International Journal of Network Management最新文献

A network incorporates nodes, and each node can communicate with each other through some links. An efficient way to maintain the communication between nodes is to divide a network into several subnetworks, called clusters. We have developed a new clustering algorithm and applied our method for the controller placement in software-defined networks (SDNs). Placing a controller in its appropriate location by balancing the loads and optimizing the latency even in case of a failure scenario becomes a challenging task. Thus, we have proposed a multi-controller placement algorithm that can minimize the average (Sw-Co) latency in such a way that the network switches are fairly distributed over clusters. This distribution helps to balance loads of switches among controllers even in the case of a controller failure scenario. We have also simulated three other existing algorithms for comparison. Experiment results show that our algorithm is a cost-effective solution as compared with other existing algorithms. We have also shown that our proposed method balanced loads of switches between controllers in a SDN network and generates lower average (Sw-Co) latency with and without a controller failure.

Software vulnerability is a fundamental problem in cybersecurity, which poses severe threats to the secure operation of devices and systems. In this paper, we propose a new vulnerability detection framework of employing advanced neural embedding. For example, CodeBERT is a large-scale pre-trained embedding model for natural language and programming language. It achieves state-of-the-art performance on various natural language processing and code analysis tasks, demonstrating improved generalization ability compared with conventional models. The proposed framework encapsulates CodeBERT as a code representation generator and combines it with transfer learning to conduct cross-project vulnerability detection. Considering the problem of lacking code embedding models on C source code, we extract the knowledge from C source code to fine-tune the pre-trained embedding model, so as to better facilitate the detection of function-level vulnerabilities in C open-source projects. To address the severe data imbalance issue in real-world scenarios, we introduce code argumentation idea and use a large number of synthetic vulnerability data to further improve the robustness of the detection method. Experimental results show that the proposed vulnerability detection framework achieves better performance than existing methods.

Network resource scheduling and optimization require the acquisition of status information as a basis. High-cost solutions lead to more resource consumption but only bring negligible benefits. To address this challenge, this paper proposes a novel statistics collection method adapted to OpenFlow-based SDN, which can reduce the measurement cost while ensuring the statistical accuracy. First, based on the complex network theory, we propose multi-path weighted closeness centrality (MWCC) to perform importance ranking on network switching nodes, which helps us select top-k key nodes for statistical collection to reduce the overhead. Second, we propose an adaptive flow rule timeout mechanism AFRT. AFRT continuously optimizes the rule timeout values based on statistical results, further balancing flow table overhead and statistical accuracy. A series of simulation results on real network topologies verify the superiority of the proposed method in terms of communication cost, statistical accuracy, and time consumption, compared with the existing representative methods.

When organizations need to collaborate urgently, for example, in the case of an emergency situation, it is needed to deploy software components into the different domains in order to allow crucial data to be exchanged. The ad hoc aspect is important as it does not allow the participating organizations to negotiate entire workflows and/or contracts upfront. To enable these ad hoc cross-organizational collaborations, a container orchestration platform, like Kubernetes, can be used to quickly deploy pods of containers in a cross-organizational overlay network, even fully automated. Although this is technically feasible, there may be a trust issue from the perspective of a participating organization when an external organization is capable of deploying any software inside its network domain. This concern is examined and resolved in this article, by proposing an extension to the existing deployment scheme used in vanilla Kubernetes. It allows the participating organizations to assess whether a suggested deployment conforms to the goal of the project and to maintain an overview of all activities related to a single collaboration. This intermediate step prevents an honest organization against potentially malicious behaviour of external entities, either the orchestrator and/or the other organizations, solving the aforementioned trust issue. Evaluation of the implemented prototype shows that a secure collaboration, which requires at most tens of containers, can be attained with sub-second deployment overheads per container, apart from the required manual interventions for trust management purposes.

One of the ways to analyze unstructured log messages from large-scale IT systems is to classify log messages with log templates generated by template generation methods. However, there is currently no common knowledge pertained to the comparison and practical use of log template generation methods because they are implemented on the basis of diverse environments. To this end, we design and implement amulog, a general log analysis framework for comparing and combining diverse log template generation methods. Amulog consists of three key functions: (1) parsing log messages into headers and segmented messages, (2) classifying the log messages using a scalable template-matching method, and (3) storing the structured data in a database. This framework helps us easily utilize time-series data corresponding to the log templates for further analysis. We evaluate amulog with a log dataset collected from a nation-wide academic network and demonstrate that it classifies the log data in a reasonable amount of time even with over 100,000 log template candidates. The template-matching method in amulog also reduces 75% processing time for template generation and keeps the accuracy when combined with an existing structure-based template generation method. In order to show the effectiveness of amulog in comparing log template generation methods, we demonstrate that the appropriate template generation methods and accuracy metrics largely depend on the purpose of further analysis by comparing the accuracy of six existing log template generation methods with 10 different accuracy metrics on amulog.

Smart grid has drawn a lot of attention and investment in recent years, which not only helps the modern generation and distribution of traditional power but also highly widens the application of renewable energy sources. However, the main challenges in the application of smart grid are 1. the privacy preservation of users' information and 2. the trustful transmission channel among peers. In order to solve these problems, VPN and blockchain can be considered since they have some features perfectly suitable for these situations. In this paper, we propose a smart grid system based on WireGuard and Hyperledger Fabric to solve the problems mentioned above. And we also implement the whole system and give a view by web application. What's more, all the functionalities are displayed and tested, including building a smart device simulator, deploying data visualization and making some performance evaluations about transactions and WireGuard communication. Experiment results show that the introduction of WireGuard into network infrastructure does not cause too much loss of bandwidth and delay, but it ensures a certain degree of communication security. And Fabric provides the consistency and traceability of transactions in smart grid system.

In the Bitcoin system, transactions and their collections (i.e., blocks) are distributed over a peer-to-peer (P2P) network (i.e., Bitcoin network) constructed by participating nodes. Each node maintains a distributed ledger (i.e., blockchain) consisting of retrieved blocks. Therefore, speedy block distribution over the Bitcoin network is essential for all nodes to reach a global consensus on the blockchain. On the other hand, Bitcoin clients are developed as open source software, and thus they can be modified by malicious users. Existing work has pointed out that an attacker can delay the block propagation between neighboring nodes by exploiting the regular timeout mechanism for unexpected slow block transfer caused by temporal network trouble. In this paper, we focus on block diffusion delay attacks, where multiple attackers collude with a specific miner (i.e., a special node that creates new blocks and broadcasts these blocks to the other miners) to disturb the propagation of blocks generated by competing miners. Through simulation experiments, we first reveal that about 30% of honest nodes cannot normally retrieve a block when there are only 1% of the nodes in the system are high-degree adversary nodes in the system. This indicates that the malicious miner colluding with the attackers can intentionally delay the diffusion of the block mined by the competing miner, so as to win the competitive block diffusion even if it loses at the competitive block mining. To alleviate the block diffusion delay attack, we propose two kinds of countermeasures: a proactive approach that is a speedy recovery method from the interruption by adjusting the timeout value and a reactive approach that is a block retrieval node selection method based on the past download rate from each neighbor. Through simulation experiments, we show the countermeasures can effectively alleviate the risk.