Fig 3 - uploaded by Abdallah Jarray
Content may be subject to copyright.
Source publication
Network virtualization provides more flexibility in network provisioning as it offers physical infrastructure providers (PIP) the possibility of smoothly rolling out many separate networks on top of an existing infrastructure. A major challenge is the embedding problem of mapping virtual networks (VNs) onto PIP infrastructure. In the literature, a...
Similar publications
As optical networks evolve towards more dynamicity and an ever more efficient and elastic spectrum utilization, a more integrated, fault tolerant and system efficient design is becoming critical. To increase efficiency of spectral resource in bit rate per Hz (bit/s/Hz), high-level modulation formats are used, challenged by the accompanying optical...
Citations
... With the support of SDN, logical networks may be changed without impacting the physical network, allowing for changes to be made in response to client needs. Through the use of programmable networking methods, the SDN helps to minimise network administration and operating costs [2]. ...
Software-Defined Networking (SDN) offers an innovative model over the separation of the data plane, control plane and management plane. This separation would result in more effective network management, including cost reductions for hardware and manpower, and the ability to deliver on-demand solutions using programmable SDN approaches. As network policy and on-demand services become more impartial, SDN is becoming more popular. However, there are safety risks associated with the SDN network due to malicious floods such as Distributed Denial of Service (DDoS) attacks and Denial of Service (DoS) attacks directed at the SDN Controller, OpenFlow Virtual Switch (OVS), and end nodes, which must be addressed. Because of these assaults, network throughput is reduced, resulting in a lapse in the availability of network services and a reduction in business operations. The main emphasis of this study is on the detection and mitigation of DDoS and DoS assaults in the SDN network, which is accomplished by the use of both unsupervised and supervised learning approaches. The use of the Dynamic Access Control List (DACL) allows for the performance of mitigation operations in the SDN network, which has been implemented using the mininet. The outcome of the experiment demonstrates that malicious (DDoS and DoS) flood is reduced as a consequence of the mitigation technique.
... It often assists with combining the available assets and splashing up the available bandwidth of passage, which is not shared by other appliances and is distributed to specific appliances in real time. Each and every channel is guarded in an unorthodox manner [1], [12], [22]. There are two forms of network virtualization: internal and external. ...
... SDN security research has significantly aided on a expansion of nodes which address safety concerns related in on usage of Open-Flow. The author [1] evaluated the proposed classifier selection model in an intrusion detection scheme by using the benchmark dataset NSL-KDD and also by applying a variety of ML strategies such as Nave Bayes, Neural network, Decision tree, SVM, and K-nearest neighbour algorithm to determine the correctness of all procedure. ...
Nowadays, building secure networks is a challenge
that challenges the computing industry growth. Because of the
rise of the internet, the threat of a distributed denial of service
attack has also grew. This can be prevented by an Intrusion
Detection Systems (IDS), which detects malicious threats and
unintended network access. The detailed analysis of the research
study is compared to the current dataset in order to detect
irregular network assaults. Classification techniques in
Machine Learning (ML) are used to identify many types of
threats. ML strategies may result in increased detection rates, a
reduction in false positive rates, and low computing and
communication costs. KDD cup99 is included in this article to
examine ML algorithms performances for implementing the
IDS. An experiment on IDS that makes use of ML algorithms
such as Naive Bayes and k-means clustering for detecting the
malicious flood.
... Cloud services are based on asset sharing to create coherence and scale economies. Cloud services have grown in popularity as a result of the availability of large networks, minimal nodes and storage nodes, and broad use of virtual machines, service-oriented architecture, and autonomous and utility technology (Ahmed 2016;Jarray and Karmouch 2013). The public cloud services are built on the Linux OS. ...
