Click to open the HelpDesk interface
AECE - Front page banner

Menu:


FACTS & FIGURES

JCR Impact Factor: 0.650
JCR 5-Year IF: 0.639
Issues per year: 4
Current issue: Aug 2019
Next issue: Nov 2019
Avg review time: 72 days


PUBLISHER

Stefan cel Mare
University of Suceava
Faculty of Electrical Engineering and
Computer Science
13, Universitatii Street
Suceava - 720229
ROMANIA

Print ISSN: 1582-7445
Online ISSN: 1844-7600
WorldCat: 643243560
doi: 10.4316/AECE


TRAFFIC STATS

2,358,177 unique visits
611,323 downloads
Since November 1, 2009



Robots online now
SemrushBot
SemanticScholar


SJR SCImago RANK

SCImago Journal & Country Rank




TEXT LINKS

Anycast DNS Hosting
MOST RECENT ISSUES

 Volume 19 (2019)
 
     »   Issue 3 / 2019
 
     »   Issue 2 / 2019
 
     »   Issue 1 / 2019
 
 
 Volume 18 (2018)
 
     »   Issue 4 / 2018
 
     »   Issue 3 / 2018
 
     »   Issue 2 / 2018
 
     »   Issue 1 / 2018
 
 
 Volume 17 (2017)
 
     »   Issue 4 / 2017
 
     »   Issue 3 / 2017
 
     »   Issue 2 / 2017
 
     »   Issue 1 / 2017
 
 
 Volume 16 (2016)
 
     »   Issue 4 / 2016
 
     »   Issue 3 / 2016
 
     »   Issue 2 / 2016
 
     »   Issue 1 / 2016
 
 
  View all issues  








LATEST NEWS

2019-Jun-20
Clarivate Analytics published the InCites Journal Citations Report for 2018. The JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.650, and the JCR 5-Year Impact Factor is 0.639.

2018-May-31
Starting today, the minimum number a pages for a paper is 8, so all submitted papers should have 8, 10 or 12 pages. No exceptions will be accepted.

2018-Jun-27
Clarivate Analytics published the InCites Journal Citations Report for 2017. The JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.699, and the JCR 5-Year Impact Factor is 0.674.

2017-Jun-14
Thomson Reuters published the Journal Citations Report for 2016. The JCR Impact Factor of Advances in Electrical and Computer Engineering is 0.595, and the JCR 5-Year Impact Factor is 0.661.

Read More »


    
 

  3/2019 - 3

HPOFS: A High Performance and Secured OpenFlow Switch Architecture for FPGA

PHAM-QUOC, C. See more information about PHAM-QUOC, C. on SCOPUS See more information about PHAM-QUOC, C. on IEEExplore See more information about PHAM-QUOC, C. on Web of Science, NGO, D.-M. See more information about  NGO, D.-M. on SCOPUS See more information about  NGO, D.-M. on SCOPUS See more information about NGO, D.-M. on Web of Science, THINH, T. N. See more information about THINH, T. N. on SCOPUS See more information about THINH, T. N. on SCOPUS See more information about THINH, T. N. on Web of Science
 
Click to see author's profile in See more information about the author on SCOPUS SCOPUS, See more information about the author on IEEE Xplore IEEE Xplore, See more information about the author on Web of Science Web of Science

Download PDF pdficon (687 KB) | Citation | Downloads: 98 | Views: 122

Author keywords
field programmable gate arrays, software defined networking, computer security, high performance computing, reconfigurable architectures

References keywords
networks(12), link(12), software(10), defined(10), security(9), openflow(9), network(8), networking(7), communications(7), ddos(6)
Blue keywords are present in both the references section and the paper title.

About this article
Date of Publication: 2019-08-31
Volume 19, Issue 3, Year 2019, On page(s): 19 - 28
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2019.03003
Web of Science Accession Number: 000486574100003
SCOPUS ID: 85072163116

Abstract
Quick view
Full text preview
Although Software Defined Networking offers many advantages, it suffers from many security issues due to centralized control. In this paper, we introduce HPOFS (High-Performance and Secured OpenFlow Switching Architecture) for FPGA which is not only able to route packets from sources to destinations according to the OpenFlow protocol but also able to protect the system against different attacks efficiently. Thanks to FPGA technology, the two processes can be scheduled in parallel; thus, the switch can work at very high throughput. We implement the first prototype version on Xilinx xc5vtx240t FPGA device with three different security functions to protect the system against DDoS attack types, including Hop-count filtering, port Ingress/Egress filtering, and SYN Flood attacks defender. While the first two protection techniques are adapted from our previous work, the SYN Flood defender core is designed and implemented with a pipeline model in this work. The core is able to protect the system against SYN Flood attacks at up to 30,000,000 packets per second with only 0.248 ms overhead. The full switch can provide throughput at up to 78.96 Gbps with only 0.0012 percent drop rate.


