The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Software Defined Networking (SDN) enables a centralised entity - the controller - to monitor the network’s status by collecting traffic statistics such as packets, bytes, etc. Each statistic is associated with a forwarding table entry (FTE) in a switch whose structure and format is specified by the OpenFlow standard (de-facto SDN standard). For a flow with a FTE, its statistic is easily...
Current approaches to Information-Centric Networking (ICN) facilitate the publication and retrieval of content in a network through a variety of discovery, caching and forwarding approaches, thus defining an equivalent of the data plane in the current Internet infrastructure. However, in contrast to the current Internet, ICN lacks a definition of the control plane for the management of the operation...
Software-Defined Networks (SDN) is an emerging area that promises to change the way we design, build, and operate network architecture. It tends to shift from traditional network architecture of proprietary based to open and programmable network architecture. However, this new innovative and improved technology also brings another security burden into the network architecture, with existing and emerging...
Heavy hitter detection is an important task in many network security and traffic measurement applications. In this work, we implement a heavy hitter detection accelerator based on the Count-Min sketch algorithm inside the NetFPGA-10G OpenFlow switch. By using only a small amount of extra memory and logic resources, the OpenFlow switch is capable of detecting the heavy hitter flows accurately without...
Software-Defined Networking (SDN) emerges as a recent paradigm that grants a holistic network visibility and flexible network programmability, facilitating rapid innovation of protocol and services. Although SDN provides greater control over traffic flow than ever before, it also introduced new challenges and issues to be addressed with its management. In that light, the security and reliability of...
Internet Service Providers (ISPs) are struggling to cope with the growing volume of streaming video traffic in their network, and the problem will only exacerbate as Virtual Reality applications proliferate. To classify and manage bandwidth for video streams, current practise is to either sample traffic for offline analysis or deploy middle-boxes for in-line packet inspection – such solutions are...
Network measurement is an important tool for network managers and operators since it provides the information needed to carry out different management tasks. However, because of the rapid increase in data link speeds and the volume of traffic carried by modern networks, the availability of system resources dedicated to network measurement has always been the main limiting factor in developing modern...
This paper studies the SPLAY open-source framework that facilitates the design, deployment and testing of large-scale distributed applications. A mechanism for automatic control of a virtualized testbed created in OpenStack running Ubuntu 14.04.3 was implemented. The SPLAY entities involved herein were the following: a controller and a modified version of the daemons without using the sandboxing concept...
One challenge in understanding the evolution of the Internet infrastructure is the lack of systematic mechanisms for monitoring the extent to which allocated IP addresses are actually used. In this paper, we advance the science of inferring IPv4 address space utilization by proposing a novel taxonomy and analyzing and correlating results obtained through different types of measurements. We have previously...
Software-defined networks (SDNs) offer network defenders the opportunity to choose from a variety of protection techniques in response to different threats. In contrast, traditional network architectures often lack the flexibility to implement threat-specific security controls. This research was conducted on a hardware SDN test bed running custom security applications to demonstrate techniques that...
This paper presents implementation of a reactive base station selection scheme for millimeter-wave (mmWave) communications. In mmWave communications, the frame loss rate increases and the throughput sharply decreases when a pedestrian blocks a line-of-sight (LOS) path. To alleviate this human blockage problem, base stations can be selected so as to maintain LOS paths on the basis of communication...
Traditional network monitoring involving packet capturing or flow sampling has many challenges such as scalability, accuracy and availability of processing resource when networks become large-scale, high-speed and heterogeneous. SDN is a promising approach to address these challenges, but each SDN switch has it's own capacity limitation, such as it's cache memory called TCAM, and thus it needs coordination...
Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the...
This paper focuses on ARP attacks in switched networks, from ARP protocol perspective, analyses the principle of ARP attacks and the exceptional interrupt occurs they cause when the terminal users access the servers. To quickly and effectively detect ARP spoofing, this paper proposes a WinP cap based detection system of ARP spoofing. Using Win Pcap driver development monitoring software, implements...
The next generation Internet supports dynamic deployment of different protocols and heterogeneous applications. To support this, routers in next generation computer networks use general purpose programmable packet processors. The customization of routers introduces increased vulnerabilities and attacks that allow potential attackers to compromise the router. Since network routers play a key role in...
Software Defined Networking (SDN) and OpenFlow represent the most commonly deployed approaches of the so called Programmable Networks. SDN is an emerging network architecture, which performs the subdivision of control plane and data plane and allows greater speed, greater scalability, and greater ductility in terms of routing and forwarding. OpenFlow, instead, is an SDN component that characterizes...
A campus network provides a number of services to its stakeholders. Due to the complexity of having many services, it is often difficult to pinpoint an issue quickly. The currently available tools for monitoring a campus network are often designed for a specific piece of the network. On the other hand, systems administrators running a campus network with data centers and supporting a number of internal...
Troubleshooting network outages is a complex and time-consuming process. Network administrators are typically overwhelmed with large volumes of monitoring data, like NetFlow data, and are often ???left alone???, fighting problems with very basic debugging tools, like ping and traceroute. Distributed network traffic monitoring and intelligent correlation of data from different Internet locations are...
Cloud computing promises to reshape the way IT service is produced and consumed by virtualizing computing resources. As if cloud providers offer virtualized CPU and storage resources via machine virtualization and distributed storage technologies respectively, the providers wish to offer to their customers' virtual networks running on the cloud. With cloud-based virtual networks (CVNs), cloud customers...
In large network environment, in the application of Etrust Intrusion Detection and Netflow Analysis, we need to solve the following problems: data type and acquisition method. An overall comparison between 4 current netflow acquisition technologies based on flow is made in this paper from network application level, flow data comprehensiveness, data acquisition protocol, installation and deployment...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.