Software Defined Networking Research Articles

Fed-Evolver: An automated evolving approach for federated Intrusion Detection System using adversarial autoencoder in SDN-enabled networks

Intrusion Detection Systems (IDS) have garnered escalating significance in response to the evolving landscape of cyberattacks, driven by the adaptability and versatility of Software Defined Networking (SDN)-based networks in enhancing security orchestration. Although Machine Learning (ML) models have been developed for IDS, they require large amounts of labeled data to achieve high performance. However, acquiring labels for attacks is a time-consuming process and can cause problems in deploying the existing ML models in new systems or lower performance due to a shortage of labeled data on pre-trained datasets. Additionally, such ML-based IDS models lack the self-learning function to automatically adapt to new cyberattacks during network operations. To overcome these challenges, our work proposes Fed-Evolver, an automated evolving approach for federated IDS that combines Generative Adversarial Networks (GANs) with Auto Encoder (AE) and a semi-supervised adversarial Autoencoder (SSAAE) for spotting intrusion actions. Our Fed-Evolver leverages supervised and unsupervised learning strategies to build efficient IDS models in the context of labeled data scarcity with the help of Federated Learning (FL). It allows data owners to collaborate for training intrusion detection models to provide the self-evolving capability in SDN-enabled networks. Our proposed framework is evaluated on 6 cyberattack datasets, including CICIDS2018, CIC-ToN-IoT, NF-UNSW-NB15, InSDN, InSecLab-IDS2021, DNP3 Intrusion Detection, and it outperforms other ML methods even when trained with only 1% proportion of labeled data, achieving consistently high performance across all metrics on the datasets.

A combination learning framework to uncover cyber attacks in IoT networks

The Internet of Things (IoT) is rapidly expanding, connecting an increasing number of devices daily. Having diverse and extensive networking and resource-constrained devices creates vulnerabilities to various cyber-attacks. The IoT with the supervision of Software Defined Network (SDN) enhances the network performance through its flexibility and adaptability. Different methods have been employed for detecting security attacks; however, they are often computationally efficient and unsuitable for such resource-constraint environments. Consequently, there is a significant requirement to develop efficient security measures against a range of attacks. Recent advancements in deep learning (DL) models have paved the way for designing effective attack detection methods. In this study, we leverage Genetic Algorithm (GA) with a correlation coefficient as a fitness function for feature selection. Additionally, mutual information (MI) is applied for feature ranking to measure their dependency on the target variable. The selected optimal features were used to train a hybrid DNN model to uncover attacks in IoT networks. The hybrid DNN integrates Convolutional Neural Network, Bi-Gated Recurrent Units (Bi-GRU), and Bidirectional Long Short-Term Memory (Bi-LSTM) for training the input data. The performance of our proposed model is evaluated against several other baseline DL models, and an ablation study is provided. Three key datasets InSDN, UNSW-NB15, and CICIoT 2023 datasets, containing various types of attacks, were used to assess the performance of the model. The proposed model demonstrates an impressive accuracy and detection time over the existing model with lower resource consumption.

Accurate and efficient elephant-flow classification based on co-trained models in evolved software-defined networks

Accurate early classification of elephant flows (elephants) is important for network management and resource optimization. Elephant models, mainly based on the byte count of flows, can always achieve high accuracy, but not in a time-efficient manner. The time efficiency becomes even worse when the flows to be classified are sampled by flow entry timeout over Software-Defined Networks (SDNs) to achieve a better resource efficiency. This paper addresses this situation by combining co-training and Reinforcement Learning (RL) to enable a closed-loop classification approach that divides the entire classification process into episodes, each involving two elephant models. One predicts elephants and is retrained by a selection of flows automatically labeled online by the other. RL is used to formulate a reward function that estimates the values of the possible actions based on the current states of both models and further adjusts the ratio of flows to be labeled in each phase. Extensive evaluation based on real traffic traces shows that the proposed approach can stably predict elephants using the packets received in the first 10% of their lifetime with an accuracy of over 80%, and using only about 10% more control channel bandwidth than the baseline over the evolved SDNs.

