The Smart Cyber Ecosystem for Sustainable Development. Группа авторов
Чтение книги онлайн.

Читать онлайн книгу The Smart Cyber Ecosystem for Sustainable Development - Группа авторов страница 26

СКАЧАТЬ data is communicated over a shared media. With the advent of ML technology, researchers have been trying to exploit ML techniques to overcome this problem. ML methods can process and classify traffic flows based on observable properties such as number of packets in a flow, flow duration, packet size, inter-packet arrival time, and flow size in bytes. Based on these properties, more advanced features can be computed.

      The authors of [40] propose a system for ML-based flow classification integrated in SDN. It exploits methods of extracting knowledge that can be used by the controller in order to classify flows. A supervised ML algorithm has been used for identifying the underlying application flow, while unsupervised learning algorithm has been used for clustering flows in order to identify unknown applications. The system is also able to detect groups of related flows and proved to detect anomaly and botnet, as well as honeypot traffic rerouting.

      In [11], the authors developed an SDN-based system for real time intrusion detection using a deep learning-based approach. Data sets are used to train the ML algorithm, following the supervised learning approach. Then, a flow inspection module examines the flows and decides whether it is an intrusion flow or not. The SDN paradigm facilitates the implementation of the proposed method, as it provides means for designing flow-based monitoring and control mechanisms.

      A detailed intelligent system for an automated control of large-scale networks is developed in [43]. The system architecture exploits SDN and deep RL methods for intelligent network control. Among other objectives, the system can serve applications that require traffic analysis and classification. RL involves processes that learn to make better decisions from experiences by interacting with all network elements. The SDN architecture is comprised of three planes: forwarding plane, the CP, and the AI plane. The function of the forwarding plane is forwarding, processing, and monitoring of data packets. The CP connects the AI plane and the forwarding plane. The SDN controller manages the network through standard southbound protocols and interacts with the AI plane through the northbound interface. The AI plane generates policies. It learns the policy through interaction with the network environment. An AI agent processes the network state data collected by the forwarding plane, then transfers the data to a policy through RL that is used to make decisions and optimization.

      The researchers in [44] use KNN classification algorithm for detecting several types of attacks. The authors pointed out that with large training dataset, the computation of distances between the test point and training data is time-consuming as the algorithm needs also to sort and find the closest K neighbors. Author in [45] uses unsupervised ML for detecting anomalies in real networks. The proposed approach enables anticipation of anomalies before they become a real problem.

      The paper of [46] provides a detailed review of recent studies that combines ML and SDN technology to solve the intrusion detection problem. The authors compare the performance of supervised, unsupervised, semi-supervised, and DL algorithms.

      2.7.2 Wireless Local Area Networks

      In recent years, we see tremendous widespread of WLANs, as they evolve to meet user’s requirements, especially the high speed Internet connection. Accurate prediction of WLANs performance is important for managing network resources. However, due to interference and the interactions between the physical and data link layers as well as the heterogeneity of WLAN devices, predicting and estimating the performance of WLANs is a difficult task. Many of the solutions use the Signal-to-Noise and Interference Ratio (SNIR) parameter. However, it has been proven that relying on this parameter to estimate the performance does not lead to satisfactory results. In fact, the performance of WLANs is more complex to be measured using SNIR, and it is a function of large number of interacting and related parameters that may change over time.

      ML and the combination of ML and SDN have been shifting the research in WLANs to a new direction what allows more practical solutions to complex networking problems. Such solutions do not only simplify the management of network but also alleviate the complexity of algorithms and facilitate reaching optimal operation of a dynamically changing network.

      The authors of [47] develop a framework solution for the control and management of WLANs based on the SDN approach. The system comprises a set of modules and ML algorithms, stressing the fact that modern and future WLANs will be intelligently controlled. The authors tried to show the strength of the developed solution by addressing the following issues: mobility, security, QoS, channel bandwidth allocation, coordinated transmission power, load balancing, and virtualization of wireless networks.

       2.7.2.1 Access Point Selection

      Administrators of WLANs normally deploy large number of APs to cover an area and provide users best QoS. In such scenario, a user could be under the coverage of multiple APs and thus has the potential to select the AP to which it will connect. The selection of AP is important and affects the performance a user might experience in the network as well as the overall network performance. This is because wireless networks are highly dynamic, whereas the activation of a link between a user and an AP may influence other ongoing connections in same and/or neighboring cells. In current implementations of WLANs technology, a user selects an AP from which it gets the strongest signal during a scanning phase. It has been shown in large number of research studies that the legacy selection policy does not ensure best QoS for network users. Obviously, an AP to which a user has the strongest connection might be serving large number of users; hence, its cell will be highly congested [48].

      The authors of [49] propose an SDN-based AP selection scheme for WLANs. The selection is based on the analysis of achievable throughput a user might get from potential cells. The system computes the throughputs that capture the channel competition among neighboring cells. Some cells may obtain few chances to get the channel. Even in the same cell, mobile users compete with each other for channel access. The authors noticed that the airtime completion and airtime share among WLAN users play a fundamental role in determining the QoS the user will get. The authors implemented their proposed method in an SDN framework comprised of three planes: data plane, CP, and service plane. The data plane consists of a number of thin APs that are responsible for data forwarding. The CP contains a SDN-WiFi controller, while the service plane contains a set of applications such as association control, load balance, and seamless mobility management. The proposed AP selection scheme is implemented in the service plane. The applications are installed on the SDN controller, which collects necessary information from networking devices and decides the best cell for each of newly joining users.

      In [50], the authors developed ML-based methods for detecting causes of unnecessary active scanning in WLANs. The authors argue that ML provides the best way to detect causes of unnecessary active scan in WLANs, where various independent and dependent parameters interact together. Both unsupervised and supervised methods are compared.