CBSeq: A Channel-level Behavior Sequence For Encrypted Malware Traffic Detection

Machine learning and neural networks have become increasingly popular solutions for encrypted malware traffic detection. They mine and learn complex traffic patterns, enabling detection by fitting boundaries between malware traffic and benign traffic. Compared with signature-based methods, they have higher scalability and flexibility. However, affected by the frequent variants and updates of malware, current methods suffer from a high false positive rate and do not work well for unknown malware traffic detection. It remains a critical task to achieve effective malware traffic detection. In this paper, we introduce CBSeq to address the above problems. CBSeq is a method that constructs a stable traffic representation, behavior sequence, to characterize attacking intent and achieve malware traffic detection. We novelly propose the channels with similar behavior as the detection object and extract side-channel content to construct behavior sequence. Unlike benign activities, the behavior sequences of malware and its variant's traffic exhibit solid internal correlations. Moreover, we design the MSFormer, a powerful Transformer-based multi-sequence fusion classifier. It captures the internal similarity of behavior sequence, thereby distinguishing malware traffic from benign traffic. Our evaluations demonstrate that CBSeq performs effectively in various known malware traffic detection and exhibits superior performance in unknown malware traffic detection, outperforming state-of-the-art methods.Comment: Submitted to IEEE TIF

Internet traffic prediction using recurrent neural networks

Network traffic prediction (NTP) represents an essential component in planning large-scale networks which are in general unpredictable and must adapt to unforeseen circumstances. In small to medium-size networks, the administrator can anticipate the fluctuations in traffic without the need of using forecasting tools, but in the scenario of large-scale networks where hundreds of new users can be added in a matter of weeks, more efficient forecasting tools are required to avoid congestion and over provisioning. Network and hardware resources are however limited; and hence resource allocation is critical for the NTP with scalable solutions. To this end, in this paper, we propose an efficient NTP by optimizing recurrent neural networks (RNNs) to analyse the traffic patterns that occur inside flow time series, and predict future samples based on the history of the traffic that was used for training. The predicted traffic with the proposed RNNs is compared with the real values that are stored in the database in terms of mean squared error, mean absolute error and categorical cross entropy. Furthermore, the real traffic samples for NTP training are compared with those from other techniques such as auto-regressive moving average (ARIMA) and AdaBoost regressor to validate the effectiveness of the proposed method. It is shown that the proposed RNN achieves a better performance than both the ARIMA and AdaBoost regressor when more samples are employed

Management Application Interactions in Software-Based Networks

IEEE To support the next wave of networking technologies and services, which will likely involve heterogeneous resources and requirements, rich management functionality will need to be deployed. This raises questions regarding the interoperability of such functionality in an environment where potentially interacting applications operate in parallel. Interactions can cause configuration instabilities and subsequently network performance degradation, especially in the presence of contradicting objectives. Detecting and handling these interactions is therefore essential. In this article we present an overview of the interaction management problem, a critical issue in software-based networks. We review and compare existing solutions proposed in the literature and discuss key challenges toward the development of a generic framework for the automated and real-time management of these interactions

An integrated transport solution to big data movement in high-performance networks

Extreme-scale e-Science applications in various domains such as earth science and high energy physics among multiple national institutions within the U.S. are generating colossal amounts of data, now frequently termed as “big data”. The big data must be stored, managed and moved to different geographical locations for distributed data processing and analysis. Such big data transfers require stable and high-speed network connections, which are not readily available in traditional shared IP networks such as the Internet. High-performance networking technologies and services featuring high bandwidth and advance reservation are being rapidly developed and deployed across the nation and around the globe to support such scientific applications. However, these networking technologies and services have not been fully utilized, mainly because: i) the use of these technologies and services often requires considerable domain knowledge and many application users are even not aware of their existence; and ii) the end-to-end data transfer performance largely depends on the transport protocol being used on the end hosts. The high-speed network path with reserved bandwidth in High-performance Networks has shifted the data transfer bottleneck from network segments in traditional IP networks to end hosts, which most existing transport protocols are not well suited to handle. In this dissertation, an integrated transport solution is proposed in support of data- and network-intensive applications in various science domains. This solution integrates three major components, i.e., i) transport-support workflow optimization, ii) transport profile generation, and iii) transport protocol design, into a unified framework. Firstly, a class of transport-support workflow optimization problems are formulated, where an appropriate set of resources and services are selected to compose the best transport-support workflow to meet user’s data transfer request in terms of various performance requirements. Secondly, a transport profiler named Transport Profile Generator (TPG) and its extended and accelerated version named FastProf are designed and implemented to characterize and enhance the end-to-end data transfer performance of a selected transport method over an established network path. Finally, several approaches based on rate and error threshold control are proposed to design a suite of data transfer protocols specifically tailored for big data transfer over dedicated connections. The proposed integrated transport solution is implemented and evaluated in: i) a local testbed with a single 10 Gb/s back-to-back connection and dual 10 Gb/s NIC-to-NIC connections; and ii) several wide-area networks with 10 Gb/s long-haul connections at collaborative sites including Oak Ridge National Laboratory, Argonne National Laboratory, and University of Chicago