P4-Based Proactive Monitoring Scheme in Software-Defined Networks

P4-Based Proactive Monitoring Scheme in Software-Defined Networks

A Collaborative Approach to Detecting DDoS Attacks in SDN Using Entropy and Deep Learning

Software-defined networking (SDN) is an approach to network management allowing to enhance the performance of the network and making it more flexible. The centralized architecture of SDN makes it vulnerable to cyberattacks, especially distributed denial of service (DDoS) attacks. Existing research investigates the detection of DDoS attacks separately on the control plane and data plane. However, there is a need for efficient and accurate detection of these attacks using features obtained from both control and data planes. Therefore, we present a mechanism for identifying DDoS attacks using entropy, multiple feature selection mechanisms, and deep learning. Initially, we use entropy on the control plane to detect anomalous activity and identify suspicious switches. Next, we capture traffic on the suspicious switches to detect DDoS attacks. To detect these attacks, we utilize multi-layer perceptron (MLP) deep learning models, convolutional neural network (CNN), and the long short-term memory (LSTM) approach. An InSDN dataset is used to train the model and test data are generated using Mininet emulation and the Ryu controller. The results reveal that LSTM outperforms MLP and CNN, achieving an accuracy of 99.83%.

Machine Learning-Based Approach for Detecting DDoS Attacks in Software Defined Networks

Machine Learning-Based Approach for Detecting DDoS Attacks in Software Defined Networks

A comprehensive review of combating EDoS attacks in cloud services with deep learning and advanced network security technologies including DDoS protection and intrusion prevention systems

This comprehensive review examines the current state of research and practice in combating Economic Denial of Sustainability (EDoS) attacks in cloud services, with a focus on deep learning approaches and advanced network security technologies. The paper provides an in-depth analysis of EDoS attack characteristics, their impact on cloud economics, and the challenges faced in mitigation efforts. It explores the application of deep learning techniques in EDoS detection and prevention, highlighting recent advancements in neural network architectures and feature extraction methods. The review also covers the integration of advanced network security technologies, including next-generation firewalls, software-defined networking, and cloud-native security solutions, in the context of EDoS protection. Furthermore, it discusses the adaptation of Distributed Denial of Service (DDoS) mitigation strategies for EDoS attacks, emphasizing traffic analysis and anomaly detection techniques. The role of Intrusion Prevention Systems (IPS) in EDoS mitigation is examined, comparing signature-based and behavior-based approaches and exploring their integration with other security components. The paper concludes by identifying emerging threats, regulatory considerations, and open research problems in EDoS protection, providing valuable insights for researchers and practitioners in the field of cloud security. This review aims to serve as a comprehensive resource for understanding the current landscape of EDoS attacks and defense mechanisms, while also highlighting future directions for research and development in this critical area of cloud computing security.

End-to-End Resource Allocation Management Model in Next-Generation Network: Survey

Network communication has grown rapidly with massive demands of services. Moreover, resource allocation in networking is a fundamental and crucial issue that cannot ensure the network's stability and efficiency with the myriad requirements of different services. Various vertical businesses may seek varied network services, particularly in the Fifth-Generation networks and Beyond (5G+). The pros of Fifth-Generation communication networks are to outperform 4G in performance by having higher bandwidth, minimum latency, more capacity, and QoS (Quality of Service). Software-Defined Network (SDN) and Network Function Virtualization (NFV) are two technologies that are combined in the next generation cellular network to provide improved network management. The primary idea behind resource allocation (RA) in the next generation network is the concept of network slicing where the network resources are virtually partitioning into many separate networks. Each separated network must satisfy the unique needs of the required service to achieve the required QoS. In this survey, we focus on resource management issues related to network slicing and tackling the biggest obstacles in this field while offering a thorough and up-to-date overview of this field. Thus, thorough analysis of the allocation of resources on the access side and core side of the network communication was sought. Also, demonstrates how revolutionary techniques that are used to support the management of sliced networks which are based on Machine Learning (ML) and Artificial Intelligence (AI). Importantly, use appropriate ML techniques such as deep learning for predicting the network condition and Reinforcement learning to learn optimal allocation policy without depending on prior knowledge and other techniques such as classification and clustering to aggregate the similar needs of users into separate slices. This could help to enhance resource utilization by allocating a sufficient amount of resource as needed based on ML algorithms and optimal utilization of resources and reducing operational costs by real-time adjustment of it based on user demands and network conditions

Intelligent Resource Monitoring and Control Method in Vehicular Ad-hoc Networks for Electric Vehicle Enabled Microgrids

Software-Defined Networks (SDN) and Cloud Radio Access Networks (CRANs) are added to vehicle ad hoc networks (VANETs). The goals include making data transfer and resource sharing more efficient, achieving the shortest possible wait and response times, and ensuring the network is reliable even when conditions change. The usual ways of handling and grouping loads in Electric Vehicles (EVs), which are made for stable environments, need to be changed to work with VANETs, which are constantly evolving. To regularly meet these high service levels, focus on more adaptable and durable solutions. This study shows a software-defined EV fog computing design that improves VANETs' resource sharing. The suggested design uses smart controls placed strategically in the network to make the flow of data and use of resources as efficient as possible. The system uses parallel processing to split up computing tasks among EV stations. This makes the network more mobile and lessens the chance of jams. Simulations and real-world tests of the model show that it makes the network much more efficient. The study found that compared to traditional methods, the average response time went up by 29%, network delay went down by 23%, and it took 27% less time to get to the best assets spread.

