Lyn Hill, Charalampos Rotsos, Chris Edwards, David Hutchison
The increasing demand for low-latency, high-bandwidth connectivity has introduced novel challenges to delivering strong resilience guarantees in production network environments. Closed hardware platforms, known as middleboxes, that lack visibility and support for state retention remain a key challenge for continuous service delivery during network failures. These middleboxes rarely employ recovery mechanisms of their own, inspiring renewed interest in the field of NFV in recent years due to this gap within the industry. The increasing availability of VNF capabilities in modern infrastructures offers an opportunity to exploit the flexibility of software and use hybrid architectures to improve resilience. REMEDIATE is a high-availability service that propagates state between unmodified hardware middleboxes and backup PNF or VNF appliances. The platform utilises targeted packet mirroring to allow network devices to organically construct equivalent state and thus allow an easy transition between hardware and software. To demonstrate its viability, we have evaluated REMEDIATE against a wide range of common hardware middlebox use cases built using multiple open-source packet processing frameworks. Results show upwards of 90% matching state with no observable delay to normal traffic or impact on its functionality.
{"title":"REMEDIATE: Improving Network and Middlebox Resilience With Virtualisation","authors":"Lyn Hill, Charalampos Rotsos, Chris Edwards, David Hutchison","doi":"10.1002/nem.2317","DOIUrl":"https://doi.org/10.1002/nem.2317","url":null,"abstract":"<p>The increasing demand for low-latency, high-bandwidth connectivity has introduced novel challenges to delivering strong resilience guarantees in production network environments. Closed hardware platforms, known as middleboxes, that lack visibility and support for state retention remain a key challenge for continuous service delivery during network failures. These middleboxes rarely employ recovery mechanisms of their own, inspiring renewed interest in the field of NFV in recent years due to this gap within the industry. The increasing availability of VNF capabilities in modern infrastructures offers an opportunity to exploit the flexibility of software and use hybrid architectures to improve resilience. REMEDIATE is a high-availability service that propagates state between unmodified hardware middleboxes and backup PNF or VNF appliances. The platform utilises targeted packet mirroring to allow network devices to organically construct equivalent state and thus allow an easy transition between hardware and software. To demonstrate its viability, we have evaluated REMEDIATE against a wide range of common hardware middlebox use cases built using multiple open-source packet processing frameworks. Results show upwards of 90% matching state with no observable delay to normal traffic or impact on its functionality.</p>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/nem.2317","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142764090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Effective spectrum allocation in 5G and beyond intelligent ubiquitous networks is vital for predicting future frequency band needs and ensuring optimal network performance. As wireless communication evolves from 4G to 5G and beyond, it has brought about remarkable advancements in speed and connectivity. However, with the growing demand for higher data rates and increased network capacity, new challenges in managing and utilizing network frequencies have emerged. Accurately forecasting spectrum requirements is critical to addressing these challenges. This research explores how machine learning (ML) plays a pivotal role in optimizing network performance through intelligent decision-making, predictive analysis, and adaptive management of network resources. By leveraging ML algorithms, networks can autonomously self-optimize in real time, adjusting to changing conditions and improving performance in 5G and beyond. The effectiveness of our approach was demonstrated through an extensive case study, which showed that it not only meets spectrum requirements in various environments but also significantly reduces energy consumption by pinpointing the appropriate spectrum range for each location. These results underscore the approach's potential for enhancing spectrum management in future networks, offering a scalable and efficient solution to the challenges facing 5G and beyond.
