Minho Park

A feasible method to combat against DDoS attack in SDN network

In Software Defined Network, the controller is so vulnerable to flooding attack. By injecting spoofed request packets continuously, attackers make a burdensome process to the controller, cause bandwidth occupation in the controller-switch channel, and overload the flow table in switch. The final target of attackers is to downgrade or even shutdown the stability and quality of service of the network. In this paper, we introduce a feasible method to protect the network against Distributed Denial of Service attacks more effectively.

Adaptive MCS selection and resource planning for energy-efficient communication in LTE-M based IoT sensing platform

As an important part of IoTization trends, wireless sensing technologies have been involved in many fields of human life. In cellular network evolution, the long term evolution advanced (LTE-A) networks including machine-type communication (MTC) features (named LTE-M) provide a promising infrastructure for a proliferation of Internet of things (IoT) sensing platform. However, LTE-M may not be optimally exploited for directly supporting such low-data-rate devices in terms of energy efficiency since it depends on core technologies of LTE that are originally designed for high-data-rate services. Focusing on this circumstance, we propose a novel adaptive modulation and coding selection (AMCS) algorithm to address the energy consumption problem in the LTE-M based IoT-sensing platform. The proposed algorithm determines the optimal pair of MCS and the number of primary resource blocks (#PRBs), at which the transport block size is sufficient to packetize the sensing data within the minimum transmit power. In addition, a quantity-oriented resource planning (QORP) technique that utilizes these optimal MCS levels as main criteria for spectrum allocation has been proposed for better adapting to the sensing node requirements. The simulation results reveal that the proposed approach significantly reduces the energy consumption of IoT sensing nodes and #PRBs up to 23.09% and 25.98%, respectively.

Adaptive Suspicious Prevention for Defending DoS Attacks in SDN-Based Convergent Networks

The convergent communication network will play an important role as a single platform to unify heterogeneous networks and integrate emerging technologies and existing legacy networks. Although there have been proposed many feasible solutions, they could not become convergent frameworks since they mainly focused on converting functions between various protocols and interfaces in edge networks, and handling functions for multiple services in core networks, e.g., the Multi-protocol Label Switching (MPLS) technique. Software-defined networking (SDN), on the other hand, is expected to be the ideal future for the convergent network since it can provide a controllable, dynamic, and cost-effective network. However, SDN has an original structural vulnerability behind a lot of advantages, which is the centralized control plane. As the brains of the network, a controller manages the whole network, which is attractive to attackers. In this context, we proposes a novel solution called adaptive suspicious prevention (ASP) mechanism to protect the controller from the Denial of Service (DoS) attacks that could incapacitate an SDN. The ASP is integrated with OpenFlow protocol to detect and prevent DoS attacks effectively. Our comprehensive experimental results show that the ASP enhances the resilience of an SDN network against DoS attacks by up to 38%.

Optimizing resource allocation for elastic security VNFs in the SDNFV-enabled cloud computing

This paper proposes a proactive optimal resource allocation scheme for elastic security Virtualized Network Functions (VNFs) in the Service Function Chaining on the Software Defined Network Function Virtualization (SDNFV-enabled) cloud environment. We firstly analyze our system model, and transform them into M/M/1/∞ and M/M/k queueing model. Then we define mathematical requirements by analyzing the new VNF resource allocation function and estimating the total number of packets in an SFCi system. From these requirements, we finally propose a proactive resource allocation optimizer with solvable and practical constraints.

Distributed-SOM: A novel performance bottleneck handler for large-sized software-defined networks under flooding attacks

Abstract Software-Defined Networking (SDN) is a new programmable networking model that features the detachment of control and data planes. In this network, the network brain is an SDN controller that is used to centrally monitor and control the data plane based on the OpenFlow protocol and applications located in the application layer. In recent years, a vast number of issues relating to security have been seriously debated for this networking paradigm, especially the large-scale model. In particular, flooding attacks have been on the rise, providing great challenges for the SDN architecture to cope with. In this paper, we present a novel mechanism using the Self-Organizing Map (SOM) application to solve the performance bottleneck and overload problems for the upper layers in a large-sized SDN in case of flooding attacks. Our proposed approach integrates a Distributed Self-Organizing Map (DSOM) system to OpenFlow Switches instead of using a standalone SOM. By exploiting SDN advantages, such as flexibility and overhead reduction, we implement and test both a DSOM system and a single SOM system on multi-criteria to compare the performance of our introduced system. Our experimental results show that the DSOM solution can effectively detect abnormal traffic, solve bottleneck problems and increase the system reaction speed to attack traffic, while presenting a smaller overhead to the network system.

