Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 56) Show all publications
Furdek, M., Natalino, C., Schiano, M. & Di Giglio, A. (2019). Experiment-based detection of service disruption attacks in optical networks using data analytics and unsupervised learning. In: Srivastava, AK Glick, M Akasaka, Y (Ed.), METRO AND DATA CENTER OPTICAL NETWORKS AND SHORT-REACH LINKS II: . Paper presented at Conference on Metro and Data Center Optical Networks and Short-Reach Links II, FEB 05-06, 2019, San Francisco, CA. SPIE-INT SOC OPTICAL ENGINEERING, Article ID 109460D.
Open this publication in new window or tab >>Experiment-based detection of service disruption attacks in optical networks using data analytics and unsupervised learning
2019 (English)In: METRO AND DATA CENTER OPTICAL NETWORKS AND SHORT-REACH LINKS II / [ed] Srivastava, AK Glick, M Akasaka, Y, SPIE-INT SOC OPTICAL ENGINEERING , 2019, article id 109460DConference paper, Published paper (Refereed)
Abstract [en]

The paper addresses the detection of malicious attacks targeting service disruption at the optical layer as a key prerequisite for fast and effective attack response and network recovery. We experimentally demonstrate the effects of signal insertion attacks with varying intensity in a real-life scenario. By applying data analytics tools, we analyze the properties of the obtained dataset to determine how the relationships among different optical performance monitoring (OPM) parameters of the signal change in the presence of an attack as opposed to the normal operating conditions. In addition, we evaluate the performance of an unsupervised learning technique, i.e., a clustering algorithm for anomaly detection, which can detect attacks as anomalies without prior knowledge of the attacks. We demonstrate the potential and the challenges of unsupervised learning for attack detection, propose guidelines for attack signature identification needed for the detection of the considered attack methods, and discuss remaining challenges related to optical network security.

Place, publisher, year, edition, pages
SPIE-INT SOC OPTICAL ENGINEERING, 2019
Series
Proceedings of SPIE, ISSN 0277-786X ; 10946
Keywords
Optical network security, dataset exploration, data analytics, unsupervised learning, anomaly detection
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-259466 (URN)10.1117/12.2509613 (DOI)000483011800010 ()2-s2.0-85068262171 (Scopus ID)978-1-5106-2535-8 (ISBN)
Conference
Conference on Metro and Data Center Optical Networks and Short-Reach Links II, FEB 05-06, 2019, San Francisco, CA
Note

QC 20190920

Available from: 2019-09-20 Created: 2019-09-20 Last updated: 2019-09-20Bibliographically approved
Natalino, C., Yayimli, A., Wosinska, L. & Furdek, M. (2019). Infrastructure upgrade framework for Content Delivery Networks robust to targeted attacks. Optical Switching and Networkning Journal, 31, 202-210
Open this publication in new window or tab >>Infrastructure upgrade framework for Content Delivery Networks robust to targeted attacks
2019 (English)In: Optical Switching and Networkning Journal, ISSN 1573-4277, E-ISSN 1872-9770, Vol. 31, p. 202-210Article in journal (Refereed) Published
Abstract [en]

Content Delivery Networks (CDNs) are crucial for enabling delivery of services that require high capacity and low latency, primarily through geographically-diverse content replication. Optical networks are the only available future-proof technology that meets the reach and capacity requirements of CDNs. However, the underlying physical network infrastructure is vulnerable to various security threats, and the increasing importance of CDNs in supporting vital services intensifies the concerns related to their robustness. Malicious attackers can target critical network elements, thus severely degrading network connectivity and causing large-scale service disruptions. One way in which network operators and cloud computing providers can increase the robustness against malicious attacks is by changing the topological properties of the network through infrastructure upgrades. This work proposes a framework for CDN infrastructure upgrade that performs sparse link and replica addition with the objective of maximizing the content accessibility under targeted link cut attacks. The framework is based on a newly defined content accessibility metric denoted as mu-ACA which allows the network operator to gauge the CDN robustness over a range of attacks with varying intensity. Two heuristics, namely Content-Accessibility Aware Link Addition Heuristic (CAA-LAH), and Content-Accessibility-Aware Replica Addition Heuristic (CAA-RAH) are developed to perform strategic link and replica placement, respectively, and hamper attackers from disconnecting users from the content even in severe attack scenarios. Extensive experiments on real-world reference network topologies show that the proposed framework effectively increases the CDN robustness by adding a few links or replicas to the network.

Place, publisher, year, edition, pages
ELSEVIER SCIENCE BV, 2019
Keywords
Content delivery networks, Content replica addition, Infrastructure upgrade, Link addition, Network robustness, Optical networks, Targeted attacks
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-241189 (URN)10.1016/j.osn.2018.10.006 (DOI)000454380100017 ()2-s2.0-85056237720 (Scopus ID)
Note

QC 20190121

Available from: 2019-01-21 Created: 2019-01-21 Last updated: 2019-01-21Bibliographically approved
Tremblay, C., Archambault, E., Bélanger, M. P., Littlewood, P., Clelland, W., Furdek, M. & Wosinska, L. (2018). Agile optical networking: Beyond filtered solutions. In: Optics InfoBase Conference Papers: . Paper presented at Optical Fiber Communication Conference, OFC 2018, 11 March 2017 through 15 March 2017. Optics Info Base, Optical Society of America
Open this publication in new window or tab >>Agile optical networking: Beyond filtered solutions
Show others...
2018 (English)In: Optics InfoBase Conference Papers, Optics Info Base, Optical Society of America, 2018Conference paper, Published paper (Refereed)
Abstract [en]

Filterless optical networks based on broadcast-and-select nodes and coherent transceivers are attractive cost-effective and flexible solutions in core networks. In this paper, we explore the suitability of filterless architectures in metropolitan core and aggregation networks.

Place, publisher, year, edition, pages
Optics Info Base, Optical Society of America, 2018
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-228661 (URN)10.1364/OFC.2018.M1A.5 (DOI)2-s2.0-85047134241 (Scopus ID)9781557528209 (ISBN)
Conference
Optical Fiber Communication Conference, OFC 2018, 11 March 2017 through 15 March 2017
Note

QC 20180529

Available from: 2018-05-29 Created: 2018-05-29 Last updated: 2019-08-07Bibliographically approved
Tremblay, C., Archambault, E., Belanger, M. P., Littlewood, P., Clelland, W., Furdek, M. & Wosinska, L. (2018). Agile Optical Networking: Beyond Filtered Solutions. In: 2018 Optical Fiber Communications Conference and Exposition, OFC 2018 - Proceedings: . Paper presented at 2018 Optical Fiber Communications Conference and Exposition, OFC 2018, San Diego, United States, 11 March 2018 through 15 March 2018. IEEE
Open this publication in new window or tab >>Agile Optical Networking: Beyond Filtered Solutions
Show others...
2018 (English)In: 2018 Optical Fiber Communications Conference and Exposition, OFC 2018 - Proceedings, IEEE , 2018Conference paper, Published paper (Refereed)
Abstract [en]

Filterless optical networks based on broadcast-and-select nodes and coherent transceivers are attractive cost-effective and flexible solutions in core networks. In this paper, we explore the suitability of filterless architectures in metropolitan core and aggregation networks.

Place, publisher, year, edition, pages
IEEE, 2018
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-232646 (URN)000437286300005 ()2-s2.0-85050022817 (Scopus ID)9781943580385 (ISBN)
Conference
2018 Optical Fiber Communications Conference and Exposition, OFC 2018, San Diego, United States, 11 March 2018 through 15 March 2018
Note

QC 20180802

Available from: 2018-08-02 Created: 2018-08-02 Last updated: 2019-08-20Bibliographically approved
Dobrijevic, O., Natalino, C., Furdek, M., Hodzic, H., Dzanko, M. & Wosinska, L. (2018). Another price to pay: An availability analysis for SDN virtualization with network hypervisors. In: Proceedings of 2018 10th International Workshop on Resilient Networks Design and Modeling, RNDM 2018: . Paper presented at 10th International Workshop on Resilient Networks Design and Modeling, RNDM 2018, 27 August 2018 through 29 August 2018. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Another price to pay: An availability analysis for SDN virtualization with network hypervisors
Show others...
2018 (English)In: Proceedings of 2018 10th International Workshop on Resilient Networks Design and Modeling, RNDM 2018, Institute of Electrical and Electronics Engineers Inc. , 2018Conference paper, Published paper (Refereed)
Abstract [en]

Communication networks are embracing the software defined networking (SDN) paradigm. Its architectural shift assumes that a remote SDN controller (SDNC) in the control plane is responsible for configuring the underlying devices of the forwarding plane. In order to support flexibility-motivated network slicing, SDN-based networks employ another entity in the control plane, a network hypervisor (NH). This paper first discusses different protection strategies for the control plane with NHs and presents the corresponding availability models, which assume possible failures of links and nodes in the forwarding plane and the control plane. An analysis of these protection alternatives is then performed so as to compare average control plane availability, average path length for the control communication that traverses NH, and infrastructure resources required to support them. Our results confirm the intuition that the NH introduction generally results in a reduction of the control plane availability, which stresses the need for appropriate protection. However, the availability achieved by each of the considered strategies is impacted differently by the node availability and the link failure probability, thus calling for a careful selection that is based on the infrastructure features.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2018
Keywords
availability analysis, network hypervisor, reliability, SDN controller, Software defined networking (SDN), Availability, Reliability analysis, Software defined networking, Software reliability, Virtualization, Availability models, Control communications, Hypervisor, Infrastructure resources, Link-failure probabilities, Sdn controllers, Controllers
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-247140 (URN)10.1109/RNDM.2018.8489784 (DOI)2-s2.0-85056653439 (Scopus ID)9781538670309 (ISBN)
Conference
10th International Workshop on Resilient Networks Design and Modeling, RNDM 2018, 27 August 2018 through 29 August 2018
Note

QC 20190403

Available from: 2019-04-03 Created: 2019-04-03 Last updated: 2019-04-03Bibliographically approved
Yaghoubi, F., Furdek, M., Rostami, A., Ohlen, P. & Wosinska, L. (2018). Consistency-Aware Weather Disruption-Tolerant Routing in SDN-Based Wireless Mesh Networks. IEEE Transactions on Network and Service Management, 15(2), 582-595
Open this publication in new window or tab >>Consistency-Aware Weather Disruption-Tolerant Routing in SDN-Based Wireless Mesh Networks
Show others...
2018 (English)In: IEEE Transactions on Network and Service Management, ISSN 1932-4537, E-ISSN 1932-4537, Vol. 15, no 2, p. 582-595Article in journal (Refereed) Published
Abstract [en]

Wireless network solutions, a dominant enabling technology for the backhaul segment, are susceptible to weather disturbances that can substantially degrade network throughput and/or delay, compromising the stringent 5G requirements. These effects can be alleviated by centralized rerouting realized by software defined networking architecture. However, careless frequent reconfigurations can lead to inconsistencies in the network states due to asynchrony between different switches, which can create congestion and limit the rerouting gain. The aim of this paper is to minimize the total data loss during rain disturbance by proposing an algorithm that decides on the timing, the sequence, and the paths for rerouting of network flows considering the imposed congestion during reconfiguration. At each time sample, the central controller decides whether to adopt the optimal routes at a switching cost, defined as the imposed congestion, or to keep using existing, sub-optimal routes at a throughput loss. To find optimal solutions with minimal data loss in a static scenario, we formulate a dynamic programming problem that utilizes perfect knowledge of rain attenuation for the whole rain period. For dynamic scenarios with unknown future rain attenuation, we propose an online consistency-aware rerouting algorithm, called consistency-aware rerouting with prediction (CARP), which uses the temporal correlation of rain fading to estimate future rain attenuation. Simulation results on synthetic and real networks validate the efficiency of our CARP algorithm, substantially reducing data loss and increasing network throughput with a fewer number of rerouting actions compared to a greedy and a regular rerouting benchmarking approaches.

Place, publisher, year, edition, pages
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2018
Keywords
5G, wireless software-defined networking, routing, rain disturbance, model predictive control
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-231716 (URN)10.1109/TNSM.2018.2795748 (DOI)000435177300007 ()2-s2.0-85040925980 (Scopus ID)
Note