{"title":"Spectrum Allocation in 5G and Beyond Intelligent Ubiquitous Networks","authors":"Banoth Ravi, Utkarsh Verma","doi":"10.1002/nem.2315","DOIUrl":"https://doi.org/10.1002/nem.2315","url":null,"abstract":"<div>\u0000 \u0000 <p>Effective spectrum allocation in 5G and beyond intelligent ubiquitous networks is vital for predicting future frequency band needs and ensuring optimal network performance. As wireless communication evolves from 4G to 5G and beyond, it has brought about remarkable advancements in speed and connectivity. However, with the growing demand for higher data rates and increased network capacity, new challenges in managing and utilizing network frequencies have emerged. Accurately forecasting spectrum requirements is critical to addressing these challenges. This research explores how machine learning (ML) plays a pivotal role in optimizing network performance through intelligent decision-making, predictive analysis, and adaptive management of network resources. By leveraging ML algorithms, networks can autonomously self-optimize in real time, adjusting to changing conditions and improving performance in 5G and beyond. The effectiveness of our approach was demonstrated through an extensive case study, which showed that it not only meets spectrum requirements in various environments but also significantly reduces energy consumption by pinpointing the appropriate spectrum range for each location. These results underscore the approach's potential for enhancing spectrum management in future networks, offering a scalable and efficient solution to the challenges facing 5G and beyond.</p>\u0000 </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142758077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The increasing scale and complexity of network infrastructure present a huge challenge for network operators and administrators in performing network configuration and management tasks. Intent-based networking has emerged as a solution to simplify the configuration and management of networks. However, one of the most difficult tasks of intent-based networking is correctly translating high-level natural language intents into low-level network configurations. In this paper, we propose a general and effective approach to perform the network intent translation task using large language models with fine-tuning, dynamic in-context learning, and continuous learning. Fine-tuning allows a pretrained large language model to perform better on a specific task. In-context learning enables large language models to learn from the examples provided along with the actual intent. Continuous learning allows the system to improve overtime with new user intents. To demonstrate the feasibility of our approach, we present and evaluate it with two use cases: network formal specification translation and network function virtualization configuration. Our evaluation shows that with the proposed approach, we can achieve high intent translation accuracy as well as fast processing times using small large language models that can run on a single consumer-grade GPU.
{"title":"Intent-Based Network Configuration Using Large Language Models","authors":"Nguyen Tu, Sukhyun Nam, James Won-Ki Hong","doi":"10.1002/nem.2313","DOIUrl":"https://doi.org/10.1002/nem.2313","url":null,"abstract":"<div>\u0000 \u0000 <p>The increasing scale and complexity of network infrastructure present a huge challenge for network operators and administrators in performing network configuration and management tasks. Intent-based networking has emerged as a solution to simplify the configuration and management of networks. However, one of the most difficult tasks of intent-based networking is correctly translating high-level natural language intents into low-level network configurations. In this paper, we propose a general and effective approach to perform the network intent translation task using large language models with fine-tuning, dynamic in-context learning, and continuous learning. Fine-tuning allows a pretrained large language model to perform better on a specific task. In-context learning enables large language models to learn from the examples provided along with the actual intent. Continuous learning allows the system to improve overtime with new user intents. To demonstrate the feasibility of our approach, we present and evaluate it with two use cases: network formal specification translation and network function virtualization configuration. Our evaluation shows that with the proposed approach, we can achieve high intent translation accuracy as well as fast processing times using small large language models that can run on a single consumer-grade GPU.</p>\u0000 </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142707785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Blockchain has evolved into a secure and trustworthy environment for decentralized applications, offering the advantages of tamper-resistant, while simultaneously introducing on-chain overhead issues. The development of metaverse related smart contracts on blockchain has given rise to a compelling research inquiry concerning the secure reduction of on-chain storage overhead. In this research, the Metaverse Off-chain Storage Framework based on Chameleon hash (MSC), a unique framework for decentralized system based on chameleon hash, supports code or stored data updates without changing on-chain data is presented. The index of decentralized applications' data is calculated using the Chameleon hash to ensure that the index remains unchanged during the data modification process. Simultaneously, data can be stored outside of the blockchain with proper authentication mechanisms in place. The experimental results have shown that MSC exhibits reduced on-chain storage requirements when compared to similar frameworks. Furthermore, MSC significantly reduced overhead as compared to the direct storage of data within a smart contract.