The increasing development of decentralized computer systems that interact extensively has increased the criticality of
confronting cyberattackers, hackers, and terrorists. With the development of cloud computing and its widespread use, as
well as its dispersed and decentralized character, a unique security measure is required to safeguard this architecture. By
monitoring, validating, and managing settings, records, internet traffic, usage data, as well as the operations of specific
activities, firewalls can distinguish between normal and unexpected behaviours, thus adding additional network security to
cloud computing systems. The location of network security mechanisms in cloud computing environment and also the
methods employed in such methods are the two primary aspects where many studies have concentrated their efforts. The
objective of such studies is to reveal as many incursions as feasible and to improve the pace and correctness of sensing
while minimizing false alarms. Nevertheless, these methods have a large computing burden, a poor degree of precision, and
a large time consumption. We propose an accurate and complete approach for detecting and preventing assaults in cloud
computing environment via the use of a machine learning techniques both supervised and un-supervised. The operational
findings demonstrate that the suggested approach substantially increases attack detection, network security correctness,
dependability, and accessibility in cloud computing environment, while drastically reducing false alarms.
... Most of the previous SVNE algorithms deal with the switching node failure by remapping the virtual links affected by node failure, which will increase the recovery delay and fail to find the proper path if most of the network resources of SN have been used. Thus, there are proactive approaches [25], [26] that protect VLinks from switching node failure, adopt p-Cycle technology. Jarray et al. [25] address the problem of single/multiple logical link failures caused by a single substrate node failure in switching substrate node. ...
... Also, the logical layer related to the VN topology is considered to guarantee a node failure independent path protection scheme. In [26], Jarray et al. extend the results to handle any single physical failure in the substrate by adopting pcycle protection approach in physical layer. These switching node protection approaches are mostly designed for wired networks and thus cannot adapt well to ATNs due to the wireless environment. ...
Airborne tactical networks (ATNs) are driving the promising development of Internet of battle Things (IoBT) by enabling efficient information sharing, which is impeded by the network ossification problem due to the tightly coupled network architecture. As a solution, network virtualization (NV) can solve the ossification problem by breaking the tight coupling between applications and network infrastructure for ATNs. With complex interference and malicious attacks, the application of NV is challenged by network failures when instantiating virtual networks on a shared substrate network, which is known as survivable virtual network embedding (SVNE). However, existing SVNE algorithms, mostly designed for wired networks, are not necessarily optimal for the virtualization of ATNs due to the complex wireless interference. To this end, a fault-tolerant SVNE algorithm, termed SVNE-FT, is proposed to recover virtual networks from single node failure (end or switching node failure) under the complex wireless interference. To end node failure, SVNE-FT adopts a novel node ranking approach to select reliable substrate nodes for virtual nodes and remaps the failed virtual nodes by releasing part of the substrate paths to improve the resource utilization. In addition, to switching node failure, it adopts the improved pre-configured cycle (p-Cycle) technology to augment the reliable link mapping with differentiated p-Cycles that protect switching node and reduce the resource consumption of backups. Numerical simulation results reveal that SVNE-FT outperforms typical and latest heuristic SVNE algorithms under the complex interference of ATNs. For instance, average acceptance ratio of virtual networks improves at least 12%.
... Physical hardware infrastructure, changing on a regular basis will result in high costs in terms of hardware node spending, and hardware network service administration. The SDN would have on-demand mechanisms for modifying logical networks for low operating costs in establishing physical networks [1][2][3]. With the help of an SDN interface, virtual systems may be moved from one virtual network to another virtual network without having to change the existing physical network. ...
Software defined networks (SDN) creates an environment for designing customized networks based on consumer needs. SDN can effectively apply the decoupling methods on the forwarding plane and the control plane. The SDN controller will forward the traffic information to northbound API and controller obtain the traffic information from openflow virtual switch. SDN routes data and control packets to their destinations based on flow labels, but it lacks protection features to prevent malicious traffic. The SDN environment faces denial of service (DoS) attacks and distribute denial of service attacks, it leads to service unavailability. This paper is mainly focused on dynamically configuring the firewall to identify DoS attacks and decrease malevolent traffic. Virtual networks are simulated using mininet with dynamic access control list rules, and the result show that the suggested solution has improved attack alleviation time bins.
