has been implemented. The system makes use of Field Programmable Gate Array (FPGA) transceivers to implement direct, passive copper, full-mesh, high speed serial connections between sixteen circuit boards in a crate, to exchange data between crates, and to offload the data to a cluster of 256 GPU nodes using standard 10[Formula: see text]Gbit/s Ethernet links. The GPU nodes complete the corner-turn by combining data from all crates and then computing visibilities. Eye diagrams and frame error counters confirm error-free operation of the corner-turn network in both the currently operating CHIME Pathfinder telescope (a prototype for the full CHIME telescope) and a representative fraction of the full CHIME hardware providing an end-to-end system validation. An analysis of an equivalent corner-turn system built with Ethernet switches instead of custom passive data links is provided.
33
Hagos, Desta Haileselassie. "Software-Defined Networking for Scalable Cloud-based Services to Improve System Performance of Hadoop-based Big Data Applications." International Journal of Grid and High Performance Computing 8, no. 2 (April 2016): 1–22. http://dx.doi.org/10.4018/ijghpc.2016040101.
Full textAbstract:
The rapid growth of Cloud Computing has brought with it major new challenges in the automated manageability, dynamic network reconfiguration, provisioning, scalability and flexibility of virtual networks. OpenFlow-enabled Software-Defined Networking (SDN) alleviates these key challenges through the abstraction of lower level functionality that removes the complexities of the underlying hardware by separating the data and control planes. SDN has an efficient, dynamic, automated network management, higher availability and application provisioning through programmable interfaces which are very critical for flexible and scalable cloud-based services. In this study, the author explores broadly useful open technologies and methodologies for applying an OpenFlow-enabled SDN to scalable cloud-based services and a variety of diverse applications. The approach in this paper introduces new research challenges in the design and implementation of advanced techniques for bringing an SDN-enabled components and big data applications into a cloud environment in a dynamic setting. Some of these challenges become pressing concerns to cloud providers when managing virtual networks and data centers, while others complicate the development and deployment of cloud-hosted applications from the perspective of developers and end users. However, the growing demand for manageable, scalable and flexible clouds necessitates that effective solutions to these challenges be found. Hence, through real-world research validation use cases, this paper aims at exploring useful mechanisms for the role and potential of an OpenFlow-enabled SDN and its direct benefit for scalable cloud-based services. Finally, it demonstrates the impact of an OpenFlow-enabled SDN that fully embraces the opportunities and challenges of cloud infrastructures to improve the system performance of Hadoop-based big data applications by utilizing the network control capabilities of an OpenFlow to solve network congestion.
34
Tonkal, Özgür, Hüseyin Polat, Erdal Başaran, Zafer Cömert, and Ramazan Kocaoğlu. "Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking." Electronics 10, no. 11 (May 21, 2021): 1227. http://dx.doi.org/10.3390/electronics10111227.
Full textAbstract:
The Software-Defined Network (SDN) is a new network paradigm that promises more dynamic and efficiently manageable network architecture for new-generation networks. With its programmable central controller approach, network operators can easily manage and control the whole network. However, at the same time, due to its centralized structure, it is the target of many attack vectors. Distributed Denial of Service (DDoS) attacks are the most effective attack vector to the SDN. The purpose of this study is to classify the SDN traffic as normal or attack traffic using machine learning algorithms equipped with Neighbourhood Component Analysis (NCA). We handle a public “DDoS attack SDN Dataset” including a total of 23 features. The dataset consists of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) normal and attack traffics. The dataset, including more than 100 thousand recordings, has statistical features such as byte_count, duration_sec, packet rate, and packet per flow, except for features that define source and target machines. We use the NCA algorithm to reveal the most relevant features by feature selection and perform an effective classification. After preprocessing and feature selection stages, the obtained dataset was classified by k-Nearest Neighbor (kNN), Decision Tree (DT), Artificial Neural Network (ANN), and Support Vector Machine (SVM) algorithms. The experimental results show that DT has a better accuracy rate than the other algorithms with 100% classification achievement.
35
Christensen, Niels, Mark Glavind, Stefan Schmid, and Jiří Srba. "Latte." ACM SIGMETRICS Performance Evaluation Review 48, no. 3 (March 5, 2021): 14–26. http://dx.doi.org/10.1145/3453953.3453957.
