Taejin Ha

Suspicious traffic sampling for intrusion detection in software-defined networks

In order to defend a cloud computing system from security attackers, an intrusion detection system (IDS) is widely used to inspect suspicious traffic on the network. However, the processing capacity of an IDS is much smaller than the amount of traffic to be inspected in a large-scaled network system. In this paper, we propose a traffic sampling strategy for software-defined networking (SDN) that fully utilizes the inspection capability of malicious traffic, while maintaining the total aggregate volume of the sampled traffic below the inspection processing capacity of the IDS. We formulate an optimization problem to find an appropriate sampling rate for each switch, and sample the traffic flows in the network according to the optimal sampling rates using the SDN functionalities. The simulation and experimental results indicate that the proposed approach significantly enhances the inspection performance of malicious traffic in large-sized networks.

Scalable network intrusion detection on virtual SDN environment

We propose a scalable intrusion detection system (IDS) architecture on a software-defined networking (SDN) environment implemented using a virtualization infrastructure called a Kernel-based Virtual Machine (KVM). In this virtual environment, virtual machines running IDSs, the SDN controller, and network attack software are connected with each other through OpenFlow-enabled software switches. This paper focuses on distributed traffic sampling at network switches for malicious traffic inspection. The network topology and the IDS configuration are visualized through a web graphical user interface.

TDoA localization for wireless networks with imperfect clock synchronization

With the advent of an ubiquitous computing environment, the need to capture location information and incorporate it into applications has become urgent. In particular, time difference-of-arrival (TDoA) localization is considered to be a cost effective and accurate localization technique. However, the local clocks of the access points (APs) are required to be fully synchronized with each other. If clock offsets exist, TDoA localization can yield a poor localization performance. In this paper, we propose a TDoA-based localization technique that simultaneously estimates the client location and clock offsets of the APs. The simulation and experimental results show that the proposed localization algorithm alleviates the impact of imperfect clock synchronization among APs, thereby improving the localization accuracy.

Suspicious Flow Forwarding for Multiple Intrusion Detection Systems on Software-Defined Networks

In recent years, there have been an increasing number of attacks on networks, such as the distributed denial-of-service attack. However, the traditional network is not sufficiently flexible to control the huge amount of traffic that now passes through an intrusion detection system. With SDN, which separates control planes and data planes for programmability, elasticity, and simplicity, it becomes possible to force traffic to pass through an IDS by simply rerouting or mirroring traffic to an IDS. This article focuses on how to distribute traffic to multiple IDSs in order to increase the detection of network attacks and balance IDS loads. A clustering-based flow grouping scheme that distributes flows according to routing information and flow data rate is proposed. Through experiments with a virtualized testbed, we show that the proposed scheme detects network attacks more quickly and achieves a better balance of traffic loads on the IDSs.

MARS: measurement-based allocation of vm resources for cloud data centers

High performance data centers use virtualization technique which enables each physical server machine to host multiple virtual machines (VMs) to achieve highly efficient resource utilization. In this paper, we propose a measurement-based approach for efficient allocation of virtualized resources in hyper-convergence environments where virtualized computing, networking, and storage resources are unified and converged. Using real-time measurements of service performance metrics, our proposed approach identifies the VM with the worst performance resulting from over-utilized resource, and gradually adjusts the amount of resources allocated to it in order to improve its performance. The results of empirical evaluations conducted indicate that our proposed approach can realize efficient resource allocation among VMs with varying resource demands.

Scalable Traffic Sampling Using Centrality Measure on Software-Defined Networks

With regard to cyber security, pervasive traffic visibility is one of the most essential functionalities for complex network systems. A traditional network system has limited access to core and edge switches on the network; on the other hand, SDN technology can provide flexible and programmable network management operations. In this article, we consider the practical problem concerning how to achieve scalable traffic measurement using SDN functionalities. Less intrusive traffic monitoring can be achieved by using a packet sampling technique that probabilistically captures data packets at switches, and the sampled traffic is steered toward a traffic analyzer such as an IDS on SDN. We propose the use of a centrality measure in graph theory for deciding the traffic sampling points among the switches. In addition, we discuss how to decide the traffic sampling rates at the selected switches. The results of the simulation and SDN testbed experiments indicate that the proposed sampling point and rate decision methods enhance the intrusion detection performance of an IDS in terms of malicious traffic flows in large-scale networks.

Dynamic priority-adjustment for real-time flows in software-defined networks

Network traffic can be divided into delay-sensitive and delay-tolerant traffic. Each delay-sensitive real-time flow has a different end-to-end delay deadline, and has to be delivered by that deadline. In general, real-time flows are to be processed prior to delay-tolerant flows, and each real-time flow may have the relative priority depending on its relative importance of real-time flows. A software-defined networking (SDN) makes it possible to monitor and control flows dynamically in the centralized view of the overall network. In this paper, we propose a priority-adjustment algorithm to guarantee the different delay deadlines of real-time flows in SDN-based networks. Compared to other algorithms, simulation results indicate that the number of real-time flows that satisfy their deadlines is highest in the proposed algorithm.

Zero-buffer data delivery for industrial networks

We propose a data-delivery scheduling scheme for synchronized multi-hop industrial networks where source nodes periodically transmit their data packets. The proposed scheme adjusts the transmission times of source nodes in the network in order to prevent data buffering of the data-flows at the intermediate switches. The data packets can be delivered to their destinations with the minimum transmission delay without packet losses at the intermediate switches.

A multi-channel assignment for wireless networks with a limited number of channels

In multi-channel wireless networks, the interferences due to simultaneous transmissions of neighboring nodes can be reduced by assigning different non-overlapping orthogonal channels to sender-receiver pairs that may interfere with each other. However, if the number of non-overlapping channels is smaller than that of interfering nodes, we cannot avoid assigning the same channels to adjacent interfering nodes. We propose a multi-channel assignment algorithm for wireless networks with a limited number of multi-channels. It attempts to minimize the geographically overlapped areas among interference circles (defined as “guard zones”) of neighboring nodes. Through extensive simulations, we show that the proposed algorithm improves the aggregate throughput performance by fully exploiting the multichannel diversity even though the number of non-overlapping channels is not sufficiently large.

Power Control for Wireless Networks with a Limited Number of Channels

In wireless networks, interferences from adjacent nodes that are concurrently transmitting can cause packet reception failures and thus result in significant throughput degradation. The interference can be simply avoided by assigning different orthogonal channel to each interfering node. However, if the number of orthogonal channels is smaller than that of adjacent nodes, this simple channel assignment method does not work. In this paper, we propose a vertex coloring based power control algorithm for wireless networks with a limited number of channels. In order to maintain high data transmission rate between two nodes, the transmission power is increased as long as different orthogonal channel is assigned to each adjacent node. We show that the proposed algorithm significantly improves the network throughput performance for various wireless network topologies with different number o f orthogonal channels.