... But network virtualizations are not guaranteed to protect the networks from new anomaly users. 3 This paper addresses the identification of new intruders and protects the network from malicious users. ...
Software‐defined networking (SDN) creates a platform to dynamically configure the networks for on‐demand services. SDN can easily control the data plane and the control plane by implementing the decoupling concept. SDN controller will regulate the traffic flow and creates the new flow label based on the packet dump received from the OpenFlow virtual switches. SDN governs both data information and control information toward the destination based on flow label, but it does not contain security measure to restrict the malicious traffic. The malicious denial‐of‐service (DoS) attack traffic is generated inside the SDN environment; it leads to the service unavailability. This paper is mainly focused on the detection of DoS attacks and also mitigates the malicious traffic by dynamically configuring the firewall. The SDN with dynamic access control list properties is emulated by mininet, and the experimental results exemplify the service unavailable gap between acceptance and rejection ratio of the packets. Software‐defined networking creates a platform to dynamically configure the networks for on‐demand services. The malicious DOS attack traffic is generated inside the SDN environment; it leads to the service unavailability. This paper is mainly focused on the detection of DoS attacks and also mitigate the malicious traffic by dynamically configuring the firewall. The SDN with dynamic ACL properties emulated by and the experimental results exemplify the service unavailable gap between acceptance and rejection ratio of the packets.
... Backup topology on substrate network is simplified in [24]. The pcycle technique combined with a column generation optimization model is adopted in [25] to provide protection against node and link failures. ...
Network virtualization permits the creation of several logical networks (virtual networks) on one shared physical network referred as the substrate network. To protect a network against single substrate link failures, fast local reroute is preferred. With the reservation of backup resources, the flows are switched quickly from primary to backup paths upon substrate link failure to ensure service continuity.
Due to the difficulty of primary and backup mappings, most of works in the literature separates the mapping of primary virtual network from the setting of backup paths. Although this approach optimizes primary resources, it can lead to inefficient protection since the existence of backup paths depends on the selected primary paths. In this paper, we propose a framework for protection-level-aware virtual network embedding which minimizes the risks of unrecoverable failures. With our propositions, the primary paths are selected among those which can be fully protected, if there is no such path, then we take the least vulnerable links in order to minimize the failure probability. For primary mapping, we propose a flexible on-line backup verification-based heuristic and a fast backup pre-verification-based heuristic. With the first heuristic, the backup path feasibility is verified on-line for each potential primary link, whereas we pre-compute for each substrate link the optimized set of backup tunnels all the backup paths in advance are deduced with the second heuristic. Simulations show that our propositions significantly reduce the substrate link failure impact on virtual networks, at the price of a slight decrease of the primary acceptance ratio.
... Xiao et al. [11] put forward a mapping algorithm with certain reliability constraints, which divided the resources required by virtual network requests into major resources and backup resources, defined the probability of fault recovery as evaluation criteria, and transformed the dynamic mapping process into integer programming problems to realise reliable virtual network mapping. Abdallah and Ahmed et al. [12] proposed a method of virtual network mapping for fault tolerance, selecting the alternative path of link mapping and protecting it. Li [13] considered the topological characteristics of underlying physical network, and defined global fragment degree. ...
To enhance system survivability when the original mapping scheme fails caused by the change of underlying infrastructures, a dynamic resource virtualisation method based on software definition network (SDN) is proposed. First of all, modelling and formalisation of dynamic resource remapping under SDN environment are constructed, which make the entity resources controlled in the network. Then, resource constraints and evaluation objectives of mapping are considered, and the remapping procedures of nodes and links are described in the case of failure of physical resources. During the process, the detachment factor is introduced as the index to evaluate whether the virtual nodes and links need to be separated, and further be allocated by the greedy algorithm reasonably and dynamically, to realise the virtual network requests. Finally, the simulation experiments are carried out and show that the proposed method is superior to other related methods in virtual request acceptance rate, resource utilisation and average waiting time of service; as a result, improving survivability under the condition that the underlying physical resources change in real time.
