Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844085
Sanaz Mohammadi, D. Colle, W. Tavernier
Time-Sensitive Networking (TSN) is a set of standards currently being defined by the IEEE 802.1 Time-Sensitive Networking Task Group [1] for Real-Time behavior in the network. Software-Defined Networking (SDN) provides a good solution for implementing TSN networks due to its characteristics such as run-time flexibility, benefits in management, cost efficiency, and performance. For achieving Real-Time behavior in TSN networks, the high-priority traffic should be scheduled precisely to fulfill its timing requirements. For this purpose, in SDN-based implementation, the control plane must have a good knowledge of the network topology and the delay in the network to be able to schedule the traffic. In this paper, we propose a topology discovery mechanism for the Central Network Controller (CNC) in TSNs based on the Link Layer Discovery Protocol (LLDP) able to discover accurate link latency characteristics as required for time-aware scheduling without relying on external time synchronization protocols such as PTP. We evaluate its feasibility and assess its performance in terms of required bandwidth and achieved accuracy.
{"title":"Latency-aware Topology Discovery in SDN-based Time-Sensitive Networks","authors":"Sanaz Mohammadi, D. Colle, W. Tavernier","doi":"10.1109/NetSoft54395.2022.9844085","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844085","url":null,"abstract":"Time-Sensitive Networking (TSN) is a set of standards currently being defined by the IEEE 802.1 Time-Sensitive Networking Task Group [1] for Real-Time behavior in the network. Software-Defined Networking (SDN) provides a good solution for implementing TSN networks due to its characteristics such as run-time flexibility, benefits in management, cost efficiency, and performance. For achieving Real-Time behavior in TSN networks, the high-priority traffic should be scheduled precisely to fulfill its timing requirements. For this purpose, in SDN-based implementation, the control plane must have a good knowledge of the network topology and the delay in the network to be able to schedule the traffic. In this paper, we propose a topology discovery mechanism for the Central Network Controller (CNC) in TSNs based on the Link Layer Discovery Protocol (LLDP) able to discover accurate link latency characteristics as required for time-aware scheduling without relying on external time synchronization protocols such as PTP. We evaluate its feasibility and assess its performance in terms of required bandwidth and achieved accuracy.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114252456","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844048
Mehul Sharma, Ujjwal Pawar, A. Franklin, T. B. Reddy
The rapid growth in mobile network traffic and dynamic user mobility patterns have propelled network operators toward the Cloud-Radio Access Network (C-RAN) to reduce operational costs and improve service quality. C-RAN handles the traffic and mobility issues in a centralized manner by segregating the central units (CUs) from the distributed units (DUs) in a shared CU pool. The ability of C-RAN to map multiple DUs to the same CU allows optimal coverage with high multiplexing gains, using the least number of CUs. However, dynamically mapping DUs to CUs is not trivial since the network traffic and mobility patterns are difficult to predict. This paper presents a two-phase framework for an optimal city-wide C-RAN network. In the first phase, we propose to use the ConvLSTM model, which simultaneously learns the hidden spatial and temporal dependencies in a real-world dataset and makes accurate traffic forecasts for a future duration of time. In the second phase, we use the predicted traffic from the first phase to develop a proactive optimal DU-CU clustering scheme that is cost-effective and meets quality objectives. We first formulate an optimization problem, and later, to reduce the computational complexity of the optimization, we propose a lightweight heuristic algorithm. Finally, we evaluate the performance of our prediction model and the mapping scheme using a two-month real-world mobile network dataset of Milan, Italy. Based on simulation results of phase one, we observe the ConvLSTM model, when deployed in a C-RAN architecture, outperforms existing state-of-the-art prediction models with up to 26% better RMSE (Root Mean Square Error) and up to 36% better MAPE (Mean Absolute Percentage Error) values. Similarly, in phase two, our simulation results show that compared to reactive threshold-based clustering, proactive clustering can reduce the average number of active CU servers by up to 18% every 10 minutes without overloading.