QC 20180817

Available from: 2018-08-17 Created: 2018-08-17 Last updated: 2019-10-29Bibliographically approved
Zhu, J., Natalino, C., Wosinska, L., Furdek, M. & Zhu, Z. (2018). Control Plane Robustness in Software-Defined Optical Networks under Targeted Fiber Cuts. In: Ruffini, M Tzanakaki, A Casellas, R Autenrieth, A MarquezBarja, JM (Ed.), 22ND INTERNATIONAL CONFERENCE ON OPTICAL NETWORK DESIGN AND MODELING (ONDM 2018): . Paper presented at 22ND INTERNATIONAL CONFERENCE ON OPTICAL NETWORK DESIGN AND MODELING (ONDM 2018) (pp. 118-123). IEEE
Open this publication in new window or tab >>Control Plane Robustness in Software-Defined Optical Networks under Targeted Fiber Cuts
Show others...
2018 (English)In: 22ND INTERNATIONAL CONFERENCE ON OPTICAL NETWORK DESIGN AND MODELING (ONDM 2018) / [ed] Ruffini, M Tzanakaki, A Casellas, R Autenrieth, A MarquezBarja, JM, IEEE , 2018, p. 118-123Conference paper, Published paper (Refereed)
Abstract [en]

The Software-Defined Optical Networking (SDON) paradigm enables programmable, adaptive and application-aware backbone networks. However, aside from the manifold advantages, the centralized Network Control and Management in SDONs also gives rise to a number of security concerns at different network layers. As communication between the control and the data plane devices in an SDON utilizes the common optical fiber infrastructure, it can be subject to various targeted attacks aimed at disabling the underlying optical network infrastructure and disrupting the services running in the network. In this work, we focus on the threats from targeted fiber cuts to the control plane (CP) robustness in an SDON under different link cut attack scenarios with diverse damaging potential, modeled through a newly defined link criticality measure based on the routing of control paths. To quantify the robustness of a particular CP realization, we propose a metric called Average Control Plane Connectivity (ACPC) and analyze the CP robustness for a varying number of controller instances in master/slave configuration. Simulation results indicate that CP enhancements in terms of controller addition do not necessarily yield linear improvements in CP robustness but require tailored CP design strategies.

Place, publisher, year, edition, pages
IEEE, 2018
Keywords
Control plane robustness, Physical-layer security, Software-defined optical networks, Targeted fiber cuts
National Category
Physical Sciences
Identifiers
urn:nbn:se:kth:diva-252684 (URN)000465419800016 ()
Conference
22ND INTERNATIONAL CONFERENCE ON OPTICAL NETWORK DESIGN AND MODELING (ONDM 2018)
Note

QC 20190603

Available from: 2019-06-03 Created: 2019-06-03 Last updated: 2019-06-03Bibliographically approved
Dzanko, M., Mikac, B. & Furdek, M. (2018). Dedicated path protection for optical networks based on function programmable nodes. Optical Switching and Networkning Journal, 27, 79-87
Open this publication in new window or tab >>Dedicated path protection for optical networks based on function programmable nodes
2018 (English)In: Optical Switching and Networkning Journal, ISSN 1573-4277, E-ISSN 1872-9770, Vol. 27, p. 79-87Article in journal (Refereed) Published
Abstract [en]

Due to the constantly increasing volumes and tightening reliability requirements of network traffic, survivability is one of the key concerns in optical network design. Optical "white box" nodes based on the Architecture on Demand (AoD) paradigm allow for self-healing of nodal component failures due to their architectural flexibility and the ability to employ idle components for failure recovery. By incorporating node-level survivability with network-level protection from link failures, resiliency of optical networks can be significantly improved. To this end, we propose a survivable routing algorithm for AoD-based networks called Dedicated Path Protection with Enforced Fiber Switching (DPP-EFS), which combines self-healing at the node level with dedicated path protection at the network level. The algorithm aims at improving the self-healing capabilities of the nodes by increasing the percentage of fiber switching (FS). Namely, fiber-switched lightpaths require a minimal amount of processing within the node (i.e. only signal switching), while other aspects of processing (e.g. demultiplexing, bandwidth virtualization) and the related components (i.e. demultiplexers, splitters, wavelength selective switches) remain unused and may be used as redundancy. On the other hand, lightpaths that are not eligible for FS have to be re-routed to alternative, longer paths in order to allow for FS between certain ports within the node. Therefore, the proposed algorithm pursues an advantageous trade-off between the increase of the number of idle components which can be used as redundancy at the node level and the unwanted length increase of lightpaths re-routed to render components redundant. For particular cases when DPP-EFS is not able to reduce the mean down time (MDT) in the network merely by increasing the percentage of fiber switching, we propose an algorithm for Dedicated Path Protection with Fixed Shortest Path routing and added Redundancy (DPP-FSP-RED) which adds additional spare components at strategic nodes to ensure that all connections have at least one redundant node component along their path. Simulation results show a significant reduction in MDT with minimal extra capital expenses.