... It was typically employed for 1:N protection and if a link failed, the signal could still be received on the other links. Two classes of periodic VN protection against link and node failures were proposed [23]. In the physical layer, a path or segment p-cycle technique and a column generation optimization model were used. ...
Network virtualization is believed to be a promising way for the next generation Internet to overcome network ossification. It allows multiple heterogeneous virtual networks (VNs) to be embedded onto the shared substrate network (SN) to offer more flexibility and better manageability. With the increasing deployments of VNs in a variety of networks, how to protect the VNs against the single substrate link failure has become a key challenge. In this paper, we propose a survivable VN link protection method based on network coding and protection circuit (SVNLPM-NCPC). First, we provide an integer linear programming (ILP) formulation for the survivable VN link protection to maximize the long-term average revenue to cost ratio. Second, a novel protection circuit technology is introduced to augment the VN at the VN level to reduce the backup resource consumption and provide more flexible VN management. Then, an efficient heuristic virtual network embedding algorithm is developed, which makes full use of the limited resources and transforms the single substrate link protection into the single virtual link protection in multiple protection circuits. Finally, data units from different links are encoded using network coding, which not only provides 1+N protection to virtual links but also reduces the recovery delay. The evaluation results show that our method not only has the best acceptance ratio and long-term average revenue to cost ratio, but it also greatly enhances the achievable backup sharing and shortens the average network recovery delay.
... In [JK15], the p-cycle concept is applied to to protect against single node and link failure. Two approaches are proposed: (1) p-cycle-based path protection consists of protecting each embedding path by a disjoint path defined by a set of candidates p-cycles; (2) p-cycle-based virtual segment protection consists of transferring the protection of an embedding path into the protection of a set of virtual segments, where each virtual segment covers an intermediate node and two of its adjacent links used by this embedding path. ...
... Failure-recovery techniques [JK15][HKA13] consist in repairing the affected VNs after the failure occurrence by determining a backup routing. Protection mechanisms pre-compute backup paths before the failure occurs, whereas restoration performs backup path computation upon failure occurrence. ...
Network virtualization allows to create logical or virtual networks on top of a shared physical or substrate network. The resource allocation problem is an important issue in network virtualization. It corresponds to a well known problem called virtual network embedding (VNE). VNE consists in mapping each virtual node to one substrate node and each virtual link to one or several substrate paths in a way that the objective is optimized and the constraints verified. The objective often corresponds to the optimization of the node computational resources and link bandwidth whereas the constraints generally include geographic location of nodes, CPU, bandwidth, etc. In the multi-domain context where the knowledge of routing information is incomplete, the optimization of node and link resources are difficult and often impossible to achieve. Moreover, to ensure service continuity even upon failure, VNE should cope with failures by selecting the best and resilient mappings. Inthisthesis,westudytheVNEresourceallocationproblemunderdifferentrequirements. To embed a virtual network on multi-domain substrate network, we propose a joint peering and intra domain link mapping method. With reduced and limited information disclosed by the domains, our downsizing algorithm maps the intra domain and peering links in the same stage so that the resource utilization is optimized. To enhance the reliability of virtual networks, we propose a failure avoidance approach that minimizes the failure probability of virtual networks. Exact and heuristic solutions are proposed and detailed for the infinite and limited bandwidth link models. Moreover, we combine the failure avoidance with the failure protection in our novel protection-level-aware survivable VNE in order to improve the reliability. With this last approach, the protectable then the less vulnerable links are first selected for link mapping. To determine the protectable links, we propose a maxflow based heuristic that checks for the existence of backup paths during the primary mapping stage. In case of insufficient backup resources, the failure probability is reduced.