{"title":"Proactive Clustering of Base Stations in 5GC-RAN using Cellular Traffic Prediction","authors":"Mehul Sharma, Ujjwal Pawar, A. Franklin, T. B. Reddy","doi":"10.1109/NetSoft54395.2022.9844048","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844048","url":null,"abstract":"The rapid growth in mobile network traffic and dynamic user mobility patterns have propelled network operators toward the Cloud-Radio Access Network (C-RAN) to reduce operational costs and improve service quality. C-RAN handles the traffic and mobility issues in a centralized manner by segregating the central units (CUs) from the distributed units (DUs) in a shared CU pool. The ability of C-RAN to map multiple DUs to the same CU allows optimal coverage with high multiplexing gains, using the least number of CUs. However, dynamically mapping DUs to CUs is not trivial since the network traffic and mobility patterns are difficult to predict. This paper presents a two-phase framework for an optimal city-wide C-RAN network. In the first phase, we propose to use the ConvLSTM model, which simultaneously learns the hidden spatial and temporal dependencies in a real-world dataset and makes accurate traffic forecasts for a future duration of time. In the second phase, we use the predicted traffic from the first phase to develop a proactive optimal DU-CU clustering scheme that is cost-effective and meets quality objectives. We first formulate an optimization problem, and later, to reduce the computational complexity of the optimization, we propose a lightweight heuristic algorithm. Finally, we evaluate the performance of our prediction model and the mapping scheme using a two-month real-world mobile network dataset of Milan, Italy. Based on simulation results of phase one, we observe the ConvLSTM model, when deployed in a C-RAN architecture, outperforms existing state-of-the-art prediction models with up to 26% better RMSE (Root Mean Square Error) and up to 36% better MAPE (Mean Absolute Percentage Error) values. Similarly, in phase two, our simulation results show that compared to reactive threshold-based clustering, proactive clustering can reduce the average number of active CU servers by up to 18% every 10 minutes without overloading.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128011821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844091
Chung-Horng Lung, Hesham Elbakoury
Energy efficiency for network devices becomes an important topic, as they consume a significantly amount of energy. Various techniques have been proposed to address energy-aware traffic engineering (TE), including Segment Routing (SR) and Software-defined Networking (SDN), which provide lower operational complexity and higher flexibility. However, existing approaches have not exploited some evolving SR and SDN features for efficient TE, e.g., path computation, sub-50 msec protection, and local/global segments. Consequently, those approaches result in higher complexity or extra overhead. This paper provides a holistic view of green TE using evolving SDN and SR-specific features without adding much additional computational tasks, and also considers SR segment processing overhead for energy efficiency. The proposed approach can simplify green TE by reusing SR features and improve energy efficiency and robustness.
{"title":"Exploiting Segment Routing and SDN Features for Green Traffic Engineering","authors":"Chung-Horng Lung, Hesham Elbakoury","doi":"10.1109/NetSoft54395.2022.9844091","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844091","url":null,"abstract":"Energy efficiency for network devices becomes an important topic, as they consume a significantly amount of energy. Various techniques have been proposed to address energy-aware traffic engineering (TE), including Segment Routing (SR) and Software-defined Networking (SDN), which provide lower operational complexity and higher flexibility. However, existing approaches have not exploited some evolving SR and SDN features for efficient TE, e.g., path computation, sub-50 msec protection, and local/global segments. Consequently, those approaches result in higher complexity or extra overhead. This paper provides a holistic view of green TE using evolving SDN and SR-specific features without adding much additional computational tasks, and also considers SR segment processing overhead for energy efficiency. The proposed approach can simplify green TE by reusing SR features and improve energy efficiency and robustness.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130913763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844122
M. Repetto, G. Lamanna
Effective attack detection and security analytics rely on the availability of timely and fine-grained information about the evolving context of the protected environment. The data handling process entails collection from heterogeneous sources, local aggregation and transformation operations before transmission, and finally collection and delivery to multiple processing engines for analysis and correlation. Many Security Information and Event Management (SIEM) tools work according to the “funnel” principle: gather as much data as possible and then filter it to keep the relevant information. However, this might lead to unacceptable overhead, especially when monitoring containerized environments. As part of our activity in ASTRID, we therefore conducted experimental investigation on resource consumption of the data handling pipeline, starting from embedded agents up to delivery to the Context Broker.