Fortifying multi-cloud Kubernetes: Security strategies for the modern enterprise

Kubernetes-based multi-cloud architecture is becoming an integral part of modern enterprises, which makes ensuring its security a top priority. The main threats in such a system are related to configuration management, network security, access control and compliance with regulatory requirements. For effective security management, it is proposed to use CNAPP platforms that integrate several protection mechanisms, including cloud security Management (CSPM) and Kubernetes Security Management (KSPM). Automation of monitoring processes and authentication in Kubernetes, including centralized identity and access management, play an important role. The use of encryption technologies, software-defined networks (SDN) and regular audits contribute to reducing risks. The implementation of advanced security strategies and their constant adaptation to new threats ensures the sustainability of the cyber environment of multi-cloud deployments and the maintenance of data integrity.

A privacy-preserving Self-Supervised Learning-based intrusion detection system for 5G-V2X networks

In light of the ongoing transformation in the automotive industry, driven by the adoption of 5G and the proliferation of connected vehicles, network security has emerged as a critical concern. This is particularly true for the implementation of cutting-edge 5G services such as Network Slicing (NS), Software Defined Networking (SDN), and Multi-access Edge Computing (MEC). As these advanced services become more prevalent, they introduce new vulnerabilities that can be exploited by cyber attackers. Consequently, Network Intrusion Detection Systems (NIDSs) are pivotal in safeguarding vehicular networks against cyber threats. Still, their efficacy hinges on extensive data, which often contains sensitive and confidential information such as vehicle positions and owner’s behaviors, raising privacy concerns. To address this issue, we propose a Privacy-Preserving Self-Supervised Learning (SSL) based Intrusion Detection System for 5G-V2X networks. The majority of works in the literature relying on Federated Learning (FL) and often overlook data labeling on the end devices. Our methodology leverages SSL to pre-train NIDSs using unlabeled data. Post-training is then performed with a minimal amount of labeled data, which can be carefully crafted by an expert. This novel technique allows the training of NIDSs with huge datasets without compromising privacy, consequently enhancing the efficacy of cyber-attack protection. Our innovative SSL pre-training methodology has yielded remarkable results, demonstrating a substantial improvement of up to 9% in accuracy across a diverse range of training dataset sizes, including scenarios with as few as 200 data samples. Our approach highlights the potential to enhance automotive network security significantly, showcasing groundbreaking achievements that set a new standard in the field of automotive cybersecurity.

A Blockchain-Based Security Framework for East-West Interface of SDN

Software-Defined Networking (SDN) has emerged as a revolutionary architecture in computer networks, offering comprehensive network control and monitoring capabilities. However, securing the east–west interface, which is crucial for communication between distributed SDN controllers, remains a significant challenge. This study proposes a novel blockchain-based security framework that integrates Ethereum technology with customized blockchain algorithms for authentication, encryption, and access control. The framework introduces decentralized mechanisms to protect against diverse attacks, including false data injection, man-in-the-middle (MitM), and unauthorized access. Experimental results demonstrate the effectiveness of this framework in securing distributed controllers while maintaining high network performance and low latency, paving the way for more resilient and trustworthy SDN infrastructures.

An innovative NSGA-II-based Byzantine Fault Tolerant solution for software defined network environments

Byzantine fault tolerance (BFT) of the control plane in Software Defined Networking (SDN) is achieved by mapping each switch to 3f+1 number of controllers, where f represents the number of faulty controllers that can be tolerated at a time. A BFT approach protects the data plane from any potential malicious activity at the control plane by detecting the inconsistency among the response messages from multiple controllers. To compute the optimal mapping of switches to the controller, the existing literature does not consider some important parameters. This paper proposes a novel approach, named NBFT-SDN, that extends an artificial intelligence algorithm (i.e. NSGA-II) to solve a new formulated multi-objective optimization problem associated with this mapping. NBFT-SDN considers the very important parameters link reliability and link load along with switch-to-controller minimum delay, switch-to-controllers maximum reliability, controller-to-controller minimum delay, minimum link load, minimum hop count, and controller load balancing when mapping the switches to the controllers in optimum manner. The performance of our proposed approach is evaluated in comparison to a state-of-art approach using real network traces with network topologies of diverse sizes. Our proposed approach NBFT-SDN show improved network performance in terms of reliability, delay, hop count, load balancing and link load.