{"title":"MSC: A Unique Chameleon Hash-Based Off-Chain Storage Framework for Metaverse Applications","authors":"Chenxi Xiong, Ting Yang, Gang Mao","doi":"10.1002/nem.2314","DOIUrl":"https://doi.org/10.1002/nem.2314","url":null,"abstract":"<p>Blockchain has evolved into a secure and trustworthy environment for decentralized applications, offering the advantages of tamper-resistant, while simultaneously introducing on-chain overhead issues. The development of metaverse related smart contracts on blockchain has given rise to a compelling research inquiry concerning the secure reduction of on-chain storage overhead. In this research, the Metaverse Off-chain Storage Framework based on Chameleon hash (MSC), a unique framework for decentralized system based on chameleon hash, supports code or stored data updates without changing on-chain data is presented. The index of decentralized applications' data is calculated using the Chameleon hash to ensure that the index remains unchanged during the data modification process. Simultaneously, data can be stored outside of the blockchain with proper authentication mechanisms in place. The experimental results have shown that MSC exhibits reduced on-chain storage requirements when compared to similar frameworks. Furthermore, MSC significantly reduced overhead as compared to the direct storage of data within a smart contract.</p>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/nem.2314","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143114889","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wrong parking incidents pose a pervasive challenge in urban environments, disrupting the smooth flow of traffic, compromising safety and contributing to various logistical issues. Unauthorized parking occurs when vehicles are parked in locations not designated for such purposes, leading to a myriad of problems for both authorities and the general public. This research introduces a pioneering approach to confront the persistent challenge of unauthorized parking incidents in urban environments. The study focuses on harnessing the advanced capabilities of the FusionNet model to enhance the accuracy of license plate detection. This paper introduces the YOLO v8 Model, a deep learning architecture designed to enhance urban parking management by accurately detecting vehicles parked in unauthorized slots. The objective is to enhance parking management efficiency by accurately detecting vehicles and their occupancy status in designated parking areas. The methodology begins with data collection and preprocessing of images of parking spaces, followed by the training of YOLO v8 to identify vehicles and parking spaces in real time. Leveraging a diverse dataset encompassing various parking scenarios, including instances of unauthorized parking, the model achieves an accuracy of 98.50% in identifying vehicles outside designated areas. This model segments characters from detected license plates, enabling the accurate extraction of alphanumeric information associated with each vehicle. The integrated system provides timely identification of parking violations and facilitates effective enforcement actions through captured license plate data. Results demonstrate the model's effectiveness in real-world scenarios, showcasing its potential for improving urban safety and efficiency. The implementation of FusionNet in the Python programming language, the proposed solution aims to streamline parking management, improve compliance with parking regulations and enhance overall urban mobility., with robust precision 96.17%, specificity 97.42% and sensitivity 96.19%, surpassing other MobileNet, CNN, ANN, DNN and EfficientNet models.
{"title":"SentinelGuard Pro: Deploying Cutting-Edge FusionNet for Unerring Detection and Enforcement of Wrong Parking Incidents","authors":"Vankadhara Rajyalakshmi, Kuruva Lakshmanna","doi":"10.1002/nem.2310","DOIUrl":"https://doi.org/10.1002/nem.2310","url":null,"abstract":"<div>\u0000 \u0000 <p>Wrong parking incidents pose a pervasive challenge in urban environments, disrupting the smooth flow of traffic, compromising safety and contributing to various logistical issues. Unauthorized parking occurs when vehicles are parked in locations not designated for such purposes, leading to a myriad of problems for both authorities and the general public. This research introduces a pioneering approach to confront the persistent challenge of unauthorized parking incidents in urban environments. The study focuses on harnessing the advanced capabilities of the FusionNet model to enhance the accuracy of license plate detection. This paper introduces the YOLO v8 Model, a deep learning architecture designed to enhance urban parking management by accurately detecting