{"title":"Evaluation of the data handling pipeline of the ASTRID framework","authors":"M. Repetto, G. Lamanna","doi":"10.1109/NetSoft54395.2022.9844122","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844122","url":null,"abstract":"Effective attack detection and security analytics rely on the availability of timely and fine-grained information about the evolving context of the protected environment. The data handling process entails collection from heterogeneous sources, local aggregation and transformation operations before transmission, and finally collection and delivery to multiple processing engines for analysis and correlation. Many Security Information and Event Management (SIEM) tools work according to the “funnel” principle: gather as much data as possible and then filter it to keep the relevant information. However, this might lead to unacceptable overhead, especially when monitoring containerized environments. As part of our activity in ASTRID, we therefore conducted experimental investigation on resource consumption of the data handling pipeline, starting from embedded agents up to delivery to the Context Broker.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132855420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844034
Athanasios Liatifis, Pedro Ruzafa Alcazar, Panagiotis I. Radoglou-Grammatikis, Dimitrios Papamartzivanos, S. Menesidou, T. Krousarlis, Molinuevo Martin Alberto, Iñaki Angulo, Antonios Sarigiannidis, T. Lagkas, V. Argyriou, A. Gómez-Skarmeta, P. Sarigiannidis
The digitisation of the typical electrical grid introduces valuable services, such as pervasive control, remote monitoring and self-healing. However, despite the benefits, cybersecurity and privacy issues can result in devastating effects or even fatal accidents, given the interdependence between the energy sector and other critical infrastructures. Large-scale cyber attacks, such as Indostroyer and DragonFly have already demonstrated the weaknesses of the current electrical grid with disastrous consequences. Based on the aforementioned remarks, both academia and industry have already designed various cybersecurity standards, such as IEC 62351. However, dynamic risk assessment and certification remain crucial aspects, given the sensitive nature of the electrical grid. On the one hand, dynamic risk assessment intends to re-compute the risk value of the affected assets and their relationships in a dynamic manner based on the relevant security events and alarms. On the other hand, based on the certification process, new approach for the dynamic management of the security need to be defined in order to provide adaptive reaction to new threats. This paper presents a combined approach, showing how both aspects can be applied in a collaborative manner in the smart electrical grid.
