Unprecedented Smart Algorithm for Uninterrupted SDN Services During DDoS Attack

In the design and planning of next-generation Internet of Things (IoT), telecommunication, and satellite communication systems, controller placement is crucial in software-defined networking (SDN). The programmability of the SDN controller is sophisticated for the centralized control system of the entire network. Nevertheless, it creates a significant loophole for the manifestation of a distributed denial of service (DDoS) attack straightforwardly. Furthermore, recently a Distributed Reflected Denial of Service (DRDoS) attack, an unusual DDoS attack, has been detected. However, minimal deliberation has given to this forthcoming single point of SDN infrastructure failure problem. Moreover, recently the high frequencies of DDoS attacks have increased dramatically. In this paper, a smart algorithm for planning SDN smart backup controllers under DDoS attack scenarios has proposed. Our proposed smart algorithm can recommend single or multiple smart backup controllers in the event of DDoS occurrence. The obtained simulated results demonstrate that the validation of the proposed algorithm and the performance analysis achieved 99.99% accuracy in placing the smart backup controller under DDoS attacks within 0.125 to 46508.7 s in SDN.     

Controller Placement in Software Defined Internet of Things Using Optimization Algorithm

The current and future status of the internet is represented by the upcoming Internet of Things (IoT). The internet can connect the huge amount of data, which contains lot of processing operations and efforts to transfer the pieces of information. The emerging IoT technology in which the smart ecosystem is enabled by the physical object fixed with software electronics, sensors and network connectivity. Nowadays, there are two trending technologies that take the platform i.e., Software Defined Network (SDN) and IoT (SD-IoT). The main aim of the IoT network is to connect and organize different objects with the internet, which is managed with the control panel and data panel in the SD network. The main issue and the challenging factors in this network are the increase in the delay and latency problem between the controllers. It is more significant for wide area networks, because of the large packet propagation latency and the controller placement problem is more important in every network. In the proposed work, IoT is implementing with adaptive fuzzy controller placement using the enhanced sunflower optimization (ESFO) algorithm and Pareto Optimal Controller placement tool (POCO) for the placement problem of the controller. In order to prove the efficiency of the proposed system, it is compared with other existing methods like PASIN, hybrid SD and PSO in terms of load balance, reduced number of controllers and average latency and delay. With 2 controllers, the proposed method obtains 400 miles as average latency, which is 22.2% smaller than PSO, 76.9% lesser than hybrid SD and 91.89% lesser than PASIN.     

Automated Controller Placement for Software-Defined Networks to Resist DDoS Attacks

In software-defined networks (SDNs), controller placement is a critical factor in the design and planning for the future Internet of Things (IoT), telecommunication, and satellite communication systems. Existing research has concentrated largely on factors such as reliability, latency, controller capacity, propagation delay, and energy consumption. However, SDNs are vulnerable to distributed denial of service (DDoS) attacks that interfere with legitimate use of the network. The ever-increasing frequency of DDoS attacks has made it necessary to consider them in network design, especially in critical applications such as military, health care, and financial services networks requiring high availability. We propose a mathematical model for planning the deployment of SDN smart backup controllers (SBCs) to preserve service in the presence of DDoS attacks. Given a number of input parameters, our model has two distinct capabilities. First, it determines the optimal number of primary controllers to place at specific locations or nodes under normal operating conditions. Second, it recommends an optimal number of smart backup controllers for use with different levels of DDoS attacks. The goal of the model is to improve resistance to DDoS attacks while optimizing the overall cost based on the parameters. Our simulated results demonstrate that the model is useful in planning for SDN reliability in the presence of DDoS attacks while managing the overall cost.     

An IoT Environment Based Framework for Intelligent Intrusion Detection

Software-defined networking (SDN) represents a paradigm shift in network traffic management. It distinguishes between the data and control planes. APIs are then used to communicate between these planes. The controller is central to the management of an SDN network and is subject to security concerns. This research shows how a deep learning algorithm can detect intrusions in SDN-based IoT networks. Overfitting, low accuracy, and efficient feature selection is all discussed. We propose a hybrid machine learning-based approach based on Random Forest and Long Short-Term Memory (LSTM). In this study, a new dataset based specifically on Software Defined Networks is used in SDN. To obtain the best and most relevant features, a feature selection technique is used. Several experiments have revealed that the proposed solution is a superior method for detecting flow-based anomalies. The performance of our proposed model is also measured in terms of accuracy, recall, and precision. F1 rating and detection time Furthermore, a lightweight model for training is proposed, which selects fewer features while maintaining the model’s performance. Experiments show that the adopted methodology outperforms existing models.     

