A Novel Stealthy Attack to Gather SDN Configuration-Information

Software Defined Networking (SDN) is a recent network architecture based on the separation of forwarding functions from network logic, and provides high flexibility in the management of the network. In this paper, we show how an attacker can exploit SDN programmability to obtain detailed knowledge about the network behaviour. In particular, we introduce a novel attack, named Know Your Enemy (KYE), which allows an attacker to gather vital information about the configuration of the network. Through the KYE attack, an attacker can obtain information ranging from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that the KYE attack can be performed in a stealthy fashion, allowing an attacker to learn configuration secrets without being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. Finally, we address the KYE attack by proposing an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideration

Energy Recovery Optimization by Means of a Turbine in a Pressure Regulation Node of a Real Water Network Through a Data-Driven Digital Twin

In recent years, various devices have been proposed for pressure regulation and energy recovery in water distribution and transport networks. To provide a real net benefit, they require a dedicated long-distance management system in order to carry on both hydrau- lic regulation and electricity production without direct human manual operations. This work presents a new proposal for the management of a pressure regulation system based on the PRS turbine. The proposal is applied to a real water distribution network, named Montescuro Ovest pipeline, at the San Giovannello station. The Real Time Control (RTC) logic currently applied at San Giovannello station is first presented and discussed. A new Advanced Real Time Control (ARTC) logic is then proposed, based on direct configura - tion of the turbine and the surrounding valves as computed by the solution of an optimiza- tion problem. In ARTC a digital twin, including the hydraulic model of the surrounding network, provides a one-to-one relationship between the configuration parameters and the state variables, i.e. flow rates and pressures. The digital twin model equations are continu - ously updated on the basis of the recorded measures. Besides providing almost identical performance to the current RTC logic in the current operational scenario, the improved ARTC is more robust, in that it guarantees better hydropower generation in modified oper- ational scenarios, as shown in specific tests. The proposed methodology constitutes a new approach to regulating the valves in hydroelectric plants which are currently regulated with traditional automation algorithms

Design and Implementation of a Measurement-Based Policy-Driven Resource Management Framework For Converged Networks

This paper presents the design and implementation of a measurement-based QoS and resource management framework, CNQF (Converged Networks QoS Management Framework). CNQF is designed to provide unified, scalable QoS control and resource management through the use of a policy-based network management paradigm. It achieves this via distributed functional entities that are deployed to co-ordinate the resources of the transport network through centralized policy-driven decisions supported by measurement-based control architecture. We present the CNQF architecture, implementation of the prototype and validation of various inbuilt QoS control mechanisms using real traffic flows on a Linux-based experimental test bed.Comment: in Ictact Journal On Communication Technology: Special Issue On Next Generation Wireless Networks And Applications, June 2011, Volume 2, Issue 2, Issn: 2229-6948(Online

A survey of machine learning techniques applied to self organizing cellular networks

In this paper, a survey of the literature of the past fifteen years involving Machine Learning (ML) algorithms applied to self organizing cellular networks is performed. In order for future networks to overcome the current limitations and address the issues of current cellular systems, it is clear that more intelligence needs to be deployed, so that a fully autonomous and flexible network can be enabled. This paper focuses on the learning perspective of Self Organizing Networks (SON) solutions and provides, not only an overview of the most common ML techniques encountered in cellular networks, but also manages to classify each paper in terms of its learning solution, while also giving some examples. The authors also classify each paper in terms of its self-organizing use-case and discuss how each proposed solution performed. In addition, a comparison between the most commonly found ML algorithms in terms of certain SON metrics is performed and general guidelines on when to choose each ML algorithm for each SON function are proposed. Lastly, this work also provides future research directions and new paradigms that the use of more robust and intelligent algorithms, together with data gathered by operators, can bring to the cellular networks domain and fully enable the concept of SON in the near future