Deep Learning Aided Intelligent Reflective Surfaces for 6G: A Survey

The envisioned sixth-generation (6G) networks anticipate robust support for diverse applications, including massive machine-type communications, ultra-reliable low-latency communications, and enhanced mobile broadband. Intelligent Reflecting Surfaces (IRS) have emerged as a key technology capable of intelligently reconfiguring wireless propagation environments, thereby enhancing overall network performance. Traditional optimization techniques face limitations in meeting the stringent performance requirements of 6G networks due to the intricate and dynamic nature of the wireless environment. Consequently, Deep Learning (DL) techniques are employed within the IRS framework to optimize wireless system performance. This paper provides a comprehensive survey of the latest research in DL-aided IRS models, covering optimal beamforming, resource allocation control, channel estimation and prediction, signal detection, and system deployment. The focus is on presenting promising solutions within the constraints of different hardware configurations. The survey explores challenges, opportunities, and open research issues in DL-aided IRS, considering emerging technologies such as digital twins (DTs), computer vision (CV), blockchain, network function virtualization (NFC), integrated sensing and communication (ISAC), software-defined networking (SDN), mobile edge computing (MEC), unmanned aerial vehicles (UAVs), and non-orthogonal multiple access (NOMA). Practical design issues associated with these enabling technologies are also discussed, providing valuable insights into the current state and future directions of this evolving field.

Traffic Classification in Software-Defined Networking Using Genetic Programming Tools

The classification of Software-Defined Networking (SDN) traffic is an essential tool for network management, network monitoring, traffic engineering, dynamic resource allocation planning, and applying Quality of Service (QoS) policies. The programmability nature of SDN, the holistic view of the network through SDN controllers, and the capability for dynamic adjustable and reconfigurable controllersare fertile ground for the development of new techniques for traffic classification. Although there are enough research works that have studied traffic classification methods in SDN environments, they have several shortcomings and gaps that need to be further investigated. In this study, we investigated traffic classification methods in SDN using publicly available SDN traffic trace datasets. We apply a series of classifiers, such as MLP (BFGS), FC2 (RBF), FC2 (MLP), Decision Tree, SVM, and GENCLASS, and evaluate their performance in terms of accuracy, detection rate, and precision. Of the methods used, GenClass appears to be more accurate in separating the categories of the problem than the rest, and this is reflected in both precision and recall. The key element of the GenClass method is that it can generate classification rules programmatically and detect the hidden associations that exist between the problem features and the desired classes. However, Genetic Programming-based techniques require significantly higher execution time compared to other machine learning techniques. This is most evident in the feature construction method where at each generation of the genetic algorithm, a set of learning models is required to be trained to evaluate the generated artificial features.

Risk‐Aware SDN Defense Framework Against Anti‐Honeypot Attacks Using Safe Reinforcement Learning

ABSTRACTThe development of multiple attack methods by external attackers in recent years poses a huge challenge to the security and efficient operation of software‐defined networks (SDN), which are the core of operational controllers and data storage. Therefore, it is critical to ensure that the normal process of network interaction between SDN servers and users is protected from external attacks. In this paper, we propose a risk‐aware SDN defense framework based on safe reinforcement learning (SRL) to counter multiple attack actions. Specifically, the defender uses SRL to maximize the utility by choosing to provide a honeypot service or pseudo‐honeypot service within predefined security constraints, while the external attacker maximizes the utility by choosing an anti‐honeypot attack or masquerade attack. To describe the system risk in detail, we introduce the risk level function to model the simultaneous dynamic attack and defense processes. Simulation results demonstrate that our proposed risk‐aware scheme improves the defense utility by 17.5% and 142.4% and reduces the system risk by 42.7% and 59.6% compared to the QLearning scheme and the Random scheme, respectively.