{"title":"Dynamic Risk Assessment and Certification in the Power Grid: A Collaborative Approach","authors":"Athanasios Liatifis, Pedro Ruzafa Alcazar, Panagiotis I. Radoglou-Grammatikis, Dimitrios Papamartzivanos, S. Menesidou, T. Krousarlis, Molinuevo Martin Alberto, Iñaki Angulo, Antonios Sarigiannidis, T. Lagkas, V. Argyriou, A. Gómez-Skarmeta, P. Sarigiannidis","doi":"10.1109/NetSoft54395.2022.9844034","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844034","url":null,"abstract":"The digitisation of the typical electrical grid introduces valuable services, such as pervasive control, remote monitoring and self-healing. However, despite the benefits, cybersecurity and privacy issues can result in devastating effects or even fatal accidents, given the interdependence between the energy sector and other critical infrastructures. Large-scale cyber attacks, such as Indostroyer and DragonFly have already demonstrated the weaknesses of the current electrical grid with disastrous consequences. Based on the aforementioned remarks, both academia and industry have already designed various cybersecurity standards, such as IEC 62351. However, dynamic risk assessment and certification remain crucial aspects, given the sensitive nature of the electrical grid. On the one hand, dynamic risk assessment intends to re-compute the risk value of the affected assets and their relationships in a dynamic manner based on the relevant security events and alarms. On the other hand, based on the certification process, new approach for the dynamic management of the security need to be defined in order to provide adaptive reaction to new threats. This paper presents a combined approach, showing how both aspects can be applied in a collaborative manner in the smart electrical grid.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127849587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844116
Korian Edeline, Thomas Carlisi, J. Iurman, B. Claise, B. Donnet
Recently, Intent-Based Networking (IBN) has known an increasing interest from both the industry and research communities. IBN comes with the advantage of easily expressing the desired state of a network. In parallel, service assurance, through observability, has been becoming more prevalent to maximize the business continuity. In that spirit, Service Assurance in Intent-based Networking (Sain), is under standardization at the IETF and proposes a general framework towards closed-loop automation for service assurance. This paper introduces the Diagnostic Agent (DxAgent), an open-source Sain implementation whose purpose is to determine symptoms and health levels of the different subservices of a network service. As such, the DxAgent appears as a first step towards closed-loop automation for service assurance. This paper describes the DxAgent implementation and demonstrates its efficiency through use cases.
{"title":"Towards a Closed-Looped Automation for Service Assurance with the DxAgent","authors":"Korian Edeline, Thomas Carlisi, J. Iurman, B. Claise, B. Donnet","doi":"10.1109/NetSoft54395.2022.9844116","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844116","url":null,"abstract":"Recently, Intent-Based Networking (IBN) has known an increasing interest from both the industry and research communities. IBN comes with the advantage of easily expressing the desired state of a network. In parallel, service assurance, through observability, has been becoming more prevalent to maximize the business continuity. In that spirit, Service Assurance in Intent-based Networking (Sain), is under standardization at the IETF and proposes a general framework towards closed-loop automation for service assurance. This paper introduces the Diagnostic Agent (DxAgent), an open-source Sain implementation whose purpose is to determine symptoms and health levels of the different subservices of a network service. As such, the DxAgent appears as a first step towards closed-loop automation for service assurance. This paper describes the DxAgent implementation and demonstrates its efficiency through use cases.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115393753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844106
Csaba Györgyi, Károly Kecskeméti, Hiba Mallouhi, Péter Vörös, S. Laki
A new phenomenon called in-network computing has recently emerged with the aim of offloading calculations beyond the traditional task of packet forwarding to network switches. One of the most studied in-network computing applications is processing of sensor data streams. Existing works such as FastReact focus on solving this problem using flexible SmartNICs. In this paper, we propose NETREACT: an improved ASIC-oriented design for distributed event detection in sensor data streams to achieve a disaggregated processing pipeline. In contrast to existing approaches, NETREACT distributes the event detection task among a set of switches while leveraging the capabilities of the Intel Tofino platform in terms of boosting throughput and reducing latency. The proposed event-rule disaggregation method has the advantage of overcoming the hardware resource constraints and improving the overall network performance.