A Safe and Reliable Routing Mechanism of LEO Satellite Based on SDN

Satellite networks have high requirements for security and data processing speed. In order to improve the reliability of the network, software-defined network (SDN) technology is introduced and a central controller is set in the network. Due to the characteristics of global perspective, control data separation, and centralized control of SDN, the idea of SDN is introduced to the design of the satellite network model. As a result, satellite nodes are only responsible for data transmission, while the maintenance of the links and the calculation of routes are implemented by the controller. For the massive LEO satellite network based on SDN, a state evaluation decision routing mechanism is proposed. The designed mechanism monitors the status of the entire network effectively and reduces the on-board load on the satellite network. The best routing decision is made under the comprehensive consideration of the current and historical status of each intersatellite link between Low Earth Orbit (LEO) satellite network nodes. The calculation and storage requirements are controlled within a reasonable range. Based on the curve parameter transmission fuzzy encryption algorithm, a safe and reliable condition assessment decision routing mechanism (CADRM) is designed. It ensures that the personal information of the LEO satellite network can be transmitted safely and effectively. The experimental simulation results show the improvement of network throughput, the reduction of packet loss rate and the enhancing of network reliability.     

Quality of Service Improvement with Optimal Software-Defined Networking Controller and Control Plane Clustering

The controller is indispensable in software-defined networking (SDN). With several features, controllers monitor the network and respond promptly to dynamic changes. Their performance affects the quality-of-service (QoS) in SDN. Every controller supports a set of features. However, the support of the features may be more prominent in one controller. Moreover, a single controller leads to performance, single-point-of-failure (SPOF), and scalability problems. To overcome this, a controller with an optimum feature set must be available for SDN. Furthermore, a cluster of optimum feature set controllers will overcome an SPOF and improve the QoS in SDN. Herein, leveraging an analytical network process (ANP), we rank SDN controllers regarding their supporting features and create a hierarchical control plane based cluster (HCPC) of the highly ranked controller computed using the ANP, evaluating their performance for the OS3E topology. The results demonstrated in Mininet reveal that a HCPC environment with an optimum controller achieves an improved QoS. Moreover, the experimental results validated in Mininet show that our proposed approach surpasses the existing distributed controller clustering (DCC) schemes in terms of several performance metrics i.e., delay, jitter, throughput, load balancing, scalability and CPU (central processing unit) utilization.     

Kernel Search-Framework for Dynamic Controller Placement in Software-Defined Network

In software-defined networking (SDN) networks, unlike traditional networks, the control plane is located separately in a device or program. One of the most critical problems in these networks is a controller placement problem, which has a significant impact on the network’s overall performance. This paper attempts to provide a solution to this problem aiming to reduce the operational cost of the network and improve their survivability and load balancing. The researchers have proposed a suitable framework called kernel search introducing integer programming formulations to address the controller placement problem. It demonstrates through careful computational studies that the formulations can design networks with much less installation cost while accepting a general connected topology among controllers and user-defined survivability parameters. The researchers used the proposed framework on six different topologies then analyzed and compared with Iterated Local Search (ILS) and Expansion model for the controller placement problem (EMCPP) along with considering several evaluation criteria. The results show that the proposed framework outperforms the ILS and EMCPP. Thus, the proposed framework has a 38.53% and 38.02% improvement in reducing network implementation costs than EMCPP and ILS, respectively.     

HDLIDP: A Hybrid Deep Learning Intrusion Detection and Prevention Framework

Distributed denial-of-service (DDoS) attacks are designed to interrupt network services such as email servers and webpages in traditional computer networks. Furthermore, the enormous number of connected devices makes it difficult to operate such a network effectively. Software defined networks (SDN) are networks that are managed through a centralized control system, according to researchers. This controller is the brain of any SDN, composing the forwarding table of all data plane network switches. Despite the advantages of SDN controllers, DDoS attacks are easier to perpetrate than on traditional networks. Because the controller is a single point of failure, if it fails, the entire network will fail. This paper offers a Hybrid Deep Learning Intrusion Detection and Prevention (HDLIDP) framework, which blends signature-based and deep learning neural networks to detect and prevent intrusions. This framework improves detection accuracy while addressing all of the aforementioned problems. To validate the framework, experiments are done on both traditional and SDN datasets; the findings demonstrate a significant improvement in classification accuracy.     