vehicles parked in unauthorized slots. The objective is to enhance parking management efficiency by accurately detecting vehicles and their occupancy status in designated parking areas. The methodology begins with data collection and preprocessing of images of parking spaces, followed by the training of YOLO v8 to identify vehicles and parking spaces in real time. Leveraging a diverse dataset encompassing various parking scenarios, including instances of unauthorized parking, the model achieves an accuracy of 98.50% in identifying vehicles outside designated areas. This model segments characters from detected license plates, enabling the accurate extraction of alphanumeric information associated with each vehicle. The integrated system provides timely identification of parking violations and facilitates effective enforcement actions through captured license plate data. Results demonstrate the model's effectiveness in real-world scenarios, showcasing its potential for improving urban safety and efficiency. The implementation of FusionNet in the Python programming language, the proposed solution aims to streamline parking management, improve compliance with parking regulations and enhance overall urban mobility., with robust precision 96.17%, specificity 97.42% and sensitivity 96.19%, surpassing other MobileNet, CNN, ANN, DNN and EfficientNet models.</p>\u0000 </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142724245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Huaquan Su, Junwei Li, Li Guo, Wanshuo Wang, Yongjiao Yang, You Wen, Kai Li, Pingyan Mo
� �
The acceleration of the digitalization process in enterprise and university education management has generated a massive amount of electronic archive data. In order to improve the intelligence, storage quality, and efficiency of electronic records management and achieve efficient storage and fast retrieval of data storage models, this study proposes a massive data storage model based on HBase and its retrieval optimization scheme design. In addition, HDFS is introduced to construct a two-level storage structure and optimize values to improve the scalability and load balancing of HBase, and the retrieval efficiency of the HBase storage model is improved through SL-TCR and BF filters. The results indicated that HDFS could automatically recover data after node, network partition, and NameNode failures. The write time of HBase was 56 s, which was 132 and 246 s less than Cassandra and CockroachDB. The query latency was reduced by 23% and 32%, and the query time was reduced by 9988.51 ms, demonstrating high reliability and efficiency. The delay of BF-SL-TCL was 1379.28 s after 1000 searches, which was 224.78 and 212.74 s less than SL-TCL and Blockchain Retrieval Acceleration and reduced the delay under high search times. In summary, this storage model has obvious advantages in storing massive amounts of electronic archive data and has high security and retrieval efficiency, which provides important reference for the design of storage models for future electronic archive management. The storage model designed by the research institute has obvious advantages in storing massive electronic archive data, solving the problem of lack of scalability in electronic archive management when facing massive data, and has high security and retrieval efficiency. It has important reference for the design of storage models for future electronic archive management.
{"title":"Massive Data HBase Storage Method for Electronic Archive Management","authors":"Huaquan Su, Junwei Li, Li Guo, Wanshuo Wang, Yongjiao Yang, You Wen, Kai Li, Pingyan Mo","doi":"10.1002/nem.2308","DOIUrl":"https://doi.org/10.1002/nem.2308","url":null,"abstract":"<div>\u0000 \u0000 <p>The acceleration of the digitalization process in enterprise and university education management has generated a massive amount of electronic archive data. In order to improve the intelligence, storage quality, and efficiency of electronic records management and achieve efficient storage and fast retrieval of data storage models, this study proposes a massive data storage model based on HBase and its retrieval optimization scheme design. In addition, HDFS is introduced to construct a two-level storage structure and optimize values to improve the scalability and load balancing of HBase, and the retrieval efficiency of the HBase storage model is improved through SL-TCR and BF filters. The results indicated that HDFS could automatically recover data after node, network partition, and NameNode failures. The write time of HBase was 56 s, which was 132 and 246 s less than Cassandra and CockroachDB. The query latency was reduced by 23% and 32%, and the query time was reduced by 9988.51 ms, demonstrating high reliability