References | Cited By  «-- Click to see who has cited this paper

[1] Opennetworking, "Software-Defined Networking (SDN) Definition," [Online] Available: Temporary on-line reference link removed - see the PDF document

[2] T. Dargahi, A. Caponi, M. Ambrosin, G. Bianchi and M. Conti, "A Survey on the Security of Stateful SDN Data Planes," IEEE Communications Surveys & Tutorials, 2017.
[CrossRef] [Web of Science Times Cited 28] [SCOPUS Times Cited 42]


[3] S. Scott-Hayward, G. O'Callaghan and S. Sezer, "Sdn Security: A Survey," in 2013 IEEE SDN for Future Networks and Services (SDN4FNS), 2013.
[CrossRef] [SCOPUS Times Cited 204]


[4] S. Scott-Hayward, S. Natarajan and S. Sezer, "A Survey of Security in Software Defined Networks," IEEE Communications Surveys Tutorials, vol. 18, pp. 623-654, 2016.
[CrossRef] [Web of Science Times Cited 113] [SCOPUS Times Cited 156]


[5] Y. Hu, W. Wang, X. Gong, X. Que and S. Cheng, "BalanceFlow: Controller load balancing for OpenFlow networks," in 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, 2012.
[CrossRef] [SCOPUS Times Cited 68]


[6] T. Koponen, M. Casado, N. Gude, J. Stribling, L. Poutievski, M. Zhu, R. Ramanathan, Y. Iwata, H. Inoue, T. Hama and others, "A distributed control platform for large-scale production networks," in Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, 2010.

[7] G. Bianchi, M. Bonola, A. Capone and C. Cascone, "OpenState: programming platform-independent stateful openflow applications inside the switch," ACM SIGCOMM Computer Communication Review, vol. 44, pp. 44-51, 2014.
[CrossRef] [SCOPUS Times Cited 165]


[8] J. Sonchack, J. M. Smith, A. J. Aviv and E. Keller, "Enabling Practical Software-defined Networking Security Applications with OFX," in NDSS, 2016.
[CrossRef]


[9] Y. Afek, A. Bremler-Barr and L. Shafir, "Network anti-spoofing with SDN data plane," in INFOCOM 2017-IEEE Conference on Computer Communications, IEEE, 2017.
[CrossRef] [SCOPUS Times Cited 9]


[10] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker and J. Turner, "OpenFlow: Enabling Innovation in Campus Networks," SIGCOMM Comput. Commun. Rev., vol. 38, pp. 69-74, 3 2008.
[CrossRef] [Web of Science Times Cited 3357]


[11] C. Pham-Quoc, B. Nguyen and T. N. Thinh, "FPGA-based Multicore Architecture for Integrating Multiple DDoS Defense Mechanisms," SIGARCH Comput. Archit. News, vol. 44, pp. 14-19, 1 2017.
[CrossRef]


[12] M. C. Herbordt, T. VanCourt, Y. Gu, B. Sukhwani, A. Conti, J. Model and D. DiSabello, "Achieving high performance with FPGA-based computing," Computer, vol. 40, 2007.
[CrossRef] [Web of Science Times Cited 60] [SCOPUS Times Cited 94]


[13] T. El-Ghazawi, E. El-Araby, M. Huang, K. Gaj, V. Kindratenko and D. Buell, "The promise of high-performance reconfigurable computing," Computer, vol. 41, 2008.
[CrossRef] [Web of Science Times Cited 63] [SCOPUS Times Cited 117]


[14] K. B. Margaret Rouse, "Distributed denial of service attack," [Online] Available: Temporary on-line reference link removed - see the PDF document

[15] J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Computer Communication Review, vol. 34, pp. 39-53, 2004.
[CrossRef] [Web of Science Times Cited 534] [SCOPUS Times Cited 890]


[16] S. T. Zargar, J. Joshi and D. Tipper, "A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks," Communications Surveys Tutorials, IEEE, vol. 15, pp. 2046-2069, 4 2013.
[CrossRef] [Web of Science Times Cited 312] [SCOPUS Times Cited 463]


[17] P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," Internet RFC2827, 5 2000.

[18] Y. Xiang and W. Zhou, "Classifying DDoS packets in high-speed networks," Computer science and network security, vol. 6, pp. 107-115, 2006.

