49 research outputs found
Chronology of the development of Active Queue Management algorithms of RED family. Part 1: from 1993 up to 2005
This work is the first part of a large bibliographic review of active queue management algorithms of the Random Early Detection (RED) family, presented in the scientific press from 1993 to 2023. The first part will provide data on algorithms published from 1993 to 2005
CBSeq: A Channel-level Behavior Sequence For Encrypted Malware Traffic Detection
Machine learning and neural networks have become increasingly popular
solutions for encrypted malware traffic detection. They mine and learn complex
traffic patterns, enabling detection by fitting boundaries between malware
traffic and benign traffic. Compared with signature-based methods, they have
higher scalability and flexibility. However, affected by the frequent variants
and updates of malware, current methods suffer from a high false positive rate
and do not work well for unknown malware traffic detection. It remains a
critical task to achieve effective malware traffic detection. In this paper, we
introduce CBSeq to address the above problems. CBSeq is a method that
constructs a stable traffic representation, behavior sequence, to characterize
attacking intent and achieve malware traffic detection. We novelly propose the
channels with similar behavior as the detection object and extract side-channel
content to construct behavior sequence. Unlike benign activities, the behavior
sequences of malware and its variant's traffic exhibit solid internal
correlations. Moreover, we design the MSFormer, a powerful Transformer-based
multi-sequence fusion classifier. It captures the internal similarity of
behavior sequence, thereby distinguishing malware traffic from benign traffic.
Our evaluations demonstrate that CBSeq performs effectively in various known
malware traffic detection and exhibits superior performance in unknown malware
traffic detection, outperforming state-of-the-art methods.Comment: Submitted to IEEE TIF
Sharing but not Caring - Performance of TCP BBR and TCP CUBIC at the Network Bottleneck
Loss-based congestion control protocols such as TCP CUBIC can unnecessarily fill router buffers adding delays which degrade application performance. Newcomer TCP BBR uses estimates of the bottleneck bandwidth and round trip time (RTT) to try to operate at the theoretical optimum – just enough packets to fully utilize the network without excess queuing. We present detailed experimental results that show in practice, BBR can either over- or under-estimate the bottleneck bandwidth and RTT, causing high packet loss for shallow buffer routers and massive throughput variations when competing with TCP CUBIC flows. We suggest methods for improving BBR’s estimation mechanisms to provide more stability and fairness
A QoS-Based Fairness-Aware BBR Congestion Control Algorithm Using QUIC
Congestion control is a fundamental technology to balance the traffic load and the network. The Internet Engineering Task Force (IETF) Quick UDP Internet Connection (QUIC) protocol has flexible congestion control and at the same time possesses the advantages of high efficiency, low latency, and easy deployment at the application layer. Bottleneck bandwidth and round-trip propagation time (BBR) is an optional congestion control algorithm adopted by QUIC. BBR can significantly increase throughput and reduce latency, in particular over long-haul paths. However, BBR results in high packet loss in low bandwidth and low fairness in multi-stream scenarios. In this article, we propose the enhanced BBR congestion control (eBCC) algorithm, which improves the BBR algorithm in two aspects: (1) 10.87% higher throughput and 74.58% lower packet loss rate in the low-bandwidth scenario and (2) 8.39% higher fairness in the multi-stream scenario. This improvement makes eBCC very suitable for IoT communications to provide better QoS services