and efficiency. The delay of BF-SL-TCL was 1379.28 s after 1000 searches, which was 224.78 and 212.74 s less than SL-TCL and Blockchain Retrieval Acceleration and reduced the delay under high search times. In summary, this storage model has obvious advantages in storing massive amounts of electronic archive data and has high security and retrieval efficiency, which provides important reference for the design of storage models for future electronic archive management. The storage model designed by the research institute has obvious advantages in storing massive electronic archive data, solving the problem of lack of scalability in electronic archive management when facing massive data, and has high security and retrieval efficiency. It has important reference for the design of storage models for future electronic archive management.</p>\u0000 </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142737619","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Andrei C. Azevedo, Eder J. Scheid, Muriel F. Franco, Demétrio F. F. Boeira, Luciano Zembruzki, Lisandro Z. Granville
� �
Centralization of Internet-based services in a few key players has been a topic of study in recent years. One of such services, the domain name system (DNS), is one of the pillars of the Internet, which allows users to access websites on the Internet through easy-to-remember domain names rather than complex numeric IP addresses. In this DNS context, the reliance on a small number of large DNS providers can lead to (a) risks of data breaches and disruption of service in the event of failures and (b) concerns about the digital sovereignty of countries regarding DNS hosting. As several essential services are provided through electronic government (E-Gov), it is highly important to be able to measure the digital sovereignty of a nation and the impacts that the lack of such feature can bring to its citizens. This work approaches the issue of DNS concentration on the Internet by presenting a solution to measure DNS hosting centralization and digital sovereignty in different countries, such as Brazil, India, China, Russia, and South Africa. With the data obtained through these measurements, relevant questions are answered, such as which are the top-10 DNS providers, if there is DNS centralization, and how dependent countries are on such providers to manage domains using their country code top-level domains (ccTLD). Future opportunities could investigate the impacts on sovereignty under the lens of other layers of the open systems interconnection (OSI) Network Sovereignty representation model presented in this work.
�
近年来,将基于互联网的服务集中到少数关键参与者手中一直是一个研究课题。域名系统(DNS)是此类服务之一,也是互联网的支柱之一,它允许用户通过易于记忆的域名而不是复杂的数字 IP 地址访问互联网上的网站。在域名系统方面,对少数大型域名系统提供商的依赖可能导致:(a) 数据外泄和服务中断 的风险,(b) 各国在域名系统托管方面的数字主权问题。由于一些基本服务是通过电子政务(E-Gov)提供的,因此能够衡量一个国家的数字主权以及缺乏这种功能可能给其公民带来的影响是非常重要的。这项工作通过提出一种解决方案来衡量 DNS 主机集中化和不同国家(如巴西、印度、中国、俄罗斯和南非)的数字主权,从而解决互联网上 DNS 集中化的问题。通过这些测量获得的数据,可以回答相关问题,如哪些是排名前十的 DNS 提供商,是否存在 DNS 集中化,以及各国在使用其国家代码顶级域 (ccTLD) 管理域名时对这些提供商的依赖程度。未来有机会可以从本研究中提出的开放系统互连 (OSI) 网络主权表示模型的其他层面来研究对主权的影响。
{"title":"The Role of Network Centralization in Shaping Digital Sovereignty: An Analysis Under the DNS Lens","authors":"Andrei C. Azevedo, Eder J. Scheid, Muriel F. Franco, Demétrio F. F. Boeira, Luciano Zembruzki, Lisandro Z. Granville","doi":"10.1002/nem.2309","DOIUrl":"https://doi.org/10.1002/nem.2309","url":null,"abstract":"<div>\u0000 \u0000 <p>Centralization of Internet-based services in a few key players has been a topic of study in recent years. One of such services, the domain name system (DNS), is one of the pillars of the Internet, which allows users to access websites on the Internet through easy-to-remember domain names rather than complex numeric IP addresses. In this DNS context, the reliance on a small number of large DNS providers can lead to (a) risks of data breaches and disruption of service in the event of failures and (b) concerns about the digital sovereignty of countries regarding DNS hosting. As several essential services are provided through electronic government (E-Gov), it is highly important to be able to measure the digital sovereignty of a nation and the impacts that the lack of such feature can bring to its citizens. This work approaches the issue of DNS concentration on the Internet by presenting a solution to measure DNS hosting centralization and digital sovereignty in different countries, such as Brazil, India, China, Russia, and South Africa. With the data obtained through these measurements, relevant questions are answered, such as which are the top-10 DNS providers, if there is DNS centralization, and how dependent countries are on such providers to manage domains using their country code top-level domains (ccTLD). Future opportunities could investigate the impacts on sovereignty under the lens of other layers of the open systems interconnection (OSI) Network Sovereignty representation model presented in this work.