{"title":"NETREACT: Distributed Event Detection in Sensor Data Streams with Disaggregated Packet Processing Pipelines","authors":"Csaba Györgyi, Károly Kecskeméti, Hiba Mallouhi, Péter Vörös, S. Laki","doi":"10.1109/NetSoft54395.2022.9844106","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844106","url":null,"abstract":"A new phenomenon called in-network computing has recently emerged with the aim of offloading calculations beyond the traditional task of packet forwarding to network switches. One of the most studied in-network computing applications is processing of sensor data streams. Existing works such as FastReact focus on solving this problem using flexible SmartNICs. In this paper, we propose NETREACT: an improved ASIC-oriented design for distributed event detection in sensor data streams to achieve a disaggregated processing pipeline. In contrast to existing approaches, NETREACT distributes the event detection task among a set of switches while leveraging the capabilities of the Intel Tofino platform in terms of boosting throughput and reducing latency. The proposed event-rule disaggregation method has the advantage of overcoming the hardware resource constraints and improving the overall network performance.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116844628","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844068
Amir Mohamad, H. Hassanein
The increasing demand on real-time and time-critical applications such as augmented reality, virtual reality, collision avoidance and industrial IoT, is fuelled by the low-latency promised by next-generation mobile networks (5G). Time-critical applications and services are real-time software whose failure could result in catastrophic consequences such as fatalities, damage to property, even financial losses. Edge computing is the main enabler of 5G ultra-low latency use cases. Edge resources are limited compared to the abundant cloud computing resources. As such, provisioning time-critical applications at the edge is more challenging and demanding. Even though virtual network function (VNF) sharing improves the utilization of the service providers’ resources, service requests -including time-critical ones- can still be rejected due to insufficient resources. This paper proposes IPTSV, an immediate placement scheme for time-critical services with VNF sharing. The proposed scheme prioritizes time-critical premium (Pr) services over best-effort (BE) services. In cases when no resources are available for Pr services, a preemption mechanism preempts resources for the Pr service, by deporting one or more deployed BE services. The experimental results show that IPTSV can reduce the Pr services rejection rate to $sim 0%$, while minimizing the disturbance that BE services might witness such as prolonged waiting and turnaround times.
{"title":"At the Edge? Wait no More: Immediate Placement of Time-Critical SFCs with VNF Sharing","authors":"Amir Mohamad, H. Hassanein","doi":"10.1109/NetSoft54395.2022.9844068","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844068","url":null,"abstract":"The increasing demand on real-time and time-critical applications such as augmented reality, virtual reality, collision avoidance and industrial IoT, is fuelled by the low-latency promised by next-generation mobile networks (5G). Time-critical applications and services are real-time software whose failure could result in catastrophic consequences such as fatalities, damage to property, even financial losses. Edge computing is the main enabler of 5G ultra-low latency use cases. Edge resources are limited compared to the abundant cloud computing resources. As such, provisioning time-critical applications at the edge is more challenging and demanding. Even though virtual network function (VNF) sharing improves the utilization of the service providers’ resources, service requests -including time-critical ones- can still be rejected due to insufficient resources. This paper proposes IPTSV, an immediate placement scheme for time-critical services with VNF sharing. The proposed scheme prioritizes time-critical premium (Pr) services over best-effort (BE) services. In cases when no resources are available for Pr services, a preemption mechanism preempts resources for the Pr service, by deporting one or more deployed BE services. The experimental results show that IPTSV can reduce the Pr services rejection rate to $sim 0%$, while minimizing the disturbance that BE services might witness such as prolonged waiting and turnaround times.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128309840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844059
Tom Tuunainen, Olli Isohanni, Mitha Rachel Jose
In the world of Internet of Things (IoT) the increase in number of devices and their applications are increasingly diversified. In order to improve the overall security in IoT we need to emphasize the aspects of network traffic security. One way to monitor the network traffic is to detect network anomalies. In this study, we will examine the application of netspot to find the anomalies in IoT network traffic. Netspot is an implementation of the Streaming Peaks Over Threshold (SPOT) algorithm and this study proved that the anomalies can be identified through statistics that netspot calculates and monitor from the traffic of a low network activity. We examined that the tested solution is efficient and it can be used in environments that have moderate computing resources. After analyzing with SPOT algorithm, the result is purely statistical and it is minimal. This study also demonstrates some issues that have arisen when netspot is initialized in a network with low activities.