Full textAbstract:
Emerging software-defined and programmable networking technologies enable more adaptive communication infrastructures. However, leveraging these flexibilities and operating networks more adaptively is challenging, as the underlying infrastructure remains a complex distributed system that is a subject to delays, and as consistency properties need to be preserved transiently, even during network reconfiguration. Motivated by these challenges, we propose Latte, an automated approach to minimize the latency of network update schedules by avoiding unnecessary waiting times and exploiting concurrency, while at the same time provably ensuring a wide range of fundamental consistency properties like waypoint enforcement. To enable automated reasoning about the performance and consistency of software-defined networks during an update, we introduce the model of timed-arc colored Petri nets: an extension of Petri nets which allows us to account for time aspects in asynchronous networks, including characteristic timing behaviors, modeled as timed and colored tokens. This novel formalism may be of independent interest. Latte relies on an efficient translation of specific network update problems into timed-arc colored Petri nets. We show that the constructed nets can be analyzed efficiently via their unfolding into existing timed-arc Petri nets. We integrate Latte into the state-of-the-art model checking tool TAPAAL, and find that in many cases, we are able to reduce the latency of network updates by 90% or more.
36
Wang, Ke, Zhichuan Guo, Mangu Song, and Meng Sha. "100 Gbps Dynamic Extensible Protocol Parser Based on an FPGA." Electronics 11, no. 9 (May 7, 2022): 1501. http://dx.doi.org/10.3390/electronics11091501.
Full textAbstract:
In order to facilitate the transition between networks and the integration of heterogeneous networks, the underlying link design of the current mainstream Information-Centric Networking (ICN) still considers the characteristics of the general network and extends the customized ICN protocol on this basis. This requires that the network transmission equipment can not only distinguish general network packets but also support the identification of ICN-specific protocols. However, traditional network protocol parsers are designed for specific network application scenarios, and it is difficult to flexibly expand new protocol parsing rules for different ICN network architectures. For this reason, we propose a general dynamic extensible protocol parser deployed on FPGA, which supports the real-time update of network protocol parsing rules by configuring extended protocol descriptors. At the same time, the multi-queue protocol management mechanism is adopted to realize the grouping management and rapid parsing of the extended protocol. The results demonstrate that the method can effectively support the protocol parsing of 100 Gbps high-speed network data packets and can dynamically update the protocol parsing rules under ultra-low latency. Compared with the current commercial programmable network equipment, this solution improves the protocol update efficiency by several orders of magnitude and better supports the online updating of network equipment.
37
Hadi Saleh, Hassan, Israa Adnan Mishkal, and Dheyab Salman Ibrahim. "Controller placement problem in software defined networks." Indonesian Journal of Electrical Engineering and Computer Science 27, no. 3 (September 1, 2022): 1704. http://dx.doi.org/10.11591/ijeecs.v27.i3.pp1704-1711.
Full textAbstract:
<span>The requirements <span>for the network are increasing by the expanding and spreading the Internet. The Previous techniques of the network do not meet the modern needs, thus, a new technical presents software-defined networking (SDN). SDN recognizes as a promising new model that separates the control plane (traffic routing and network topology) from the data plane (network architecture layers). The architecture of SDN has some features that find in a single controller or many controllers instance of programmable, flexible, and scalable. In the current SDN, multiple controllers are essential. Therefore, the optimal number of the controllers and their locations is the most significant challenge, known as the controller placement problem (CPP). It deploys the optimal number of controllers within the network while meeting presentations requirements considered conflicting in nature example: credibility, load balancing, latency, energy efficiency, and computation time. Many studies researched the ways to develop solutions for improving scalability, place selection for SDN. This paper presents the CPP and gives a comprehensive review of SDN issues based on the recent well-known research to extract available solution strategies. Finally, it discusses the limitations and future study directions that can support researchers in this field.</span></span>
38
Tian, Zhenyu, Jiali You, and Hong Ni. "M-Emu: A Platform for Multicast Emulation." Electronics 11, no. 7 (April 6, 2022): 1152. http://dx.doi.org/10.3390/electronics11071152.
