Search Results (1 - 6 of 6 Results)

Sort By  
Sort Dir
 
Results per page  

Barritt, Brian JamesThe Modeling, Simulation, and Operational Control of Aerospace Communication Networks
Doctor of Philosophy, Case Western Reserve University, 2017, EECS - Computer Engineering
A paradigm shift is taking place in aerospace communications. Traditionally, aerospace systems have relied upon circuit switched communications; geostationary communications satellites act as bent-pipe transponders and are not burdened with packet processing and the complexity of mobility in the network topology. But factors such as growing mission complexity and NewSpace development practices are driving the rapid adoption of packet-based network protocols in aerospace networks. Meanwhile, several new aerospace networks are being designed to provide either low latency, high-resolution imaging or low-latency Internet access while operating in non-geostationary orbits -- or even lower, in the upper atmosphere. The need for high data-rate communications in these networks is simultaneously driving greater reliance on beamforming, directionality, and narrow beamwidths in RF communications and free-space optical communications. This dissertation explores the challenges and offers novel solutions in the modeling, simulation, and operational control of these new aerospace networks. In the concept, design, and development phases of such networks, the dissertation motivates the use of network simulators to model network protocols and network application traffic instead of relying solely on link budget calculations. It also contributes a new approach to network simulation that can integrate with spatial temporal information systems for high-fidelity modeling of time-dynamic geometry, antenna gain patterns, and wireless signal propagation in the physical layer. And towards the operational control of such networks, the dissertation introduces Temporospatial Software Defined Networking (TS-SDN), a new approach that leverages predictability in the propagated motion of platforms and high-fidelity wireless link modeling to build a holistic, predictive view of the accessible network topology and provides SDN applications with the ability to optimize the network topology and routing through the direct expression of network behavior and requirements. This is complemented by enhancements to the southbound interface to support synchronized future enactment of state changes in order to tolerate varying delay and disruption in the control plane. A high-level overview of an implementation of Temporospatial SDN at Alphabet is included. The dissertation also describes and demonstrates the benefits of the application of TS-SDN in Low Earth Orbiting (LEO) satellite constellations and High Altitude Platform Systems (HAPS).

Committee:

Frank Merat (Committee Chair); Rabinovich Michael (Committee Member); Daniel Saab (Committee Member); Mark Allman (Committee Member)

Subjects:

Aerospace Engineering; Computer Engineering; Computer Science

Keywords:

temporospatial; SDN; TS-SDN; aerospace; networks; satellites; LEO; NGSO; constellations; HAPS; high-altitude platforms; STK; wireless; mesh; networking; modeling; simulation; ns-3

Alqallaf, MahaSoftware Defined Secure Ad Hoc Wireless Networks
Doctor of Philosophy (PhD), Wright State University, 2016, Computer Science and Engineering PhD
Software defined networking (SDN), a new networking paradigm that separates the network data plane from the control plane, has been considered as a flexible, layered, modular, and efficient approach to managing and controlling networks ranging from wired, infrastructure-based wireless (e.g., cellular wireless networks, WiFi, wireless mesh net- works), to infrastructure-less wireless networks (e.g. mobile ad-hoc networks, vehicular ad-hoc networks) as well as to offering new types of services and to evolving the Internet architecture. Most work has focused on the SDN application in traditional and wired and/or infrastructure based networks. Wireless networks have become increasingly more heterogeneous. Secure and collab- orative operation of mobile wireless ad-hoc networks poses significant challenges due to the decentralized nature of mobile ad hoc wireless networks, mobility of nodes, and re- source constraints. Recent developments in software defined networking shed new light on how to control and manage an ad hoc wireless network. Given the wide deployment and availability of heterogeneous wireless technologies, the control and management of ad hoc wireless networks with the new software defined networking paradigm is offered more flexibility and opportunities to deal with trust and security issues and to enable new features and services. This dissertation focuses on the SDN MANET architecture design issues for provid- ing secure collaborative operation. Specifically, (I) We have proposed four design options for software defined secure collaborative ad hoc wireless network architecture. The de- sign options are organized into (a) centralized SDN controller architecture with controller replication and (b) distributed SDN controller architecture. While these proposed architec- ture options exhibit different characteristics, many common challenges are shared amongst these options. Challenges include fault-tolerance, scalability, efficiency, and security. The unstructured nature of ad hoc wireless networks exacerbates these challenges. We have studied the pros and cons of these different design options and their applicability in differ- ent practical scenarios via simulations. (II) Establishing the initial trust among participating devices in an SDN based wireless mobile ad hoc network will serve as a basis for enabling ensuing secure communication of the network. We proposed and studied trusted virtual certificate authorities (VCAs) based local infrastructure for supporting device mutual au- thentication to support secure communications/operations in SDN based MANETs, and therefore, relieving the MANETs of the need to rely on an external public key infrastruc- ture (PKI). We examined the ways in which this VCA based infrastructure can be integrated with the four SDN based MANET architecture design options. (III) Finally, we provided theoretically analysis of designing and incorporating an IDS/IPS system in an SDN based MANET.