</p>\u0000 </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142724177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Although software-defined networking (SDN) is commonly employed for intra-domain communication, inter-domain communication still heavily relies on conventional routing methods, specifically BGP-based routers. The BGP router plays a crucial role in managing control and data planes, but this traditional approach hinders the exploitation of SDN advantages. Previous studies demonstrated the use of BGP for inter-domain and end-to-end communication. This paper advocates for the adoption of a fully SDN-based data plane packet switching strategy through the introduction of LPEES, a lightweight policy framework tailored for SDN-based inter-domain communication. LPEES strategically confines BGP's functionality to the control plane, preserving SDN benefits. Evaluation results confirm the effectiveness of LPEES compared to the BGP routing approach, as measured by throughput and various network quality of service (QoS) metrics. Additionally, LPEES streamlines inter-domain communication by utilizing a trust-based routing policy approach that can establish trust between communicating domains. The presented solution's main advantage is that it loosens the burden on the administrator by requiring less human interference to check the inter-domain communication security and privacy. Our evaluations show LPEES outperform the BGP-based in terms of throughput as LPEES achieves a 27 Gbps versus 22 Gbps in the traditional approach. Based on our experiments, LPEES also enhances the communication delay by an average of 17% compared to the traditional BGP-based approach.
�
虽然软件定义网络(SDN)通常用于域内通信,但域间通信仍严重依赖传统路由方法,特别是基于 BGP 的路由器。BGP 路由器在管理控制平面和数据平面方面发挥着至关重要的作用,但这种传统方法阻碍了 SDN 优势的发挥。以前的研究表明,BGP 可用于域间和端到端通信。本文通过引入为基于 SDN 的域间通信量身定制的轻量级策略框架 LPEES,倡导采用完全基于 SDN 的数据平面数据包交换策略。LPEES 从战略上将 BGP 的功能限制在控制平面,保留了 SDN 的优势。通过吞吐量和各种网络服务质量(QoS)指标来衡量,评估结果证实了 LPEES 与 BGP 路由方法相比的有效性。此外,LPEES 采用基于信任的路由策略方法,可以在通信域之间建立信任,从而简化域间通信。该解决方案的主要优点是减轻了管理员的负担,减少了检查域间通讯安全性和隐私性的人工干预。我们的评估显示,LPEES 在吞吐量方面优于基于 BGP 的方案,LPEES 达到了 27 Gbps,而传统方案为 22 Gbps。根据我们的实验,与传统的基于 BGP 的方法相比,LPEES 还将通信延迟平均提高了 ∼ $ $ sim $ 17%。
{"title":"Lightweight Flow-Based Policy Enforcement for SDN-Based Multi-Domain Communication","authors":"Abdulhakim Sabur","doi":"10.1002/nem.2312","DOIUrl":"https://doi.org/10.1002/nem.2312","url":null,"abstract":"<div>\u0000 \u0000 <p>Although software-defined networking (SDN) is commonly employed for intra-domain communication, inter-domain communication still heavily relies on conventional routing methods, specifically BGP-based routers. The BGP router plays a crucial role in managing control and data planes, but this traditional approach hinders the exploitation of SDN advantages. Previous studies demonstrated the use of BGP for inter-domain and end-to-end communication. This paper advocates for the adoption of a fully SDN-based data plane packet switching strategy through the introduction of LPEES, a lightweight policy framework tailored for SDN-based inter-domain communication. LPEES strategically confines BGP's functionality to the control plane, preserving SDN benefits. Evaluation results confirm the effectiveness of LPEES compared to the BGP routing approach, as measured by throughput and various network quality of service (QoS) metrics. Additionally, LPEES streamlines inter-domain communication by utilizing a trust-based routing policy approach that can establish trust between communicating domains. The presented solution's main advantage is that it loosens the burden on the administrator by requiring less human interference to check the inter-domain communication security and privacy. Our evaluations show LPEES outperform the BGP-based in terms of throughput as LPEES achieves a <span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <mo>∼</mo>\u0000 </mrow>\u0000 <annotation>$$ sim $$</annotation>\u0000 </semantics></math>27 Gbps versus <span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <mo>∼</mo>\u0000 </mrow>\u0000 <annotation>$$ sim $$</annotation>\u0000 </semantics></math>22 Gbps in the traditional approach. Based on our experiments, LPEES also enhances the communication delay by an average of <span></span><math>\u0000 <semantics>\u0000 <mrow>\u0000 <mo>∼</mo>\u0000 </mrow>\u0000 <annotation>$$ sim $$</annotation>\u0000 </semantics></math>17% compared to the traditional BGP-based approach.</p>\u0000 </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142737594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Daniele Bringhenti, Francesco Pizzato, Riccardo Sisto, Fulvio Valenza