Single Failure Routing Protection Algorithm in the Hybrid SDN Network

Loop free alternate (LFA) is a routing protection scheme that is currently deployed in commercial routers. However, LFA cannot handle all single network component failure scenarios in traditional networks. As Internet service providers have begun to deploy software defined network (SDN) technology, the Internet will be in a hybrid SDN network where traditional and SDN devices coexist for a long time. Therefore, this study aims to deploy the LFA scheme in hybrid SDN network architecture to handle all possible single network component failure scenarios. First, the deployment of LFA scheme in a hybrid SDN network is described as a 0-1 integer linear programming (ILP) problem. Then, two greedy algorithms, namely, greedy algorithm for LFA based on hybrid SDN (GALFAHSDN) and improved greedy algorithm for LFA based on hybrid SDN (IGALFAHSDN), are proposed to solve the proposed problem. Finally, both algorithms are tested in the simulation environment and the real platform. Experiment results show that GALFAHSDN and IGALFAHSDN can cope with all single network component failure scenarios when only a small number of nodes are upgraded to SDN nodes. The path stretch of the two algorithms is less than 1.36.     

A Dynamic Reputation–based Consensus Mechanism for Blockchain

In recent years, Blockchain is gaining prominence as a hot topic in academic research. However, the consensus mechanism of blockchain has been criticized in terms of energy consumption and performance. Although Proof-of-Authority (PoA) consensus mechanism, as a lightweight consensus mechanism, is more efficient than traditional Proof-of-Work (PoW) and Proof-of-Stake (PoS), it suffers from the problem of centralization. To this end, on account of analyzing the shortcomings of existing consensus mechanisms, this paper proposes a dynamic reputation-based consensus mechanism for blockchain. This scheme allows nodes with reputation value higher than a threshold apply to become a monitoring node, which can monitor the behavior of validators in case that validators with excessive power cause harm to the blockchain network. At the same time, the reputation evaluation algorithm is also introduced to select nodes with high reputation to become validators in the network, thus increasing the cost of malicious behavior. In each consensus cycle, validators and monitoring nodes are dynamically updated according to the reputation value. Through security analysis, it is demonstrated that the scheme can resist the attacks of malicious nodes in the blockchain network. By simulation experiments and analysis of the scheme, the result verifies that the mechanism can effectively improve the fault tolerance of the consensus mechanism, reduce the time of consensus to guarantee the security of the system.     

Intelligent Transmission Control for Efficient Operations in SDN

Although the Software-Defined Network (SDN) is a well-controlled and efficient network but the complexity of open flow switches in SDN causes multiple issues. Many solutions have been proposed so far for the prevention of errors and mistakes in it but yet, there is still no smooth transmission of pockets from source to destination specifically when irregular movements follow the destination host in SDN, the errors include packet loss, data compromise etc. The accuracy of packets received at their desired destination is possible if networks for pockets and hosts are monitored instead of analysis of network snapshot statistically for the state, as these approaches with open flow switches, discover bugs after their occurrence. This article proposes a design to achieve the said objective by defining the Intelligent Transmission Control Layer (ITCL) layer. It monitors all the connections of end hosts at their specific locations and performs necessary settlements when the connection state changes for one or multiple hosts. The layer informs the controller regarding any state change at one period and controller collects information of end nodes reported via ITCL. Then, updates flow tables accordingly to accommodate a location-change scenario with a route-change policy. ICTL is organized on prototype-based implementation using the popular POX platform. In this paper, it has been discovered that ITCL produces efficient performance in the trafficking of packets and controlling different states of SDN for errors and packet loss.     

Enhancing Blockchain Security Using Ripple Consensus Algorithm

In the development of technology in various fields like big data analysis, data mining, big data, cloud computing, and blockchain technology, security become more constrained. Blockchain is used in providing security by encrypting the sharing of information. Blockchain is applied in the peer-to-peer (P2P) network and it has a decentralized ledger. Providing security against unauthorized breaches in the distributed network is required. To detect unauthorized breaches, there are numerous techniques were developed and those techniques are inefficient and have poor data integrity. Hence, a novel technique needs to be implemented to tackle the new breaches in the distributed network. This paper, proposed a hybrid technique of two fish with a ripple consensus algorithm (TF-RC). To improve the detection time and security, this paper uses efficient transmission of data in the distributed network. The experimental analysis of TF-RC by using the metric measures of performance in terms of latency, throughput, energy efficiency and it produced better performance.     

