Datanet: Deep Learning Based Encrypted Network Traffic Classification in SDN Home Gateway

A smart home network will support various smart devices and applications, e.g., home automation devices, E-health devices, regular computing devices, and so on. Most devices in a smart home access the Internet through a home gateway (HGW). In this paper, we propose a software-defined network (SDN)-HGW framework to better manage distributed smart home networks and support the SDN controller of the core network. The SDN controller enables efficient network quality-of-service management based on real-time traffic monitoring and resource allocation of the core network. However, it cannot provide network management in distributed smart homes. Our proposed SDN-HGW extends the control to the access network, i.e., a smart home network, for better end-to-end network management. Specifically, the proposed SDN-HGW can achieve distributed application awareness by classifying data traffic in a smart home network. Most existing traffic classification solutions, e.g., deep packet inspection, cannot provide real-time application awareness for encrypted data traffic. To tackle those issues, we develop encrypted data classifiers (denoted as DataNets) based on three deep learning schemes, i.e., multilayer perceptron, stacked autoencoder, and convolutional neural networks, using an open data set that has over 200 000 encrypted data samples from 15 applications. A data preprocessing scheme is proposed to process raw data packets and the tested data set so that DataNet can be created. The experimental results show that the developed DataNets can be applied to enable distributed application-aware SDN-HGW in future smart home networks

Optical Network Virtualisation using Multi-technology Monitoring and SDN-enabled Optical Transceiver

We introduce the real-time multi-technology transport layer monitoring to facilitate the coordinated virtualisation of optical and Ethernet networks supported by optical virtualise-able transceivers (V-BVT). A monitoring and network resource configuration scheme is proposed to include the hardware monitoring in both Ethernet and Optical layers. The scheme depicts the data and control interactions among multiple network layers under the software defined network (SDN) background, as well as the application that analyses the monitored data obtained from the database. We also present a re-configuration algorithm to adaptively modify the composition of virtual optical networks based on two criteria. The proposed monitoring scheme is experimentally demonstrated with OpenFlow (OF) extensions for a holistic (re-)configuration across both layers in Ethernet switches and V-BVTs

The HSS/SNiC : a conceptual framework for collapsing security down to the physical layer

This work details the concept of a novel network security model called the Super NIC (SNIC) and a Hybrid Super Switch (HSS). The design will ultimately incorporate deep packet inspection (DPI), intrusion detection and prevention (IDS/IPS) functions, as well as network access control technologies therefore making all end-point network devices inherently secure. The SNIC and HSS functions are modelled using a transparent GNU/Linux Bridge with the Netfilter framework

Firmware enhancements for BYOD-aware network security

In today’s connected world, users migrate within a complex set of networks, including, but not limited to, 3G and 4G (LTE) services provided by mobile operators, Wi-Fi hotspots in private and public places, as well as wireless and/or wired LAN access in business and home environments. Following the widely expanding Bring Your Own Device (BYOD) approach, many public and educational institutions have begun to encourage customers and students to use their own devices at all times. While this may be cost-effective in terms of decreased investments in hardware and consequently lower maintenance fees on a long-term basis, it may also involve some security risks. In particular, many users are often connected to more than one network and/or communication service provider at the same time, for example to a 3G/4G mobile network and to a Wi-Fi. In a BYOD setting, an infected device or a rogue one can turn into an unwanted gateway, causing a security breach by leaking information across networks. Aiming at investigating in greater detail the implications of BYOD on network security in private and business settings we are building a framework for experiments with mobile routers both in home and business networks. This is a continuation of our earlier work on communications and services with enhanced security for network appliances