{"title":"An application of Netspot to Detect Anomalies in IoT","authors":"Tom Tuunainen, Olli Isohanni, Mitha Rachel Jose","doi":"10.1109/NetSoft54395.2022.9844059","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844059","url":null,"abstract":"In the world of Internet of Things (IoT) the increase in number of devices and their applications are increasingly diversified. In order to improve the overall security in IoT we need to emphasize the aspects of network traffic security. One way to monitor the network traffic is to detect network anomalies. In this study, we will examine the application of netspot to find the anomalies in IoT network traffic. Netspot is an implementation of the Streaming Peaks Over Threshold (SPOT) algorithm and this study proved that the anomalies can be identified through statistics that netspot calculates and monitor from the traffic of a low network activity. We examined that the tested solution is efficient and it can be used in environments that have moderate computing resources. After analyzing with SPOT algorithm, the result is purely statistical and it is minimal. This study also demonstrates some issues that have arisen when netspot is initialized in a network with low activities.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130023309","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-06-27DOI: 10.1109/NetSoft54395.2022.9844051
Marco Häberle, Benjamin Steinert, Michael Weiss, M. Menth
Service Functions (SFs) are intermediate processing nodes on the path of IP packets. With SF chaining (SFC), packets can be steered to multiple physical or virtual SFs in a specific order. SFC-unaware SFs can be used flexibly but they do not support SFC-specific encapsulation of packets. Therefore, an SFC proxy needs to remove the encapsulation of a packet before processing by an SFC-unaware SF, and to add it again afterwards. Such an SFC proxy typically runs on a server hosting virtual network functions (VNFs) that serve as SFs. Simple SFC proxies adapt a flow-specific static header stack. That is, each VNF requires an own SFC proxy, and the proxy cannot be extended to support per-packet metadata in the SFC encapsulation. The caching SFC proxy presented in this work caches packet-specific headers while packets are processed by a VNF, i.e., packet-specific header information is preserved. We present concept, use cases, and an eBPF-based implementation of the caching SFC proxy. In addition, we evaluate the performance of a prototype.
sf (Service function)是IP报文路径上的中间处理节点。通过SF链(SFC),数据包可以按照特定的顺序被引导到多个物理或虚拟SF。不支持sfc的SFs可以灵活使用,但不支持sfc特定的数据包封装。因此,在不支持SFC的SF处理报文之前,SFC代理需要先去掉报文的封装,然后再添加。这种SFC代理通常运行在托管充当SFs的虚拟网络功能(VNFs)的服务器上。简单的SFC代理适应特定于流的静态报头堆栈。也就是说,每个VNF需要一个自己的SFC代理,并且代理不能扩展到支持SFC封装中的逐包元数据。本工作中提出的缓存SFC代理在VNF处理数据包时缓存特定于数据包的报头,即保留特定于数据包的报头信息。我们提出了缓存SFC代理的概念、用例和基于ebpf的实现。此外,我们还评估了原型的性能。
{"title":"A Caching SFC Proxy Based on eBPF","authors":"Marco Häberle, Benjamin Steinert, Michael Weiss, M. Menth","doi":"10.1109/NetSoft54395.2022.9844051","DOIUrl":"https://doi.org/10.1109/NetSoft54395.2022.9844051","url":null,"abstract":"Service Functions (SFs) are intermediate processing nodes on the path of IP packets. With SF chaining (SFC), packets can be steered to multiple physical or virtual SFs in a specific order. SFC-unaware SFs can be used flexibly but they do not support SFC-specific encapsulation of packets. Therefore, an SFC proxy needs to remove the encapsulation of a packet before processing by an SFC-unaware SF, and to add it again afterwards. Such an SFC proxy typically runs on a server hosting virtual network functions (VNFs) that serve as SFs. Simple SFC proxies adapt a flow-specific static header stack. That is, each VNF requires an own SFC proxy, and the proxy cannot be extended to support per-packet metadata in the SFC encapsulation. The caching SFC proxy presented in this work caches packet-specific headers while packets are processed by a VNF, i.e., packet-specific header information is preserved. We present concept, use cases, and an eBPF-based implementation of the caching SFC proxy. In addition, we evaluate the performance of a prototype.","PeriodicalId":125799,"journal":{"name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127264682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: