Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified ne...Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.展开更多
针对支持网络功能虚拟化(Network Function Virtualization,NFV)的软件定义网络(SDN)中,单播请求流通常需要由多个虚拟网络功能(Virtual Network Functions,VNFs)依序组成的服务功能链(Service Function Chain,SFC)进行处理。首先联合考...针对支持网络功能虚拟化(Network Function Virtualization,NFV)的软件定义网络(SDN)中,单播请求流通常需要由多个虚拟网络功能(Virtual Network Functions,VNFs)依序组成的服务功能链(Service Function Chain,SFC)进行处理。首先联合考虑VNF动态放置,多资源及QoS约束,以最小化资源消耗成本及自动确保网络负载均衡为目标定义了动态的SFC部署问题。接着设计考虑边际成本的资源相对成本函数并利用整数线性规划对该问题建模。然后,创新地设计了一个动态辅助边权图并基于拉格朗日松弛方法构建具有自动负载均衡的服务功能链嵌入算法(SFC Embedding Algorithm,SFC-EA)对原问题求解。仿真结果表明,SFC-EA能有效解决多资源及多QoS约束下的SFC顺序嵌入这个NP难问题,并能自动确保网络负载均衡,提高网络吞吐量和流接受率。展开更多
数据中心作为人工智能新兴技术得以发展和应用的前提和基础,不仅关系服务器与存储器等设备的工作效率,还对保障业务的连续性起着重要作用。将SDN(Software Defined Network,软件定义网络)技术和NFV(Network Function Virtualization,网...数据中心作为人工智能新兴技术得以发展和应用的前提和基础,不仅关系服务器与存储器等设备的工作效率,还对保障业务的连续性起着重要作用。将SDN(Software Defined Network,软件定义网络)技术和NFV(Network Function Virtualization,网络功能虚拟化)技术引入数据中心网络建设,可实现灵活组网,在满足安全要求的多租户环境下,能更好地为数据中心业务发展提供支持。文章围绕SDN和NFV技术在数据中心的实践、SDN与NFV技术的差异以及SDN和NFV技术在数据中心应用中存在的挑战等方面展开阐述和分析,可为数据中心的网络重构提供新思路。展开更多
The development of the Next-Generation Wireless Network(NGWN)is becoming a reality.To conduct specialized processes more,rapid network deployment has become essential.Methodologies like Network Function Virtualization...The development of the Next-Generation Wireless Network(NGWN)is becoming a reality.To conduct specialized processes more,rapid network deployment has become essential.Methodologies like Network Function Virtualization(NFV),Software-Defined Networks(SDN),and cloud computing will be crucial in addressing various challenges that 5G networks will face,particularly adaptability,scalability,and reliability.The motivation behind this work is to confirm the function of virtualization and the capabilities offered by various virtualization platforms,including hypervisors,clouds,and containers,which will serve as a guide to dealing with the stimulating environment of 5G.This is particularly crucial when implementing network operations at the edge of 5G networks,where limited resources and prompt user responses are mandatory.Experimental results prove that containers outperform hypervisor-based virtualized infrastructure and cloud platforms’latency and network throughput at the expense of higher virtualized processor use.In contrast to public clouds,where a set of rules is created to allow only the appropriate traffic,security is still a problem with containers.展开更多
Edge intelligence brings the deployment of applied deep learning(DL)models in edge computing systems to alleviate the core backbone network congestions.The setup of programmable software-defined networking(SDN)control...Edge intelligence brings the deployment of applied deep learning(DL)models in edge computing systems to alleviate the core backbone network congestions.The setup of programmable software-defined networking(SDN)control and elastic virtual computing resources within network functions virtualization(NFV)are cooperative for enhancing the applicability of intelligent edge softwarization.To offer advancement for multi-dimensional model task offloading in edge networks with SDN/NFV-based control softwarization,this study proposes a DL mechanism to recommend the optimal edge node selection with primary features of congestion windows,link delays,and allocatable bandwidth capacities.Adaptive partial task offloading policy considered the DL-based recommendation to modify efficient virtual resource placement for minimizing the completion time and termination drop ratio.The optimization problem of resource placement is tackled by a deep reinforcement learning(DRL)-based policy following the Markov decision process(MDP).The agent observes the state spaces and applies value-maximized action of available computation resources and adjustable resource allocation steps.The reward formulation primarily considers taskrequired computing resources and action-applied allocation properties.With defined policies of resource determination,the orchestration procedure is configured within each virtual network function(VNF)descriptor using topology and orchestration specification for cloud applications(TOSCA)by specifying the allocated properties.The simulation for the control rule installation is conducted using Mininet and Ryu SDN controller.Average delay and task delivery/drop ratios are used as the key performance metrics.展开更多
软件定义网络(software-defined networking,SDN)和网络功能虚拟化(network function virtualization,NFV)为电力物联网业务编排提供了实现方法。针对电力物联网时延敏感业务编排问题,首先,提出基于SDN/NFV的电力物联网业务编排架构,满...软件定义网络(software-defined networking,SDN)和网络功能虚拟化(network function virtualization,NFV)为电力物联网业务编排提供了实现方法。针对电力物联网时延敏感业务编排问题,首先,提出基于SDN/NFV的电力物联网业务编排架构,满足定制化需求。然后,考虑多虚拟网络功能(virtual network function,VNF)嵌入、服务功能链(service function chain,SFC)有序性、以及电磁干扰影响,提出基于升价匹配的多阶段多对一VNF嵌入(pricing matching-based multi-phase many to one VNF embedding,PMVE)算法,在每个阶段实现不同SFC链上排序相同的VNF集合与物理节点集合间的匹配,从而最小化业务服务总时延。最后,通过算例验证了方法的可行性和有效性,仿真结果表明,相较于传统的双边匹配算法,所提算法可降低业务服务总时延29.9%、降低平均等待时延36.1%,保障电力物联网时延敏感业务需求。展开更多
Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for s...Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.展开更多
基金This work was funded by the Deanship of Scientific Research at Jouf University under Grant Number(DSR2022-RG-0102).
文摘Software Defined Network(SDN)and Network Function Virtualization(NFV)technology promote several benefits to network operators,including reduced maintenance costs,increased network operational performance,simplified network lifecycle,and policies management.Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration(NFV MANO),and malicious attacks in different scenarios disrupt the NFV Orchestrator(NFVO)and Virtualized Infrastructure Manager(VIM)lifecycle management related to network services or individual Virtualized Network Function(VNF).This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users.An anomaly detector investigates these identified risks and provides secure network services.It enables virtual network security functions and identifies anomalies in Kubernetes(a cloud-based platform).For training and testing purpose of the proposed approach,an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf,Neptune,Teardrop,Pod,Land,IPsweep,etc.,categorized as Probing(Prob),Denial of Service(DoS),User to Root(U2R),and Remote to User(R2L)attacks.An anomaly detector is anticipated with the capabilities of a Machine Learning(ML)technique,making use of supervised learning techniques like Logistic Regression(LR),Support Vector Machine(SVM),Random Forest(RF),Naïve Bayes(NB),and Extreme Gradient Boosting(XGBoost).The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes.RF classifier has shown better outcomes(99.90%accuracy)than other classifiers in detecting anomalies/intrusions in the containerized environment.
文摘针对支持网络功能虚拟化(Network Function Virtualization,NFV)的软件定义网络(SDN)中,单播请求流通常需要由多个虚拟网络功能(Virtual Network Functions,VNFs)依序组成的服务功能链(Service Function Chain,SFC)进行处理。首先联合考虑VNF动态放置,多资源及QoS约束,以最小化资源消耗成本及自动确保网络负载均衡为目标定义了动态的SFC部署问题。接着设计考虑边际成本的资源相对成本函数并利用整数线性规划对该问题建模。然后,创新地设计了一个动态辅助边权图并基于拉格朗日松弛方法构建具有自动负载均衡的服务功能链嵌入算法(SFC Embedding Algorithm,SFC-EA)对原问题求解。仿真结果表明,SFC-EA能有效解决多资源及多QoS约束下的SFC顺序嵌入这个NP难问题,并能自动确保网络负载均衡,提高网络吞吐量和流接受率。
文摘数据中心作为人工智能新兴技术得以发展和应用的前提和基础,不仅关系服务器与存储器等设备的工作效率,还对保障业务的连续性起着重要作用。将SDN(Software Defined Network,软件定义网络)技术和NFV(Network Function Virtualization,网络功能虚拟化)技术引入数据中心网络建设,可实现灵活组网,在满足安全要求的多租户环境下,能更好地为数据中心业务发展提供支持。文章围绕SDN和NFV技术在数据中心的实践、SDN与NFV技术的差异以及SDN和NFV技术在数据中心应用中存在的挑战等方面展开阐述和分析,可为数据中心的网络重构提供新思路。
基金supported by Future University Researchers Supporting Project Number FUESP-2020/48 at Future University in Egypt,New Cairo 11845,Egypt.
文摘The development of the Next-Generation Wireless Network(NGWN)is becoming a reality.To conduct specialized processes more,rapid network deployment has become essential.Methodologies like Network Function Virtualization(NFV),Software-Defined Networks(SDN),and cloud computing will be crucial in addressing various challenges that 5G networks will face,particularly adaptability,scalability,and reliability.The motivation behind this work is to confirm the function of virtualization and the capabilities offered by various virtualization platforms,including hypervisors,clouds,and containers,which will serve as a guide to dealing with the stimulating environment of 5G.This is particularly crucial when implementing network operations at the edge of 5G networks,where limited resources and prompt user responses are mandatory.Experimental results prove that containers outperform hypervisor-based virtualized infrastructure and cloud platforms’latency and network throughput at the expense of higher virtualized processor use.In contrast to public clouds,where a set of rules is created to allow only the appropriate traffic,security is still a problem with containers.
基金This work was funded by BK21 FOUR(Fostering Outstanding Universities for Research)(No.5199990914048)this research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(NRF-2020R1I1A3066543).In addition,this work was supported by the Soonchunhyang University Research Fund.
文摘Edge intelligence brings the deployment of applied deep learning(DL)models in edge computing systems to alleviate the core backbone network congestions.The setup of programmable software-defined networking(SDN)control and elastic virtual computing resources within network functions virtualization(NFV)are cooperative for enhancing the applicability of intelligent edge softwarization.To offer advancement for multi-dimensional model task offloading in edge networks with SDN/NFV-based control softwarization,this study proposes a DL mechanism to recommend the optimal edge node selection with primary features of congestion windows,link delays,and allocatable bandwidth capacities.Adaptive partial task offloading policy considered the DL-based recommendation to modify efficient virtual resource placement for minimizing the completion time and termination drop ratio.The optimization problem of resource placement is tackled by a deep reinforcement learning(DRL)-based policy following the Markov decision process(MDP).The agent observes the state spaces and applies value-maximized action of available computation resources and adjustable resource allocation steps.The reward formulation primarily considers taskrequired computing resources and action-applied allocation properties.With defined policies of resource determination,the orchestration procedure is configured within each virtual network function(VNF)descriptor using topology and orchestration specification for cloud applications(TOSCA)by specifying the allocated properties.The simulation for the control rule installation is conducted using Mininet and Ryu SDN controller.Average delay and task delivery/drop ratios are used as the key performance metrics.
文摘软件定义网络(software-defined networking,SDN)和网络功能虚拟化(network function virtualization,NFV)为电力物联网业务编排提供了实现方法。针对电力物联网时延敏感业务编排问题,首先,提出基于SDN/NFV的电力物联网业务编排架构,满足定制化需求。然后,考虑多虚拟网络功能(virtual network function,VNF)嵌入、服务功能链(service function chain,SFC)有序性、以及电磁干扰影响,提出基于升价匹配的多阶段多对一VNF嵌入(pricing matching-based multi-phase many to one VNF embedding,PMVE)算法,在每个阶段实现不同SFC链上排序相同的VNF集合与物理节点集合间的匹配,从而最小化业务服务总时延。最后,通过算例验证了方法的可行性和有效性,仿真结果表明,相较于传统的双边匹配算法,所提算法可降低业务服务总时延29.9%、降低平均等待时延36.1%,保障电力物联网时延敏感业务需求。
基金This work was partly supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT),(No.2020-0-00952,Development of 5G edge security technology for ensuring 5G+service stability and availability,50%)the Institute of Information and Communications Technology Planning and Evaluation(IITP)grant funded by the MSIT(Ministry of Science and ICT),Korea(No.IITP-2022-2020-0-01602,ITRC(Information Technology Research Center)support program,50%).
文摘Nowadays,with the significant growth of the mobile market,security issues on the Android Operation System have also become an urgent matter.Trusted execution environment(TEE)technologies are considered an option for satisfying the inviolable property by taking advantage of hardware security.However,for Android,TEE technologies still contain restrictions and limitations.The first issue is that non-original equipment manufacturer developers have limited access to the functionality of hardware-based TEE.Another issue of hardware-based TEE is the cross-platform problem.Since every mobile device supports different TEE vendors,it becomes an obstacle for developers to migrate their trusted applications to other Android devices.A software-based TEE solution is a potential approach that allows developers to customize,package and deliver the product efficiently.Motivated by that idea,this paper introduces a VTEE model,a software-based TEE solution,on Android devices.This research contributes to the analysis of the feasibility of using a virtualized TEE on Android devices by considering two metrics:computing performance and security.The experiment shows that the VTEE model can host other software-based TEE services and deliver various cryptography TEE functions on theAndroid environment.The security evaluation shows that adding the VTEE model to the existing Android does not addmore security issues to the traditional design.Overall,this paper shows applicable solutions to adjust the balance between computing performance and security.