National Category
Fusion, Plasma and Space Physics
Identifiers
urn:nbn:se:kth:diva-218193 (URN)10.1016/j.osn.2017.09.001 (DOI)000414817000007 ()2-s2.0-85030090778 (Scopus ID)
Note

QC 20171204

Available from: 2017-12-04 Created: 2017-12-04 Last updated: 2017-12-04Bibliographically approved
Natalino, C., Schiano, M., Di Giglio, A., Wosinska, L. & Furdek, M. (2018). Field Demonstration of Machine-Learning-Aided Detection and Identification of Jamming Attacks in Optical Networks. In: European Conference on Optical Communication, ECOC: . Paper presented at 2018 European Conference on Optical Communication, ECOC 2018, 23 September 2018 through 27 September 2018. Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Field Demonstration of Machine-Learning-Aided Detection and Identification of Jamming Attacks in Optical Networks
Show others...
2018 (English)In: European Conference on Optical Communication, ECOC, Institute of Electrical and Electronics Engineers Inc. , 2018Conference paper, Published paper (Refereed)
Abstract [en]

We develop a machine-learning-aided framework for detection and identification of optical network jamming signal attacks of varying intensities. Trained with data gathered in our field-deployed experimental setup, the approach achieves 93% accuracy on average over the considered attack scenarios.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2018
Keywords
Fiber optic networks, Jamming, Machine learning, Attack scenarios, Detection and identifications, Jamming attacks, Jamming signals, Optical communication
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-252253 (URN)10.1109/ECOC.2018.8535155 (DOI)2-s2.0-85063210375 (Scopus ID)9781538648629 (ISBN)
Conference
2018 European Conference on Optical Communication, ECOC 2018, 23 September 2018 through 27 September 2018
Note

QC20190614

Available from: 2019-06-14 Created: 2019-06-14 Last updated: 2019-06-14Bibliographically approved
Goscien, R., Natalino, C., Wosinska, L. & Furdek, M. (2018). Impact of high-power jamming attacks on SDM networks. In: 22nd Conference on Optical Network Design and Modelling, ONDM 2018 - Proceedings: . Paper presented at 22nd Conference on Optical Network Design and Modelling, ONDM 2018, Dublin, Ireland, 14 May 2018 through 17 May 2018 (pp. 77-81). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Impact of high-power jamming attacks on SDM networks
2018 (English)In: 22nd Conference on Optical Network Design and Modelling, ONDM 2018 - Proceedings, Institute of Electrical and Electronics Engineers (IEEE), 2018, p. 77-81Conference paper, Published paper (Refereed)
Abstract [en]

Space Division Multiplexing (SDM) is a promising solution to provide ultra-high capacity optical network infrastructure for rapidly increasing traffic demands. Such network infrastructure can be a target of deliberate attacks that aim at disrupting a large number of vital services. This paper assesses the effects of high-power jamming attacks in SDM optical networks utilizing Multi-Core Fibers (MCFs), where the disruptive effect of the inserted jamming signals may spread among multiple cores due to increased Inter-Core CrossTalk (ICo-XT). We first assess the jamming-induced reduction of the signal reach for different bit rates and modulation formats. The obtained reach limitations are then used to derive the maximal traffic disruption at the network level. Results indicate that connections provisioned satisfying the normal operating conditions are highly vulnerable to these attacks, potentially leading to huge data losses at the network level.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2018
Keywords
High-power jamming attacks, optical network security, space division multiplexing
National Category
Communication Systems
Identifiers
urn:nbn:se:kth:diva-233690 (URN)10.23919/ONDM.2018.8396110 (DOI)000465419800009 ()2-s2.0-85050275972 (Scopus ID)9783903176072 (ISBN)
Conference
22nd Conference on Optical Network Design and Modelling, ONDM 2018, Dublin, Ireland, 14 May 2018 through 17 May 2018
Note

QC 20180830

Available from: 2018-08-30 Created: 2018-08-30 Last updated: 2019-06-03Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-5600-3700

Search in DiVA

Show all publications