Packet filtering firewalls represent a main defense line against cyber attacks that target computer networks daily. However, the traditional manual approaches for their configuration are no longer applicable to next-generation networks, which have become much more complex after the introduction of virtualization paradigms. Some automatic strategies have been investigated in the literature to change that old-fashioned configuration approach, but they are not fully autonomous and still require several human interventions. In order to overcome these limitations, this paper proposes an autonomous approach for firewall reconfiguration where all steps are automated, from the derivation of the security requirements coming from the logs of IDSs to the deployment of the automatically computed configurations. A core component of this process is React-VEREFOO, which models the firewall reconfiguration problem as a Maximum Satisfiability Modulo Theories problem, allowing the combination of full automation, formal verification, and optimization in a single technique. An implementation of this proposal has undergone experimental validation to show its effectiveness and performance.
{"title":"Autonomous Attack Mitigation Through Firewall Reconfiguration","authors":"Daniele Bringhenti, Francesco Pizzato, Riccardo Sisto, Fulvio Valenza","doi":"10.1002/nem.2307","DOIUrl":"https://doi.org/10.1002/nem.2307","url":null,"abstract":"<p>Packet filtering firewalls represent a main defense line against cyber attacks that target computer networks daily. However, the traditional manual approaches for their configuration are no longer applicable to next-generation networks, which have become much more complex after the introduction of virtualization paradigms. Some automatic strategies have been investigated in the literature to change that old-fashioned configuration approach, but they are not fully autonomous and still require several human interventions. In order to overcome these limitations, this paper proposes an autonomous approach for firewall reconfiguration where all steps are automated, from the derivation of the security requirements coming from the logs of IDSs to the deployment of the automatically computed configurations. A core component of this process is React-VEREFOO, which models the firewall reconfiguration problem as a Maximum Satisfiability Modulo Theories problem, allowing the combination of full automation, formal verification, and optimization in a single technique. An implementation of this proposal has undergone experimental validation to show its effectiveness and performance.</p>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"35 1","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/nem.2307","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143117635","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Weizhi Meng, Sokratis K. Katsikas, Jiageng Chen, Chao Chen
<p>With the rapid growth of size and scale in current organization, decentralize systems are becoming dominant, which is an interconnected information system where no single entity or central server is employed as a sole authority, such as Internet of Things (IoT), smart home system, smart city system, and more. For such systems, sensors are important to gather and process data as the lower level components. However, with the distributed deployment, decentralized systems are facing various security, privacy, and trust issues. For instance, any compromised sensor may leak sensitive data or be used to infect other entities within the system. It is also a long-term challenge to establish trust among different nodes and defeat malicious insiders. Here, there is a requirement to develop suitable management schemes for decentralized systems and networks regarding security, privacy, and trust. This special issue focuses on the identification of security, privacy, and trust issues in decentralized systems and the development of effective solutions in handling security, privacy, and trust issues for decentralized systems, for example, IoT, cyber-physical systems (CPS), smart city, and smart home.</p><p>In the first contribution entitled “A security-enhanced equipment predictive maintenance solution for the ETO manufacturing,” Cao et al. proposed a security-enhanced predictive maintenance scheme specifically designed for ETO-type production equipment. This scheme can use the industrial Internet of Things (IIoT) technology to monitor machines and equipment, constructing prediction models using machine learning methods and reinforcing the security of the prediction system through adoption of a decentralized architecture with blockchain distributed storage. In this experiment, six supervised learning models were compared, and it was found that the model based on the random forest algorithm achieved an outstanding accuracy rate of 98.88%.