Achievable Multi-Security Levels for Lightweight IoT-Enabled Devices in Infrastructureless Peer-Aware Communications

The emergence of social networking and proximity services is driving the Internet-of-Things (IoT) paradigms toward a location-aware connecting society. To prepare for such a booming paradigm, IEEE 802.15.8 standardizes peer-aware communication (PAC) within the strict consideration of infrastructureless property and fully distributed coordination features. Since no central entity exists in a PAC network for control and management purposes, every PAC device (PD) plays an equal role in terms of communication. This situation leads to a variety of security challenges, especially in authentication and key agreement for lightweight IoT-enabled PDs. Recently, there are some proposals aimed at the aforementioned problems, such as approaches with personal identification number, physical layer features. However, due to its inconvenience and computational complexity for the lightweight IoT-enabled PDs, authentication and key agreement are still open issues in PAC. From this view, this paper proposes a new approach that utilizes social networking features closely tied to the PAC in order to support authentication and key agreement procedures. A number of trusted PDs are delegated to authenticate the requesting PD on behalf of the requested PD when an association is established between them. Intensive analysis and evaluation show that the proposed protocol provides multiple security levels as well as user convenience with reasonable resource consumption.

A Novel Hybrid Flow-Based Handler with DDoS Attacks in Software-Defined Networking

In this paper, we firstly introduce a new combined approach to enhance the performance of classification in network traffic. The proposed combination mainly focuses on taking advantages of two classification algorithms, Support Vector Machine (SVM), Self Organizing Map (SOM). We utilize both advantages that SVM takes a little time to produce outputs with a high accuracy, SOM makes a reliable prediction based on their neurons. Next, we propose a hybrid flow-based work mechanism, which applies the proposed combination SVMs-SOM, for handling with Distributed Denial-of-Service (DDoS) attacks, network component protection from resource exhaustion in Software-Defined Networking. In the introduced scheme, multiple Linear SVMs first classify flow entries existing in flow-tables from OpenFlow switches. In the case that a flows position is located between two margin lines or a vague region in the Linear SVM representation, it will be then forwarded to a SOM to make a final decision. Afterwards, an attack classifier, a policy enforcement module will be applied to attack flows with the purpose of attack diminution, the SDN controller protection. Besides, we also provide readers with a new view of DDoS attacks in the Software-Defined Networking. Thorough practical experiments conducted in the Software-Defined Networking environment, it is proved that the proposed classification combination outperforms original algorithms,, the novel hybrid mechanism can be an effective, innovative approach to face with DDoS attacks, protect the OpenFlow switches, the SDN controller from being overloaded.

An efficient uplink admission control for ertPS in IEEE 802.16

In this paper, we propose an efficient call admission control scheme for ertPS, one of QoS services in IEEE 802.16, which is designed for Voice over IP. In ertPS, a users unused spare bandwidth is temporally shared with others, which can achieve the efficient bandwidth usage. Since the bandwidth sharing happens among the connected calls, a BS should retain the appropriate number of connected calls. If it has too small number of calls, the unallocated spare BW will be waisted. Otherwise, the excessive number of calls accepted by the BS may cause cell-overloading and call-dropping. By using the statistical multiplexing and probabilistic guard channel reservation, the proposed scheme increases the bandwidth utilization. The results show that the analytical model and the simulation are the very close, and our scheme can achieve 10% less blocking probability of a new call and higher utilization of bandwidth than a conventional guard channel scheme.

Real-Time Task Assignment Approach Leveraging Reinforcement Learning with Evolution Strategies for Long-Term Latency Minimization in Fog Computing

The emerging fog computing technology is characterized by an ultralow latency response, which benefits a massive number of time-sensitive services and applications in the Internet of things (IoT) era. To this end, the fog computing infrastructure must minimize latencies for both service delivery and execution phases. While the transmission latency significantly depends on external factors (e.g., channel bandwidth, communication resources, and interferences), the computation latency can be considered as an internal issue that the fog computing infrastructure could actively self-handle. From this view point, we propose a reinforcement learning approach that utilizes the evolution strategies for real-time task assignment among fog servers to minimize the total computation latency during a long-term period. Experimental results demonstrate that the proposed approach reduces the latency by approximately 16.1% compared to the existing methods. Additionally, the proposed learning algorithm has low computational complexity and an effectively parallel operation; therefore, it is especially appropriate to be implemented in modern heterogeneous computing platforms.

Flow-based consensus partitions for botnet detection

Botnets, networks of compromised devices, are considered as one of the most costly incidents in network security. Since the botnets are able to obfuscate firewalls, interconnect to vast networks, attack enterprise systems, and lead to massive damages, it is getting more urgent to detect the botnets. Some detection mechanisms have been proposed, particularly applying machine learning techniques into traffic flows. They employ supervised learning algorithms to classify malicious flows and normal flow in Network Intrusion Detection Systems (NIDS). Recently, researchers suggest clustering flows to some small groups before classification, with promising results. Partitioning techniques for these hybrid models is the keystone but still weak. Therefore, in this paper we intend to analyze the constraints of existing botnet detection methods, especially the cluster-based algorithms. To overcome these obstacles, we introduce two new consensus partitions methods. The experiments show that our new techniques outperform others and give higher stability.