Full textAbstract:
Network layer multicast research is an important field of network research that requires simulators or emulators to support Software-Defined Networking (SDN) as well as to provide a specific structure at the network layer to facilitate packet forwarding, such as a multicast tree. The existing emulation platforms cannot effectively support the emulation of certain key multicast technologies, such as the Grafting Point (GP)-selection method and Rendezvous Point (RP)-selection method, for the following reasons: First, the programmable data plane of the existing emulation platform has many defects, such as the inability to process packet scheduling tasks, the prohibition of dynamic memory allocation and loops with unknown iteration counts, which make it difficult to deploy complex multicast protocols and algorithms. Secondly, at present, no emulation platform integrates network layer multicast emulation functions. As a result, users need to develop the multicast tree construction and maintenance mechanism in advance, which makes experiments laborious. To solve the above problems, based on NS4, we designed a multicast emulation platform, M-Emu. M-Emu presents a Service-Forwarding Architecture, which enables the data plane to deploy arbitrary complex protocols and algorithms. Based on the Service-Forwarding Architecture, M-Emu integrates a Multicast-Emulation Framework, which has a complete multicast tree construction and maintenance mechanism. We explain in detail how the various parts of M-Emu cooperate to complete the multicast emulation with an example and prove that M-Emu is efficient in CPU and memory consumption, etc., through a large number of experiments.
39
Khan, Zulfiqar Ali, and Akbar Siami Namin. "A Survey of DDOS Attack Detection Techniques for IoT Systems Using BlockChain Technology." Electronics 11, no. 23 (November 24, 2022): 3892. http://dx.doi.org/10.3390/electronics11233892.
Full textAbstract:
The Internet of Things (IoT) is a network of sensors that helps collect data 24/7 without human intervention. However, the network may suffer from problems such as the low battery, heterogeneity, and connectivity issues due to the lack of standards. Even though these problems can cause several performance hiccups, security issues need immediate attention because hackers access vital personal and financial information and then misuse it. These security issues can allow hackers to hijack IoT devices and then use them to establish a Botnet to launch a Distributed Denial of Service (DDoS) attack. Blockchain technology can provide security to IoT devices by providing secure authentication using public keys. Similarly, Smart Contracts (SCs) can improve the performance of the IoT–blockchain network through automation. However, surveyed work shows that the blockchain and SCs do not provide foolproof security; sometimes, attackers defeat these security mechanisms and initiate DDoS attacks. Thus, developers and security software engineers must be aware of different techniques to detect DDoS attacks. In this survey paper, we highlight different techniques to detect DDoS attacks. The novelty of our work is to classify the DDoS detection techniques according to blockchain technology. As a result, researchers can enhance their systems by using blockchain-based support for detecting threats. In addition, we provide general information about the studied systems and their workings. However, we cannot neglect the recent surveys. To that end, we compare the state-of-the-art DDoS surveys based on their data collection techniques and the discussed DDoS attacks on the IoT subsystems. The study of different IoT subsystems tells us that DDoS attacks also impact other computing systems, such as SCs, networking devices, and power grids. Hence, our work briefly describes DDoS attacks and their impacts on the above subsystems and IoT. For instance, due to DDoS attacks, the targeted computing systems suffer delays which cause tremendous financial and utility losses to the subscribers. Hence, we discuss the impacts of DDoS attacks in the context of associated systems. Finally, we discuss Machine-Learning algorithms, performance metrics, and the underlying technology of IoT systems so that the readers can grasp the detection techniques and the attack vectors. Moreover, associated systems such as Software-Defined Networking (SDN) and Field-Programmable Gate Arrays (FPGA) are a source of good security enhancement for IoT Networks. Thus, we include a detailed discussion of future development encompassing all major IoT subsystems.
40
Smyth, Dylan, Sandra Scott-Hayward, Victor Cionca, Sean McSweeney, and Donna O’Shea. "SECAP Switch—Defeating Topology Poisoning Attacks Using P4 Data Planes." Journal of Network and Systems Management 31, no. 1 (January 21, 2023). http://dx.doi.org/10.1007/s10922-022-09714-z.
Full textAbstract:
AbstractProgrammable networking is evolving from programmable control plane solutions such as OpenFlow-based software-defined networking (SDN) to programmable data planes such as P4-based SDN. To support the functionality of the SDN, the correct view of the network topology is required. However, multiple attacks aimed at topology poisoning have been demonstrated in SDNs. While several controller-centralised security solutions have been proposed to defeat topology poisoning attacks, some attacks e.g., the Data Plane ARP Cache Poisoning Attack and the relay-type Link Fabrication Attack are difficult to detect using a fully centralised security solution. In this paper, we present the Security-Aware Programmable (SECAP) Switch—a lightweight, in-network, P4-based security solution that is designed to prevent attacks that might otherwise evade control plane solutions. The SECAP switch verifies source address details contained within the headers of protocols commonly used to perform topology poisoning attacks. This function is supported by a novel variance-based anomaly detection solution to provide a layered defence. We demonstrate the ability of the SECAP switch to defeat topology poisoning attacks with minimal memory and processing overhead.
