6,150 research outputs found
Datanet: Deep Learning Based Encrypted Network Traffic Classification in SDN Home Gateway
A smart home network will support various smart devices and applications, e.g., home automation devices, E-health devices, regular computing devices, and so on. Most devices in a smart home access the Internet through a home gateway (HGW). In this paper, we propose a software-defined network (SDN)-HGW framework to better manage distributed smart home networks and support the SDN controller of the core network. The SDN controller enables efficient network quality-of-service management based on real-time traffic monitoring and resource allocation of the core network. However, it cannot provide network management in distributed smart homes. Our proposed SDN-HGW extends the control to the access network, i.e., a smart home network, for better end-to-end network management. Specifically, the proposed SDN-HGW can achieve distributed application awareness by classifying data traffic in a smart home network. Most existing traffic classification solutions, e.g., deep packet inspection, cannot provide real-time application awareness for encrypted data traffic. To tackle those issues, we develop encrypted data classifiers (denoted as DataNets) based on three deep learning schemes, i.e., multilayer perceptron, stacked autoencoder, and convolutional neural networks, using an open data set that has over 200 000 encrypted data samples from 15 applications. A data preprocessing scheme is proposed to process raw data packets and the tested data set so that DataNet can be created. The experimental results show that the developed DataNets can be applied to enable distributed application-aware SDN-HGW in future smart home networks
Optical Network Virtualisation using Multi-technology Monitoring and SDN-enabled Optical Transceiver
We introduce the real-time multi-technology transport layer monitoring to
facilitate the coordinated virtualisation of optical and Ethernet networks
supported by optical virtualise-able transceivers (V-BVT). A monitoring and
network resource configuration scheme is proposed to include the hardware
monitoring in both Ethernet and Optical layers. The scheme depicts the data and
control interactions among multiple network layers under the software defined
network (SDN) background, as well as the application that analyses the
monitored data obtained from the database. We also present a re-configuration
algorithm to adaptively modify the composition of virtual optical networks
based on two criteria. The proposed monitoring scheme is experimentally
demonstrated with OpenFlow (OF) extensions for a holistic (re-)configuration
across both layers in Ethernet switches and V-BVTs
The HSS/SNiC : a conceptual framework for collapsing security down to the physical layer
This work details the concept of a novel network security model called the Super NIC (SNIC) and a Hybrid Super Switch (HSS). The design will ultimately incorporate deep packet inspection (DPI), intrusion detection and prevention (IDS/IPS) functions, as well as network access control technologies therefore making all end-point network devices inherently secure. The SNIC and HSS functions are modelled using a transparent GNU/Linux Bridge with the Netfilter framework
Firmware enhancements for BYOD-aware network security
In today’s connected world, users migrate within a complex set of networks, including, but not limited to, 3G and 4G (LTE) services provided by mobile operators, Wi-Fi hotspots in private and public places, as well as wireless and/or wired LAN access in business and home environments. Following the widely expanding Bring Your Own Device (BYOD) approach, many public and educational institutions have begun to encourage customers and students to use their own devices at all times. While this may be cost-effective in terms of decreased investments in hardware and consequently lower maintenance fees on a long-term basis, it may also involve some security risks. In particular, many users are often connected to more than one network and/or communication service provider at the same time, for example to a 3G/4G mobile network and to a Wi-Fi. In a BYOD setting, an infected device or a rogue one can turn into an unwanted gateway, causing a security breach by leaking information across networks. Aiming at investigating in greater detail the implications of BYOD on network security in private and business settings we are building a framework for experiments with mobile routers both in home and business networks. This is a continuation of our earlier work on communications and services with enhanced security for network appliances
- …