Deployment of IoT Edge and Fog Computing Technologies to Develop Smart Building Services

Advances in embedded systems, based on System-on-a-Chip (SoC) architectures, have enabled the development of many commercial devices that are powerful enough to run operating systems and complex algorithms. These devices integrate a set of different sensors with connectivity, computing capacities and cost reduction. In this context, the Internet of Things (IoT) potential increases and introduces other development possibilities: “Things” can now increase computation near the source of the data; consequently, different IoT services can be deployed on local systems. This paradigm is known as “edge computing” and it integrates IoT technologies and cloud computing systems. Edge computing reduces the communications’ bandwidth needed between sensors and the central data centre. Management of sensors, actuators, embedded devices and other resources that may not be continuously connected to a network (such as smartphones) are required for this method. This trend is very attractive for smart building designs, where different subsystems (energy, climate control, security, comfort, user services, maintenance, and operating costs) must be integrated to develop intelligent facilities. In this work, a method to design smart services based on the edge computing paradigm is analysed and proposed. This novel approach overcomes some drawbacks of existing designs related to interoperability and scalability of services. An experimental architecture based on embedded devices is described. Energy management, security system, climate control and information services are the subsystems on which new smart facilities are implemented.This research was supported by the Industrial Computers and Computer Networks programme (I2RC) (2017/2018) funded by the University of Alicante, Wak9 Holding BV company under the eo-TICC project, the Valencian Innovation Agency under scientific innovation unit (UCIE Ars Innovatio) of the University of Alicante and by the Spanish Research Agency (AEI) and the European Regional Development Fund (ERDF) under the project CloudDriver4Industry TIN2017-89266-R

AI-Enabled Traffic Control Prioritization in Software-Defined IoT Networks for Smart Agriculture

Smart agricultural systems have received a great deal of interest in recent years because of their potential for improving the efficiency and productivity of farming practices. These systems gather and analyze environmental data such as temperature, soil moisture, humidity, etc., using sensor networks and Internet of Things (IoT) devices. This information can then be utilized to improve crop growth, identify plant illnesses, and minimize water usage. However, dealing with data complexity and dynamism can be difficult when using traditional processing methods. As a solution to this, we offer a novel framework that combines Machine Learning (ML) with a Reinforcement Learning (RL) algorithm to optimize traffic routing inside Software-Defined Networks (SDN) through traffic classifications. ML models such as Logistic Regression (LR), Random Forest (RF), k-nearest Neighbours (KNN), Support Vector Machines (SVM), Naive Bayes (NB), and Decision Trees (DT) are used to categorize data traffic into emergency, normal, and on-demand. The basic version of RL, i.e., the Q-learning (QL) algorithm, is utilized alongside the SDN paradigm to optimize routing based on traffic classes. It is worth mentioning that RF and DT outperform the other ML models in terms of accuracy. Our results illustrate the importance of the suggested technique in optimizing traffic routing in SDN environments. Integrating ML-based data classification with the QL method improves resource allocation, reduces latency, and improves the delivery of emergency traffic. The versatility of SDN facilitates the adaption of routing algorithms depending on real-time changes in network circumstances and traffic characteristics

A survey of network lifetime maximization techniques in wireless sensor networks

Emerging technologies, such as the Internet of things, smart applications, smart grids and machine-to-machine networks stimulate the deployment of autonomous, selfconfiguring, large-scale wireless sensor networks (WSNs). Efficient energy utilization is crucially important in order to maintain a fully operational network for the longest period of time possible. Therefore, network lifetime (NL) maximization techniques have attracted a lot of research attention owing to their importance in terms of extending the flawless operation of battery-constrained WSNs. In this paper, we review the recent developments in WSNs, including their applications, design constraints and lifetime estimation models. Commencing with the portrayal of rich variety definitions of NL design objective used for WSNs, the family of NL maximization techniques is introduced and some design guidelines with examples are provided to show the potential improvements of the different design criteri