[19] T. Katashita, Y. Yamaguchi, A. Maeda and T. O. D. A. Kenji, "FPGA-based intrusion detection system for 10 gigabit ethernet," Information and systems, vol. 90, pp. 1923-1931, 2007.
[CrossRef] [Web of Science Times Cited 13] [SCOPUS Times Cited 16]


[20] X. Wang, M. Li and M. Li, "A scheme of distributed hop-count filtering of traffic," in Wireless Mobile and Computing, 2009.
[CrossRef] [SCOPUS Times Cited 10]


[21] M. Ayman, E. Imad, K. Ayman and C. Ali, "IP Spoofing Detection Using Modified Hop Count," IEEE Advanced Information Networking and Applications, 5 2014.
[CrossRef] [Web of Science Times Cited 8] [SCOPUS Times Cited 16]


[22] R. Maheshwari, C. R. Krishna and M. S. Brahma, "Defending network system against IP spoofing based distributed DoS attacks using DPHCF-RTT packet filtering technique," in Issues and Challenges in Intelligent Computing Techniques, 2014.
[CrossRef] [SCOPUS Times Cited 10]


[23] TechTerms, "SYN Flood," [Online] Available: Temporary on-line reference link removed - see the PDF document

[24] D. J. Bernstein, "Syn cookies, 1996," [Online] Available: Temporary on-line reference link removed - see the PDF document

[25] S. Shin, P. A. Porras, V. Yegneswaran, M. W. Fong, G. Gu and M. Tyson, "FRESCO: Modular Composable Security Services for Software-Defined Networks," in NDSS, 2013.

[26] S. Hong, L. Xu, H. Wang and G. Gu, "Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures," in NDSS, 2015.
[CrossRef]


[27] P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson and G. Gu, "A security enforcement kernel for OpenFlow networks," in Proceedings of the first workshop on Hot topics in software defined networks, 2012.
[CrossRef] [SCOPUS Times Cited 302]


[28] R. Braga, E. Mota and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," in Local Computer Networks (LCN), 2010 IEEE 35th Conference on, 2010.
[CrossRef] [SCOPUS Times Cited 345]


[29] R. Mohammadi, R. Javidan and M. Conti, "SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks," IEEE Transactions on Network and Service Management, 2017.
[CrossRef] [Web of Science Times Cited 18] [SCOPUS Times Cited 33]


[30] M. Moshref, A. Bhargava, A. Gupta, M. Yu and R. Govindan, "Flow-level state transition as a new switch primitive for SDN," in Proceedings of the third workshop on Hot topics in software defined networking, 2014.
[CrossRef] [SCOPUS Times Cited 42]


[31] S. Zhu, J. Bi, C. Sun, C. Wu and H. Hu, "Sdpa: Enhancing stateful forwarding for software-defined networking," in Network Protocols (ICNP), 2015 IEEE 23rd International Conference on, 2015.
[CrossRef] [Web of Science Times Cited 12] [SCOPUS Times Cited 15]


[32] J. Naous, D. Erickson, G. A. Covington, G. Appenzeller and N. McKeown, "Implementing an OpenFlow switch on the NetFPGA platform," in Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, 2008.
[CrossRef] [SCOPUS Times Cited 149]


[33] T. Yabe, "OpenFlow implementation on NetFPGA-10G: Design Document," [Online] Available: Temporary on-line reference link removed - see the PDF document

[34] S. Shin, V. Yegneswaran, P. Porras and G. Gu, "Avant-guard: Scalable and vigilant switch flow management in software-defined networks," in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013.
[CrossRef] [SCOPUS Times Cited 306]


[35] M. Ambrosin, M. Conti, F. De Gaspari and R. Poovendran, "LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking While Effectively Tackling DoS Attacks," in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, New York, NY, USA, 2015.
[CrossRef] [SCOPUS Times Cited 34]


[36] Github, "Working with SYNPROXY," [Online] Available: Temporary on-line reference link removed - see the PDF document

[37] OpenFlow, "OpenFlow Switching Reference System," [Online] Available: Temporary on-line reference link removed - see the PDF document

[38] Github, "Ryu," [Online] Available: Temporary on-line reference link removed - see the PDF document

[39] "OpenDaylight," [Online] Available: Temporary on-line reference link removed - see the PDF document

[40] M. Rouse, "Round Robin," [Online] Available: Temporary on-line reference link removed - see the PDF document

[41] "Ethernet II - Frame Types, Packet details," [Online] Available: Temporary on-line reference link removed - see the PDF document

[42] University of Cambridge, "Open Source Network Tester," [Online] Available: Temporary on-line reference link removed - see the PDF document



References Weight

Web of Science® Citations for all references: 4,518 TCR
SCOPUS® Citations for all references: 3,486 TCR

Web of Science® Average Citations per reference: 105 ACR
SCOPUS® Average Citations per reference: 81 ACR

TCR = Total Citations for References / ACR = Average Citations per Reference

We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more

Citations for references updated on 2019-10-15 10:05 in 181 seconds.




Note1: Web of Science® is a registered trademark of Clarivate Analytics.
Note2: SCOPUS® is a registered trademark of Elsevier B.V.
Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site.

Copyright ©2001-2019
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania


All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.

Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.

Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.




Website loading speed and performance optimization powered by: