A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

An integration of slicing, NFV, and SDN for mobility management in corporate environments

Online access to information while on the move has conferred businesses with the capability to be constantly accessible and in operation, independently of geographical area or time zone. There are situations, however, that demand technical solutions for specific scenarios, such as controlled access to corporate-based content. Virtual Private Networks (VPNs) allow controlled remote access to con-tent, supporting scenarios such as teleworking. Nonetheless, such mechanisms are not commonly associated with the highly mobile users of today, which can traverse different types of access networks, while still keeping access to con-tent restricted to corporate network usage. In addition, as VPN mechanisms are disassociated from mobility procedures, service disruption can happen or specific mechanisms and clients can be required in end-user's equipment. This paper proposes a framework that leverages Network Slicing, enabled by Software Defined Networking and Network Function Virtualisation, to provide seamless and isolated access to corporate-based content while moving through heterogeneous networks. This solution allows Mobile Network Operators to dynamically instantiate isolated network slices for corporate users, and handover them between 3GPP and non-3GPP networks while users move away from the corporate network. In this way, they are able to keep access to corporate-based content in a transparent way, while maintaining access requirements for the servicebeing used. The framework was implemented and validated over an experimental testbed composed by mobile and Wi-Fi accesses, with results presenting improvements in terms of overhead signaling and data redirection without downtime nor stream reconnection.publishe

Design of an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) for the EIU Cybersecurity Laboratory

Cyber Security will always be a subject of discussion for a long time to come. Research has shown that there is massive growth of cyber-crime and the currently available number of Cyber Security experts to counter this is limited. Although there are multiple resources discussing Cyber Security, but access to training in practical applications is limited. As an institution, Eastern Illinois University (EIU) is set to start Masters of Science in Cyber Security in Fall 2017. Then the challenge is how EIU will expose students to the practical reality of Cyber Security where they can learn different detection, prevention and incidence analysis techniques of cyber-attacks. In addition, students should have the opportunity to learn cyber-attacks legally. This research proposes a solution for these needs by focusing on the design of firewall architecture with an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) for the EIU Cyber Security Laboratory. This thesis explores different up to date techniques and methods for detection and prevention of cyber-attacks. The overall outcome of this research is to design a public testing site that invites hackers to attack for the purpose of detection, prevention and security incidence analysis. This public firewall might empower students and instructors with practical cyber-attacks, detection techniques, prevention techniques, and forensics analysis tools. It may also provide the knowledge required for further research in the field of Cyber Security

Auto-bandwidth control in dynamically reconfigured hybrid-SDN MPLS networks

The proposition of this work is based on the steady evolution of bandwidth demanding technology, which currently and more so in future, requires operators to use expensive infrastructure capability smartly to maximise its use in a very competitive environment. In this thesis, a traffic engineering control loop is proposed that dynamically adjusts the bandwidth and route of flows of Multi-Protocol Label Switching (MPLS) tunnels in response to changes in traffic demand. Available bandwidth is shifted to where the demand is, and where the demand requirement has dropped, unused allocated bandwidth is returned to the network. An MPLS network enhanced with Software-defined Networking (SDN) features is implemented. The technology known as hybrid SDN combines the programmability features of SDN with the robust MPLS label switched path features along with traffic engineering enhancements introduced by routing protocols such as Border Gateway Patrol-Traffic Engineering (BGP-TE) and Open Shortest Path First-Traffic Engineering (OSPF-TE). The implemented mixed-integer linear programming formulation using the minimisation of maximum link utilisation and minimum link cost objective functions, combined with the programmability of the hybrid SDN network allows for source to destination demand fluctuations. A key driver to this research is the programmability of the MPLS network, enhanced by the contributions that the SDN controller technology introduced. The centralised view of the network provides the network state information needed to drive the mathematical modelling of the network. The path computation element further enables control of the label switched path's bandwidths, which is adjusted based on current demand and optimisation method used. The hose model is used to specify a range of traffic conditions. The most important benefit of the hose model is the flexibility that is allowed in how the traffic matrix can change if the aggregate traffic demand does not exceed the hose maximum bandwidth specification. To this end, reserved hose bandwidth can now be released to the core network to service demands from other sites

Internet of Things and Intelligent Technologies for Efficient Energy Management in a Smart Building Environment

Internet of Things (IoT) is attempting to transform modern buildings into energy efficient, smart, and connected buildings, by imparting capabilities such as real-time monitoring, situational awareness and intelligence, and intelligent control. Digitizing the modern day building environment using IoT improves asset visibility and generates energy savings. This dissertation provides a survey of the role, impact, and challenges and recommended solutions of IoT for smart buildings. It also presents an IoT-based solution to overcome the challenge of inefficient energy management in a smart building environment. The proposed solution consists of developing an Intelligent Computational Engine (ICE), composed of various IoT devices and technologies for efficient energy management in an IoT driven building environment. ICE’s capabilities viz. energy consumption prediction and optimized control of electric loads have been developed, deployed, and dispatched in the Real-Time Power and Intelligent Systems (RTPIS) laboratory, which serves as the IoT-driven building case study environment. Two energy consumption prediction models viz. exponential model and Elman recurrent neural network (RNN) model were developed and compared to determine the most accurate model for use in the development of ICE’s energy consumption prediction capability. ICE’s prediction model was developed in MATLAB using cellular computational network (CCN) technique, whereas the optimized control model was developed jointly in MATLAB and Metasys Building Automation System (BAS) using particle swarm optimization (PSO) algorithm and logic connector tool (LCT), respectively. It was demonstrated that the developed CCN-based energy consumption prediction model was highly accurate with low error % by comparing the predicted and the measured energy consumption data over a period of one week. The predicted energy consumption values generated from the CCN model served as a reference for the PSO algorithm to generate control parameters for the optimized control of the electric loads. The LCT model used these control parameters to regulate the electric loads to save energy (increase energy efficiency) without violating any operational constraints. Having ICE’s energy consumption prediction and optimized control of electric loads capabilities is extremely useful for efficient energy management as they ensure that sufficient energy is generated to meet the demands of the electric loads optimally at any time thereby reducing wasted energy due to excess generation. This, in turn, reduces carbon emissions and generates energy and cost savings. While the ICE was tested in a small case-study environment, it could be scaled to any smart building environment

Traffic-Aware Deployment of Interdependent NFV Middleboxes in Software-Defined Networks

Middleboxes, such as firewalls, Network Address Translators (NATs), Wide Area Network (WAN) optimizers, or Deep Packet Inspector (DPIs), are widely deployed in modern networks to improve network security and performance. Traditional middleboxes are typically hardware based, which are expensive and closed systems with little extensibility. Furthermore, they are developed by different vendors and deployed as standalone devices with little scalability. As the development of networks in scale, the limitations of traditional middleboxes bring great challenges in middlebox deployments. Network Function Virtualization (NFV) technology provides a promising alternative, which enables flexible deployment of middleboxes, as virtual machines (VMs) running on standard servers. However, the flexibility also creates a challenge for efficiently placing such middleboxes, due to the availability of multiple hosting servers, capabilities of middleboxes to change traffic volumes, and dependency between middleboxes. In our first two work, we addressed the optimal placement challenge of NFV middleboxes by considering middlebox traffic changing effects and dependency relations. Since each VM has only a limited processing capacity restricted by its available resources, multiple instances of the same function are necessary in an NFV network. Thus, routing in an NFV network is also a challenge to determine not only via a path from the source to destination but also the service (middlebox) locations. Furthermore, the challenge is complicated by the traffic changing effects of NFV services and dependency relations between them. In our third work, we studied how to efficiently route a flow to receive services in an NFV network. We conducted large-scale simulations to evaluate our proposed solutions, and also implemented a Software-Defined Networking (SDN) based prototype to validate the solutions in realistic environments. Extensive simulation and experiment results have been fully demonstrated the effectiveness of our design

Policy Conflict Management in Distributed SDN Environments

abstract: The ease of programmability in Software-Defined Networking (SDN) makes it a great platform for implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this dissertation, a formalism for flow rule conflicts in SDN environments is introduced. This formalism is realized in Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller. Brew has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. Techniques for global prioritization of flow rules in a decentralized environment are presented, using which all SDN flow rule conflicts are recognized and classified. Strategies for unassisted resolution of these conflicts are also detailed. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts in an aesthetic manner. The correctness, feasibility and scalability of the Brew proof-of-concept prototype is demonstrated. Flow rule conflict avoidance using a buddy address space management technique is studied as an alternate to conflict detection and resolution in highly dynamic cloud systems attempting to implement an SDN-based Moving Target Defense (MTD) countermeasures.Dissertation/ThesisDoctoral Dissertation Computer Science 201

3D digital relief generation.

This thesis investigates a framework for generating reliefs. Relief is a special kind of sculptured artwork consisting of shapes carved on a surface so as to stand out from the surrounding background. Traditional relief creation is done by hand and is therefore a laborious process. In addition, hand-made reliefs are hard to modify. Contrasted with this, digital relief can offer more flexibility as well as a less laborious alternative and can be easily adjusted. This thesis reviews existing work and offers a framework to tackle the problem of generating three types of reliefs: bas reliefs, high reliefs and sunken reliefs. Considerably enhanced by incorporating gradient operations, an efficient bas relief generation method has been proposed, based on 2D images. An improvement of bas relief and high relief generation method based on 3D models has been provided as well, that employs mesh representation to process the model. This thesis is innovative in describing and evaluating sunken relief generation techniques. Two types of sunken reliefs have been generated: one is created with pure engraved lines, and the other is generated with smooth height transition between lines. The latter one is more complex to implement, and includes three elements: a line drawing image provides a input for contour lines; a rendered Lambertian image shares the same light direction of the relief and sets the visual cues and a depth image conveys the height information. These three elements have been combined to generate final sunken reliefs. It is the first time in computer graphics that a method for digital sunken relief generation has been proposed. The main contribution of this thesis is to have proposed a systematic framework to generate all three types of reliefs. Results of this work can potentially provide references for craftsman, and this work could be beneficial for relief creation in the fields of both entertainment and manufacturing

Magnetic Resonance Imaging/Ultrasound-Fusion Biopsy versus systematic transrectal Ultrasound Biopsy in the diagnosis of clinically significant prostate cancer: a prospective study.

Obiettivo Valutare la performance diagnostica di una nuova piattaforma biotica per metodica Fusion (Ecografia e Risonanza Magnetica) in una coorte di pazienti con sospetto clinico di neoplasia prostatica (PCa). Materiali e Metodi Sono stati arruolati pazienti con sospetto PCa o con diagnosi di PCa indolente (in Sorveglianza Attiva). I pazienti, sottoposti a Risonanza Magnetica multiparametrica (RMmp), in caso di riscontro di lesione/i sospetta/e, secondo un punteggio standardizzato, sono stati poi sottoposti a Biopsia Prostatica eco-guidata e contestuale biopsia mirata Fusion con almeno 2 prelievi per lesione. Il criterio per definire la presenza di tumore clinicamente significativo (csPCa) era la presenza di un punteggio di Gleason score ≥7 negli specimen bioptici. Risultati Dei 305 pazienti arruolati, 279 (91.4%) hanno eseguito una biopsia Fusion. Complessivamente, la detection rate (DR) globale della biopsia Fusion è risultata del 61.3% mentre è risultata del 51.3% per csCaP. La Fusion Biopsy ha mostrato delle DR progressivamente più alte al crescere del PIRADS Score (p<.001); le lesioni risultate positive alla Fusion Biopsy sono risultate di maggior diametro rispetto a quelle negative (mediana: 12 mm vs 10.5 mm; p= 0.0005). L’analisi relativa al numero dei prelievi ha mostrato una percentuale di prelievi positivi per neoplasia significativamente maggiore nei prelievi con metodica Fusion rispetto a quelli eseguiti con metodica random (p<.0001); inoltre, il numero di prelievi indicativi di csPCa è risultato rispettivamente significativamente maggiore con metodica Fusion (p<.0001). In termini di efficacia, il numero mediano di prelievi mirati per diagnosticare un csPCa è risultato 4 contro 11 necessari in corso di biopsia tradizionale (p<.0001) Conclusioni La biopsia mirata con tecnica Fusion ha dimostrato una DR globale complessivamente simile alla biopsia eco-guidata tradizionale sebbene l'incidenza di PCa sia aumentata nei prelievi mirati. Inoltre, nelle re-biopsie, la performance diagnostica della Fusion biopsy è risultata migliore per la diagnosi di csPCa.Aims To evaluate the diagnostic performance of a new bioptic platform for Ultrasound-Magnetic resonance Fusion Prostate Biopsy in a cohort of patients with suspicion of Prostate Cancer (PCa). Materials and methods Men with suspicion of PCa or with an established diagnosis of indolent PCa (in Active Surveillance protocol) were enrolled. All patients underwent multiparametric Magnetic resonance of the Prostate (mpMR) and, in case of a suspected lesion (s) for PCa, according to a standardized score, were submitted to standard random Biopsy and contextual targeted biopsy with at least 2 samples for lesion, exploiting the "real-time" fusion of mpMR images with ultrasound images. The criterion for defining the presence of csPCa was Gleason score score ≥7 in the biopsy specimen. Results Of the 305 patients enrolled, 279 (91.4%) subsequently performed a Fusion biopsy. Overall, the global detection rate (DR) of Fusion biopsy was 61.3% (171/279) while in 51.3% of cases a csPCa was diagnosed (143/279). Fusion biopsy showed progressively higher DRs as the PIRADS Score increased with a strong statistically significant difference (p <.001); the lesions that were positive at the targeted biopsy were significantly larger than the negative ones (median: 12 mm vs. 10.5 mm; p = 0.0005). The analysis of the number of cores showed a significantly higher percentage of positive ones with the Fusion method and a simultaneous higher percentage for csPCa compared to those performed with random biopsy ( all p < .0001). In terms of efficacy, the median number of targeted cores to diagnose a csPCa was 4 against 11 needed with random biopsy (p <.0001) Conclusions Fusion biopsy showed similar global rates of PCa diagnosis compared to random biopsy although the incidence of PCa was higher increased in targeted cores. Furthermore, Fusion biopsy showed better performance in terms of csPCa in re-biopsy patients