Committee:

Bin Wang, Ph.D. (Advisor); Yong Pei, Ph.D. (Committee Member); Krishnaprasad Thirunarayan, Ph.D. (Committee Member); Zhiqiang Wu, Ph.D. (Committee Member)

Subjects:

Computer Engineering; Computer Science

Keywords:

MANET; Security Challenges; Trust Management Challenges; SDN; OpenFlow; SDN Security Issues and Mechanisms; Trust Management; Virtual Certificate Authority for SDNMANET; Intrusion Detection and Prevention for SDNMANET; SDNMANET Architecture

Al-Mafrachi, Basheer Husham AliDetection of DDoS Attacks against the SDN Controller using Statistical Approaches
Master of Science in Computer Engineering (MSCE), Wright State University, 2017, Computer Engineering
In traditional networks, switches and routers are very expensive, complex, and inflexible because forwarding and handling of packets are in the same device. However, Software Defined Networking (SDN) makes networks design more flexible, cheaper, and programmable because it separates the control plane from the data plane. SDN gives administrators of networks more flexibility to handle the whole network by using one device which is the controller. Unfortunately, SDN faces a lot of security problems that may severely affect the network operations if not properly addressed. Threat vectors may target main components of SDN such as the control plane, the data plane, and/or the application. Threats may also target the communication among these components. Among the threats that can cause significant damages include attacks on the control plane and communication between the controller and other networks components by exploiting the vulnerabilities in the controller or communication protocols. Controllers of SDN and their communications may be subjected to different types of attacks. DDoS attacks on the SDN controller can bring the network down. In this thesis, we have studied various form of DDoS attacks against the controller of SDN. We conducted a comparative study of a set of methods for detecting DDoS attacks on the SDN controller and identifying compromised switch interfaces. These methods are sequential probability ratio test (SPRT), count-based detection (CD), percentage-based detection (PD), and entropy-based detection (ED). We implemented the detection methods and evaluated the performance of the methods using publicly available DARPA datasets. Finally, we found that SPRT is the only one that has the highest accuracy and F score and detect almost all DDoS attacks without producing false positive and false negative.

Committee:

Bin Wang, Ph.D. (Advisor); Yong Pei, Ph.D. (Committee Member); Mateen Rizki, Ph.D. (Committee Member)

Subjects:

Computer Engineering

Keywords:

SDN; Controller; DDoS attacks; SPRT; CD; PD; CUSUM; ED

Niyaz, QuamarDesign and Implementation of a Deep Learning based Intrusion Detection System in Software-Defined Networking Environment
Doctor of Philosophy, University of Toledo, 2017, Engineering
Network management becomes difficult when the size of the network grows. An ill-managed network opens several ways for the adversaries to exploit the security vulnerabilities for intrusions. Also, low-priced Internet subscriptions and publicly available attack tools enable the attackers to launch undiscovered or zero-day attacks in a network. Machine learning based approaches are well-suited to detect such kinds of undiscovered attacks. However, the hand-engineering involved in machine learning approaches for the proper selection of features from the network traffic puts a constraint on the accuracy of attack detection. The recently emerged networking paradigm named as software-defined networks (SDN) and the reincarnation of the neural network as deep learning (DL) promise to revolutionize the relevant industries. The SDN centralizes the network management and controls the network from a logically single point. The DL-based approach significantly improves the selection of features for the classification or prediction in an unsupervised manner. In our work, we utilize the benefits offered by the SDN and DL for the design and implementation of a network intrusion detection system (NIDS). The NIDS, implemented as an SDN application, can monitor the entire network for intrusions from a single point. Using the DL-based approach for the implementation helps in proper feature selection from a large traffic feature set and produces high accuracy with very low false alarms in intrusion detection. Before a real-world implementation of the NIDS, we develop a DL-based NIDS using a benchmark intrusion dataset (NSL-KDD) to explore the applicability of a DL-based approach for the NIDS implementation. An evaluation of the attack impact on network services running in the SDN environment is also performed. We analyze the response time and loss of service delivery in different attack scenarios. Finally, we discuss the implementation of a light-weight testbed for network security experiments developed with the tools used in an SDN infrastructure.