An Erebus Attack Detection Method Oriented to Blockchain Network Layer

Recently, the Erebus attack has proved to be a security threat to the blockchain network layer, and the existing research has faced challenges in detecting the Erebus attack on the blockchain network layer. The cloud-based active defense and one-sidedness detection strategies are the hindrances in detecting Erebus attacks. This study designs a detection approach by establishing a ReliefF_WMRmR-based two-stage feature selection algorithm and a deep learning-based multimodal classification detection model for Erebus attacks and responding to security threats to the blockchain network layer. The goal is to improve the performance of Erebus attack detection methods, by combining the traffic behavior with the routing status based on multimodal deep feature learning. The traffic behavior and routing status were first defined and used to describe the attack characteristics at diverse stages of s leak monitoring, hidden traffic overlay, and transaction identity forgery. The goal is to clarify how an Erebus attack affects the routing transfer and traffic state on the blockchain network layer. Consequently, detecting objects is expected to become more relevant and sensitive. A two-stage feature selection algorithm was designed based on ReliefF and weighted maximum relevance minimum redundancy (ReliefF_WMRmR) to alleviate the overfitting of the training model caused by redundant information and noise in multiple source features of the routing status and traffic behavior. The ReliefF algorithm was introduced to select strong correlations and highly informative features of the labeled data. According to WMRmR, a feature selection framework was defined to eliminate weakly correlated features, eliminate redundant information, and reduce the detection overhead of the model. A multimodal deep learning model was constructed based on the multilayer perceptron (MLP) to settle the high false alarm rates incurred by multisource data. Using this model, isolated inputs and deep learning were conducted on the selected routing status and traffic behavior. Redundant intermodal information was removed because of the complementarity of the multimodal network, which was followed by feature fusion and output feature representation to boost classification detection precision. The experimental results demonstrate that the proposed method can detect features, such as traffic data, at key link nodes and route messages in a real blockchain network environment. Additionally, the model can detect Erebus attacks effectively. This study provides novelty to the existing Erebus attack detection by increasing the accuracy detection by 1.05%, the recall rate by 2.01%, and the F1-score by 2.43%.     

DDoS Detection in SDN using Machine Learning Techniques

Software-defined network (SDN) becomes a new revolutionary paradigm in networks because it provides more control and network operation over a network infrastructure. The SDN controller is considered as the operating system of the SDN based network infrastructure, and it is responsible for executing the different network applications and maintaining the network services and functionalities. Despite all its tremendous capabilities, the SDN face many security issues due to the complexity of the SDN architecture. Distributed denial of services (DDoS) is a common attack on SDN due to its centralized architecture, especially at the control layer of the SDN that has a network-wide impact. Machine learning is now widely used for fast detection of these attacks. In this paper, some important feature selection methods for machine learning on DDoS detection are evaluated. The selection of optimal features reflects the classification accuracy of the machine learning techniques and the performance of the SDN controller. A comparative analysis of feature selection and machine learning classifiers is also derived to detect SDN attacks. The experimental results show that the Random forest (RF) classifier trains the more accurate model with 99.97% accuracy using features subset by the Recursive feature elimination (RFE) method.     

Advanced DAG-Based Ranking (ADR) Protocol for Blockchain Scalability

In the past decade, blockchain has evolved as a promising solution to develop secure distributed ledgers and has gained massive attention. However, current blockchain systems face the problems of limited throughput, poor scalability, and high latency. Due to the failure of consensus algorithms in managing nodes’identities, blockchain technology is considered inappropriate for many applications, e.g., in IoT environments, because of poor scalability. This paper proposes a blockchain consensus mechanism called the Advanced DAG-based Ranking (ADR) protocol to improve blockchain scalability and throughput. The ADR protocol uses the directed acyclic graph ledger, where nodes are placed according to their ranking positions in the graph. It allows honest nodes to use the Direct Acyclic Graph (DAG) topology to write blocks and verify transactions instead of a chain of blocks. By using a three-step strategy, this protocol ensures that the system is secured against doublespending attacks and allows for higher throughput and scalability. The first step involves the safe entry of nodes into the system by verifying their private and public keys. The next step involves developing an advanced DAG ledger so nodes can start block production and verify transactions. In the third step, a ranking algorithm is developed to separate the nodes created by attackers. After eliminating attacker nodes, the nodes are ranked according to their performance in the system, and true nodes are arranged in blocks in topological order. As a result, the ADR protocol is suitable for applications in the Internet of Things (IoT). We evaluated ADR on EC2 clusters with more than 100 nodes and achieved better transaction throughput and liveness of the network while adding malicious nodes. Based on the simulation results, this research determined that the transaction’s performance was significantly improved over blockchains like Internet of Things Applications (IOTA) and ByteBall.     