Improved ECC cryptosystem-based lightweight authentication for SDN-based edge computing in IoT-enabled healthcare systems

The Internet of Things (IoT) consists of smart devices with limited resources that can identify and analyze data. In IoT-enabled healthcare systems, the security of IoT devices and the data they contain is complex. These devices in the healthcare industry, edge computing can provide low-latency information services at a reasonable cost. This work proposes a security infrastructure for Software Defined Network (SDN)-based edge computing in IoT-enabled healthcare systems consisting of three steps: Lightweight authentication, collaborative edge computing and job migration. The lightweight authentication step involves both Improved Lightweight Key Management (ILKM) and Improved Elliptic Curve Cryptography (IECC) schemes to ensure authentication among the devices and edge servers. Moreover, the patient’s data in IoT devices are scheduled to the appropriate edge server by examining the load balancing in the collaborative edge computing phase. This is done optimally using the adopted hybrid optimization model, Osprey Assisted Coati Optimization Algorithm (OACOA). Further, job migration takes place, in which the data is allocated to the edge server by comparing the capacity of edge servers and the data gets migrated to other servers by considering migration cost when the capacity of the edge server is overloaded. Finally, the efficiency of the suggested OACOA scheme is evaluated over traditional models with regard to several metrics. When considering the edge-server 30, the OACOA scheme achieves a makespan of 385, while conventional methods acquired fewer makespan ratings. Also, the OACOA approach obtained the highest security ratings (0.7143) on edge-server 20 when compared to existing schemes.

Network Traffic Feature Behaviour Augmentation Fusion based Attacks Classification for Intrusion Detection System in SDN Framework

The implementation of Software-Defined Network(SDN) across multiple data centers aims to simplify thecontrol and management of networks. However, the increasingpopularity of SDN has also attracted the attention of attackers.To tackle this problem, it is essential to have an intrusiondetection system (IDS) in place, which plays a crucial role incybersecurity by addressing external threats. The advantageof SDN’s centralized nature is that it facilitates the training ofan IDS based on machine learning. However, there is a scarcityof research specifically focused on intrusion detection in SDN.Existing literature often treats SDN intrusion detection assimilar to traditional computer systems and relies on intrusiondatasets generated for those systems. We explore the issueof intrusion detection in SDN using the most recent publicdataset (InSDN). However, InSDN is an imbalanced data set.In this paper, we have recommended a method to balance thedata as well as a method to find the best features to improvethe quality of IDS using Machine Learning. In addition, wealso suggest a method of classifying SDN network traffic andnormal network traffic. At the same time, we also evaluate theefficiency of the SDN system with the load balancing systemand without the load balancing system.

Efficient load distribution in heterogeneous vehicular networks using hierarchical controllers

Vehicle movement poses significant challenges in vehicular networks, often resulting in uneven traffic distribution. Fog computing (FC) addresses this by operating at the network edge, handling specific tasks locally instead of relying solely on cloud computing (CC) facilities. There are instances where FC may need additional resources and must delegate tasks to CC, leading to increased delay and response time. This work conducts a thorough examination of previous load balancing (LB) strategies, with a specific focus on software-defined networking (SDN) and machine learning (ML) based LB within the internet of vehicles (IoV). The insights derived from this research expedite the development of SDN controller-based LB solutions in the IoV network. The authors proposes the integration of a local SDN controller (LSDNC) within the FC tier to enable localized LB, addressing delay concerns. However, the information will be available to the main SDN controller (MSDNC) too. The authors explore the concept mathematically and simulates the formulated model and subjecting it to a comprehensive performance analysis. The simulation results demonstrate a significant reduction in delay, with a 125 ms difference when 200 onboard units (OBUs) are used, compared to conventional software-defined vehicular networks (SDVN). This improvement continues to increase as the number of OBUs grows. Our model achieves the same maximum throughput as the previous model but delivers faster response times, as decisions are made locally without the need to wait for the main controller.

An enhanced Deep-Learning empowered Threat-Hunting Framework for software-defined Internet of Things

The Software-Defined Networking (SDN) powered Internet of Things (IoT) offers a global perspective of the network and facilitates control and access of IoT devices using a centralized high-level network approach called Software Defined-IoT (SD-IoT). However, this integration and high flow of data generated by IoT devices raises serious security issues in the centralized control intelligence of SD-IoT. Motivated by the aforementioned challenges, we present a new Deep-Learning empowered Threat Hunting Framework named DLTHF to protect SD-IoT data and detect (binary and multi-vector) attack vectors. First, an automated unsupervised feature extraction module is designed that combines data perturbation-driven encoding and normalization-driven scaling with the proposed Long Short-Term Memory Contractive Sparse AutoEncoder (LSTMCSAE) method to filter and transform dataset values into the protected format. Second, using the encoded data, a novel Threat Detection System (TDS) using Multi-head Self-attention-based Bidirectional Recurrent Neural Networks (MhSaBiGRNN) is designed to detect cyber threats and their types. In particular, a unique TDS strategy is developed in which each time instances is analyzed and allocated a self-learned weight based on the degree of relevance. Further, we also design a deployment architecture for DLTHF in the SD-IoT network. The framework is rigorously evaluated on two new SD-IoT data sources to show its effectiveness.