Committee:

Weiqing Sun (Committee Chair); Ahmad Y Javaid (Committee Co-Chair); Mansoor Alam (Committee Member); Junghwan Kim (Committee Member); Mohammed Niamat (Committee Member); Hong Wang (Committee Member)

Subjects:

Computer Engineering; Computer Science

Keywords:

Network Security, NIDS, SDN, Deep Learning, Multi-vector DDoS detection

Gruesen, Michael GTowards an Ideal Execution Environment for Programmable Network Switches
Master of Science, University of Akron, 2016, Computer Science
Software Defined Networking (SDN) aims to create more powerful, intelligent networks that are managed using programmed switching devices. Applications for these SDN switches should be target independent, while being efficiently translated to the platform's native machine code. However network switch vendors do not conform to any standard, and contain different capabilities and features that vary between manufacturers. The Freeflow Virtual Machine (FFVM) is a modular, fully programmable virtual switch that can host compiled network applications. Applications are compiled to native object libraries and dynamically loaded at run time. The FFVM provides the necessary data and computing resources required by applications to process packets. This work details the many implementation approaches investigated and evaluated in order to define a suitable execution environment for hosted network applications.

Committee:

Andrew Sutton, Dr. (Advisor)

Subjects:

Computer Science

Keywords:

Software Defined Networking; SDN; Execution environment; Virtual machine; Programmable network switch

Jamaliannasrabadi, SabaHigh Performance Computing as a Service in the Cloud Using Software-Defined Networking
Master of Science (MS), Bowling Green State University, 2015, Computer Science
Benefits of Cloud Computing (CC) such as scalability, reliability, and resource pooling have attracted scientists to deploy their High Performance Computing (HPC) applications on the Cloud. Nevertheless, HPC applications can face serious challenges on the cloud that could undermine the gained benefit, if care is not taken. This thesis targets to address the shortcomings of the Cloud for the HPC applications through a platform called HPC as a Service (HPCaaS). Further, a novel scheme is introduced to improve the performance of HPC task scheduling on the Cloud using the emerging technology of Software-Defined Networking (SDN). The research introduces “ASETS: A SDN-Empowered Task Scheduling System” as an elastic platform for scheduling HPC tasks on the cloud. In addition, a novel algorithm called SETSA is developed as part of the ASETS architecture to manage the scheduling task of the HPCaaS platform. The platform monitors the network bandwidths to take advantage of the changes when submitting tasks to the virtual machines. The experiments and benchmarking of HPC applications on the Cloud identified the virtualization overhead, cloud networking, and cloud multi-tenancy as the primary shortcomings of the cloud for HPC applications. A private Cloud Test Bed (CTB) was set up to evaluate the capabilities of ASETS and SETSA in addressing such problems. Subsequently, Amazon AWS public cloud was used to assess the scalability of the proposed systems. The obtained results of ASETS and SETSA on both private and public cloud indicate significant performance improvement of HPC applications can be achieved. Furthermore, the results suggest that proposed system is beneficial both to the cloud service providers and the users since ASETS performs better the degree of multi-tenancy increases. The thesis also proposes SETSAW (SETSA Window) as an improved version of SETSA algorism. Unlike other proposed solutions for HPCaaS which have either optimized the cloud to make it more HPC-friendly, or required adjusting HPC applications to make them more cloud-friendly, ASETS tends to provide a platform for existing cloud systems to improve the performance of HPC applications.

Committee:

Hassan Rajaei, Ph.D (Advisor); Robert Green, Ph.D (Committee Member); Jong Kwan Lee, Ph.D (Committee Member)

Subjects:

Computer Engineering; Computer Science; Technology

Keywords:

High Performance Computing; HPC; Cloud Computing; Scientific Computing; HPCaaS; Software Defined Networking; SDN; Cloud Networking; Virtualization