Distributed Secure Storage Scheme Based on Sharding Blockchain

Distributed storage can store data in multiple devices or servers to improve data security. However, in today's explosive growth of network data, traditional distributed storage scheme is faced with some severe challenges such as insufficient performance, data tampering, and data lose. A distributed storage scheme based on blockchain has been proposed to improve security and efficiency of traditional distributed storage. Under this scheme, the following improvements have been made in this paper. This paper first analyzes the problems faced by distributed storage. Then proposed to build a new distributed storage blockchain scheme with sharding blockchain. The proposed scheme realizes the partitioning of the network and nodes by means of blockchain sharding technology, which can improve the efficiency of data verification between nodes. In addition, this paper uses polynomial commitment to construct a new verifiable secret share scheme called PolyVSS. This new scheme is one of the foundations for building our improved distributed storage blockchain scheme. Compared with the previous scheme, our new scheme does not require a trusted third party and has some new features such as homomorphic and batch opening. The security of VSS can be further improved. Experimental comparisons show that the proposed scheme significantly reduces storage and communication costs.     

MODELING AND NONLINEAR CONTROL OF A CONTINUOUS KCI-NaCI CRYSTALLIZER

A controller is developed by combining the extended linear quadratic matrix control (EQDMC) and neural network algorithms. The dynamic neural network scheme is used to identify the process and generate a nonlinear model. The control algorithm is applied to a multi-input multi-output (MIMO) evaporative cooling KCl-NaCl-H₂O crystallizer. Closed loop responses of the system using the proposed algorithm and those of PID controllers are compared. It is shown that in all cases, the response of the proposed controller to step changes in setpoints is faster than the PID controllers.     

Neural networks for adaptive control coordination of PSSs and FACTS devices in multimachine power system

The paper develops a new design procedure for online control coordination which leads to adaptive power system stabilisers (PSSs) and/or supplementary damping controllers of flexible ac transmission system (FACTS) devices for enhancing the stability of the electromechanical modes in a multimachine power system. The controller parameters are adaptive to the changes in system operating condition and/or configuration. Central to the design is the use of a neural network synthesised to give in its output layer the optimal controller parameters adaptive to system operating condition and configuration. A novel feature of the neural-adaptive controller is that of representing the system configuration by a reduced nodal impedance matrix which is input to the neural network. Only power network nodes with direct connections to generators and FACTS devices are retained in the reduced nodal impedance matrix. The system operating condition is represented in terms of the measured generator power loadings, which are also input to the neural network. For a representative power system, the neural network is trained and tested for a wide range of credible operating conditions and contingencies. Both eigenvalue calculations and time-domain simulations are used in the testing and verification of the dynamic performance of the neural-adaptive controller.     

MODELING AND NONLINEAR CONTROL OF A CONTINUOUS KCI-NaCI CRYSTALLIZER

ABSTRACT

A controller is developed by combining the extended linear quadratic matrix control (EQDMC) and neural network algorithms. The dynamic neural network scheme is used to identify the process and generate a nonlinear model. The control algorithm is applied to a multi-input multi-output (MIMO) evaporative cooling KCl-NaCl-H₂O crystallizer. Closed loop responses of the system using the proposed algorithm and those of PID controllers are compared. It is shown that in all cases, the response of the proposed controller to step changes in setpoints is faster than the PID controllers.     

Cascaded cuckoo search optimization of router placement in signal attenuation minimization for a wireless sensor network in an indoor environment

Optimization of the energy required during data transmission in a wireless indoor area network can be achieved through intelligent router placements to keep the network active for longer and improve the packet delivery ratio. In this work, a cascaded cuckoo search algorithm (C-CSA) approach is implemented for optimal router placement in a wireless indoor area network based on minimization of signal attenuation during data packet transmission through a novel mathematical formulation. The transmission energy for each packet, signal-to-noise ratio and packet error ratio are studied over 50 independent runs of the algorithm. The results are presented with statistical confidence to prove the efficiency of the algorithm. C-CSA provides superior results for data transmission energy and the packet delivery ratio compared to existing algorithms. Physical placement of wireless nodes in a building further establishes the reduction in energy requirement and data packet loss through this optimal router placement strategy.