</p><p>In the second contribution entitled “IGXSS: XSS payload detection model based on inductive GCN,” Wang et al. figured out that XSS is one of the most common web application attacks, in which an attacker can obtain private user information from IoT devices or cloud platforms. To address this issue, the authors proposed an XSS payload detection model based on inductive graph neural networks, shortly IGXSS (XSS payload detection model based on inductive GCN). The method aims to detect XSS payloads under an IoT environment by segmenting the samples as nodes and obtaining the feature matrix of nodes and edges.</p><p>In the third contribution entitled “Privacy-protected object detection through trustworthy image fusion,” Zhang et al. identified that user privacy may be leaked as infrared images may contain sensitive information. The authors then proposed a procedure for enhancing the database privacy, object detection based on multi-band infrared image datasets, and they utilized the transfer learning technique to migrate know
{"title":"Security, Privacy, and Trust Management on Decentralized Systems and Networks","authors":"Weizhi Meng, Sokratis K. Katsikas, Jiageng Chen, Chao Chen","doi":"10.1002/nem.2311","DOIUrl":"https://doi.org/10.1002/nem.2311","url":null,"abstract":"<p>With the rapid growth of size and scale in current organization, decentralize systems are becoming dominant, which is an interconnected information system where no single entity or central server is employed as a sole authority, such as Internet of Things (IoT), smart home system, smart city system, and more. For such systems, sensors are important to gather and process data as the lower level components. However, with the distributed deployment, decentralized systems are facing various security, privacy, and trust issues. For instance, any compromised sensor may leak sensitive data or be used to infect other entities within the system. It is also a long-term challenge to establish trust among different nodes and defeat malicious insiders. Here, there is a requirement to develop suitable management schemes for decentralized systems and networks regarding security, privacy, and trust. This special issue focuses on the identification of security, privacy, and trust issues in decentralized systems and the development of effective solutions in handling security, privacy, and trust issues for decentralized systems, for example, IoT, cyber-physical systems (CPS), smart city, and smart home.</p><p>In the first contribution entitled “A security-enhanced equipment predictive maintenance solution for the ETO manufacturing,” Cao et al. proposed a security-enhanced predictive maintenance scheme specifically designed for ETO-type production equipment. This scheme can use the industrial Internet of Things (IIoT) technology to monitor machines and equipment, constructing prediction models using machine learning methods and reinforcing the security of the prediction system through adoption of a decentralized architecture with blockchain distributed storage. In this experiment, six supervised learning models were compared, and it was found that the model based on the random forest algorithm achieved an outstanding accuracy rate of 98.88%.</p><p>In the second contribution entitled “IGXSS: XSS payload detection model based on inductive GCN,” Wang et al. figured out that XSS is one of the most common web application attacks, in which an attacker can obtain private user information from IoT devices or cloud platforms. To address this issue, the authors proposed an XSS payload detection model based on inductive graph neural networks, shortly IGXSS (XSS payload detection model based on inductive GCN). The method aims to detect XSS payloads under an IoT environment by segmenting the samples as nodes and obtaining the feature matrix of nodes and edges.</p><p>In the third contribution entitled “Privacy-protected object detection through trustworthy image fusion,” Zhang et al. identified that user privacy may be leaked as infrared images may contain sensitive information. The authors then proposed a procedure for enhancing the database privacy, object detection based on multi-band infrared image datasets, and they utilized the transfer learning technique to migrate know","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"34 6","pages":""},"PeriodicalIF":1.5,"publicationDate":"2024-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/nem.2311","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142642020","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号