41
Amin Sheikh, Mohammad Nowsin, Monishanker Halder, Sk Shalauddin Kabir, Md Wasim Miah, and Sawrnali Khatun. "SDN-Based Approach to Evaluate the Best Controller: Internal Controller NOX and External Controllers POX, ONOS, RYU." Global Journal of Computer Science and Technology, February 7, 2019, 21–32. http://dx.doi.org/10.34257/gjcstevol19is1pg21.
Full textAbstract:
Software Defined Networking (SDN) is a rising technique to deal with replace patrimony network (coupled hardware and software program) control and administration by separating the control plane (software program) from the information plane (hardware). It gives adaptability to the engineers by influencing the focal control to plane straightforwardly programmable. Some new difficulties, for example, single purpose of disappointment, may be experienced because of the original control plane. SDN concentrated on flexibility where the security of the system was not essentially considered. It promises to give a potential method to present Quality of Service (QoS) ideas in the present correspondence networks. SDN automatically changes the behavior and functionality of system devices utilizing a single state program. Its immediate OpenFlow is planned by these properties. The affirmation of Quality of Service (QoS) thoughts winds up possible in a versatile and dynamic path with SDN. It gives a couple of favorable circumstances including, organization and framework versatility, improved exercises and tip-top performances.
42
Tompa, G. S., D. Shen, C. Zhang, and I. H. Murzin. "Advanced Interactive Personal Computer-Based Process Control Systems for Oxide MOCVD Systems." MRS Proceedings 415 (1995). http://dx.doi.org/10.1557/proc-415-167.
Full textAbstract:
ABSTRACTA versatile control system, which uses standard commercial software and hardware has been developed and applied to control oxide (and carbide) MOCVD and CVD systems. The control system is implemented within a personal computer platform. The system operates in the real time Microsoft WindowsTM environment utilizing the full advantage of the sophisticated graphical user interfaces, dynamic data exchange, networking, and multitasking capabilities. We have used two different sets of commercial software to control and monitor system hardware. The first software set is INTOUCHTM, a Man-Machine interface software from WONDERWARETM in conjunction with Microsoft ExcelTM and I/O interface software. The second software set is LABVIEWTM, which is primarily a data acquisition control system from National Instruments, combined with Visual BasicTM. Both systems include a friendly interactive real-time windows-based user interface, an advanced process entry and recording spread sheet interface, alarm and security management systems, data display and recording, maintenance routines, and complete networking and remote operation capabilities. In addition, the configurations provide a flexible hardware interface that can directly interface to I/O cards in the PC's bus, as well as to most industrial Programmable Logic Controllers, various types of process controllers, I/O devices and other forms of hardware. Most importantly, the system can interface with any in-situ process monitor or higher level intelligent process control systems in order to optimize the process. Modules may be activated or deactivated as needed (even as part of the process). These systems have been used for home-built systems, as well as to retrofit a modified Spire SPI-MOCVDTM 500XT system. General process interaction and results will be discussed.
43
Musumeci, Francesco, Ali Can Fidanci, Francesco Paolucci, Filippo Cugini, and Massimo Tornatore. "Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks." Journal of Network and Systems Management 30, no. 1 (November 2, 2021). http://dx.doi.org/10.1007/s10922-021-09633-5.
Full textAbstract:
Abstract Distributed Denial of Service (DDoS) attacks represent a major concern in modern Software Defined Networking (SDN), as SDN controllers are sensitive points of failures in the whole SDN architecture. Recently, research on DDoS attacks detection in SDN has focused on investigation of how to leverage data plane programmability, enabled by P4 language, to detect attacks directly in network switches, with marginal involvement of SDN controllers. In order to effectively address cybersecurity management in SDN architectures, we investigate the potential of Artificial Intelligence and Machine Learning (ML) algorithms to perform automated DDoS Attacks Detection (DAD), specifically focusing on Transmission Control Protocol SYN flood attacks. We compare two different DAD architectures, called Standalone and Correlated DAD, where traffic features collection and attack detection are performed locally at network switches or in a single entity (e.g., in SDN controller), respectively. We combine the capability of ML and P4-enabled data planes to implement real-time DAD. Illustrative numerical results show that, for all tested ML algorithms, accuracy, precision, recall and F1-score are above 98% in most cases, and classification time is in the order of few hundreds of $$\upmu \text {s}$$ μ s in the worst case. Considering real-time DAD implementation, significant latency reduction is obtained when features are extracted at the data plane by using P4 language. Graphic Abstract
44
Radhanand, Anantha, K. N. B. Kumar, and Swetha Namburu. "An Affordable, Scalable, Open Architecture, IoT Eco-system for the Academic Community." International Journal of Sensors, Wireless Communications and Control 10 (October 29, 2020). http://dx.doi.org/10.2174/2210327910999201029192934.
Full textAbstract:
Aim:: Today's Internet of Things (IoT) applications are extended from smart homes to e-health, cybersecurity, data analytics, logistics and management of assets. There are many upcoming IOT solutions and platforms like ThingWorx, Xively, and Yaler. However, the existing eco-systems are not vibrant because of high entry-level barrier and low potential for any stakeholder. Especially, the academic community require a comprehensible way to create IoT services, develop their skillsets and build applications around them. In this regard, this work presents an affordable and scalable IoT eco-system with an easily programmable hardware platform, a private web server on cloud and a user friendly mobile application. Background:: Home automation is automating the control of devices and appliances in the home environment to increase the comfort and convenience in their usage. To design a typical immune home automation system, we need to incorporate different sensors, wireless networking and a central node that can collect data and act as a gateway for Internet connection. Objective:: Delivering an IoT solution involves the use of multiple technologies that cut across traditional engineering stream boundaries- sensors, microcontrollers, wireless networking, network protocols, web programming, and mobile app development. The challenge is to find a suitable hardware platform that can be easily programmed, open, so that sensors and actuators can be added as per requirement, develop or use existing web services that will help post, retrieve data from the cloud, and develop mobile apps to make data available to the user. In short, an entire eco-system needs to be put in place either through development or by properly configuring already existing components. Methods:: Delivering an IoT solution involves the use of multiple technologies that cut across traditional engineering stream boundaries- sensors, microcontrollers, wireless networking, network protocols, web programming, and mobile app development. In this work, we employed a suitable hardware platform which is easily programmed, open, so that sensors and actuators can be added as per requirement, develop or use existing web services that will help post, retrieve data from the cloud, and develop mobile apps to make data available to the user. Results:: A custom built GISMO based IoT cloud system is developed with sensors and nodes to form an infrastructure. The framework will assure standard design that establishes a functional link between hardware, software and web applications. A private webservice using HTTP server and MQTT broker is designed with access from anywhere with a public IP. The web services are coded in PHP and since it is an in-house development, addition of new services and maintenance of existing services is easy. Conclusion:: Conclusion:
45
AHIRE, KAVITA, and Jyoti Yadav. "Network Topology Classification in SDN Ecosystem using Machine Learning." International Journal of Next-Generation Computing, July 26, 2022. http://dx.doi.org/10.47164/ijngc.v13i2.410.
Full textAbstract:
To meet the increasing network demands of enterprise environments and data centers, traditional network architectures have been replaced by software-enabled hardware devices for developing agile, dynamic, and programmable networks. Software Defined Networking (SDN) is a new paradigm shift that abstracts network design and infrastructure in the software and then implements it by using software across hardware devices. SDN is used to build and manage the network in a customized way. SDN architecture offers network virtualization, network programmability, and flexibility by decoupling control and data planes which further enriches the network performance. As such, the SDN controller is a tactical control point in SDN. An SDN normally allows data flow control to the switches and/or routers and the rationale of the application's logic for deploying intelligent networks. SDN with Machine Learning (ML) and Artificial Intelligence (AI) techniques build network models, which essentially can take decisions based on self-learning and self-management capabilities. Accurate classification of topology is of prime importance to satisfy future network prerequisites like unpredictable traffic patterns, dynamic scaling, flexibility, and centralized control. The controller needs to have exact information about the topology of the network in order to configure and manage the network. Subsequently, topology classification is an important component of any Software Defined Network architecture. This paper presents the classification of topologies using different supervised ML algorithms. The accuracy obtained from Support Vector Machine (SVM) and Classification and Regression (CART) is 95% and 90% respectively.
The experimental results show that according to the k Cross-Fold validation technique, SVM algorithm has been found to be the most accurate amongst the other ML algorithms with a mean accuracy value of 85%.