Graduation Year

2020

Document Type

Dissertation

Degree

Ph.D.

Degree Name

Doctor of Philosophy (Ph.D.)

Degree Granting Department

Electrical Engineering

Major Professor

Kaiqi Xiong, Ph.D.

Co-Major Professor

Nasir Ghani, Ph.D.

Committee Member

Yufeng Xin, Ph.D.

Committee Member

Yicheng Tu, Ph.D.

Committee Member

Mahshid R. Naeini, Ph.D.

Keywords

Global Environment for Networking Innovations, OpenFlow, Quality of Service, Security, Traffic Engineering

Abstract

Information and Communications Technology (ICT) infrastructures and systems are being widely deployed to support a broad range of users and application scenarios. A key trend here is the emergence of many different "smart" technology paradigms along with an increasingly diverse array of networked sensors, e.g., for smart homes and buildings, intelligent transportation and autonomous systems, emergency response, remote health monitoring and telehealth, etc. As billions of these devices come online, ICT networks are being tasked with transferring increasing volumes of data to support intelligent real-time decision making and management. Indeed, many applications and services will have very stringent Quality of Service (QoS) and security requirements.

In light of the above, effective and secure end-to-end delivery of user data flows is a major focus for network operators. Now in recent years, Software-Defined Networking (SDN) has emerged as a leading communication technology for supporting the evolving service needs of ICT infrastructures. However, even though various efforts have conducted research work, prototype development, and deployment of SDN-based solutions in smaller ICT scenarios, future contributions are still needed. Most notably, there is a lack of cohesive mechanisms for enhancing end-to-end QoS and security for real-time services in SDN systems.

Foremost, stringent delay-sensitive data services, such as emergency response, require effective QoS mechanisms to reduce end-to-end path latency and minimize SDN controller response times. Here, a key concern is how to handle short-term network state fluctuations due to congestion while ensuring latency performance. In addition, security issues, such as large scale Distributed Denial of Service (DDoS) attacks, also pose serious threats to SDN environments. Although various Intrusion Detection and Prevention Systems (IDPS) have been proposed to detect and mitigate such attacks, they often entail significant performance overheads and excessive inspection and/or mitigation times, rendering them impractical.

In light of the above, this dissertation study presents some novel solutions and mechanisms for improving QoS support and security (related to data-control saturation) in SDN-enabled ICT infrastructures. Specifically, an adaptive solution is presented to achieve rapid path computation by leveraging active link latency measurements to generate efficient statistical estimates. Furthermore, a novel priority queueing mechanism is also proposed to improve support for higher-grade services traffic. This solution also integrates and prioritizes control plane traffic to improve overall response and delivery times. Finally, a lightweight kernel-based IDPS scheme is also developed to thwart data-control saturation attacks by leveraging modular string search and filtering techniques. In particular, this solution uses dynamic/self-adjusted detection thresholds to improve attack detection. The proposed methods are all prototyped and tested in the National Science Foundation (NSF) Global Environment for Network Innovations (GENI), a live real-world distributed network testbed facility. Overall, detailed performance evaluations show that the proposed solutions properly address and resolve many of the research problems outlined in this dissertation study.

Share

COinS